Tag Archives: identity

Managed Android devices must upgrade to Android Device Policy during March 2023

What’s changing 

In 2019, we announced that a new Android management client, Android Device Policy, would replace the legacy Google Apps Device Policy client. We’re now in the final stages of this upgrade. 


All devices with the Google Apps Device Policy will lose access during March 2023 if they have not already upgraded. Existing Google Apps Device Policy app users must switch to Android Device Policy before then to continue syncing work data. Note that, per our last update, the new user registration flow on the legacy Google Apps Device Policy will be blocked and users may see errors during the registration process as of January 2022. Admins can act directly from the alert in the Admin console to identify users who need to upgrade.




Visit the Help Center to learn more about migrating to Android Device Policy and our previous announcement for more information.


Getting started 


Rollout pace

  • Devices on the old agent will lose access during March 2023. 
  • Android Device Policy is available now and all users should upgrade to avoid disruption.  


Availability

  • This change impacts Google Workspace customers who use basic and advanced mobile management.


Resources


Google Workspace Updates Weekly Recap – August 12, 2022

New updates

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all Google Workspace and G Suite customers. 


Delegate access to a shared inbox using a group address 
You can now give an entire Google Group access to your Gmail account through mail delegation. With this feature, delegated users can read, send, and delete messages on the account owner's behalf. We hope this will enable teams to more effectively process incoming requests and tasks via a single shared email address. | Available to Business Starter, Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, Nonprofits, and legacy G Suite Basic and Business customers only. | Learn more


Granular controls for app allowlisting in the Google Workspace Marketplace 
Admins can now choose which Google Workspace Marketplace apps are available to be installed by users in a particular department (OU) or group by managing Marketplace apps on their allowlist. Previously, admins could only manage the allowlist for an entire domain. Additionally, the Marketplace apps access settings, Allow all apps, Allow selected apps, and Block all apps, can now be set for your entire organization or for an OU or group. This new functionality provides a solution when only a subset of domain users need permissions to install certain Marketplace apps. Examples include Chat apps required for your Engineering organization and IT security group or Classroom add-ons required for high-school teachers. | Available to Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, Nonprofits, and legacy G Suite Basic and Business customers only. | Learn more


Seamlessly delete subsets of Sites 
Site editors can now delete a page with subpages and delete pages that were copied into another site during a partial site copy. | Roll out to Rapid Release began August 8, 2022; launch to Scheduled Release planned for August 29, 2022. | Learn more



Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Office Building support for Working Locations 
We’ve added the ability to select a specific office building as your working location. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Nonprofits, and legacy G Suite Business customers only. | Learn more


Improving data privacy with Client-side encryption for Google Meet 
We’ve added Workspace Client-side encryption to Google Meet, giving customers increased control over their data. | Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers hosting client-side encrypted calls only. | Learn more


Stronger protection for sensitive Google Workspace account actions 
There are now stronger safeguards for sensitive actions taken in your Google Workspace account. These apply to actions that, when done by hijackers, can have far reaching consequences for the account owner or the organization it belongs to. | Learn more


The Google Meet and Google Duo app icons are changing, additional information for Google Workspace users 
As part of the announcement that we are upgrading the Duo experience to include all Google Meet features, users will now begin to see their app name and icon update to Google Meet. | Learn more


Better location context for events and RSVPs in Calendar 
We’ve made it even easier to use RSVPs in Google Calendar and let others know how you’re planning to join a meeting. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Education Standard, Teaching & Learning Upgrade, Nonprofits, and legacy G Suite Business customers only. | Learn more


Improved notifications when editing Microsoft Office files in Docs, Sheets, and Slides 
We’ve rolled out a series of improvements to the notifications you see when editing a Microsoft Office-formatted file with Office editing mode. | Learn more


Unified experience for Gmail logs in BigQuery, configure your existing Gmail logs to route to Workspace logs 
In the coming months, we will move the location of the existing Gmail logs in BigQuery to Google Workspace logs and reports in BigQuery. | Available to Google Workspace Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Plus, Education Standard customers only. | Learn more


Google Meet call control for USB peripheral devices
We've introduced additional call control for Google Meet which will allow you to toggle between mute and unmute using headsets, speaker microphones, and other USB peripheral devices. | Learn more


Control visibility of admin alerts with admin role privileges
There is a new control that allows super admins to create a custom rule which ensures only admins with the DLP privilege can see DLP alerts. | Learn more.


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Google Workspace Updates Weekly Recap – August 12, 2022

New updates

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all Google Workspace and G Suite customers. 


Delegate access to a shared inbox using a group address 
You can now give an entire Google Group access to your Gmail account through mail delegation. With this feature, delegated users can read, send, and delete messages on the account owner's behalf. We hope this will enable teams to more effectively process incoming requests and tasks via a single shared email address. | Available to Business Starter, Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, Nonprofits, and legacy G Suite Basic and Business customers only. | Learn more


Granular controls for app allowlisting in the Google Workspace Marketplace 
Admins can now choose which Google Workspace Marketplace apps are available to be installed by users in a particular department (OU) or group by managing Marketplace apps on their allowlist. Previously, admins could only manage the allowlist for an entire domain. Additionally, the Marketplace apps access settings, Allow all apps, Allow selected apps, and Block all apps, can now be set for your entire organization or for an OU or group. This new functionality provides a solution when only a subset of domain users need permissions to install certain Marketplace apps. Examples include Chat apps required for your Engineering organization and IT security group or Classroom add-ons required for high-school teachers. | Available to Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, Nonprofits, and legacy G Suite Basic and Business customers only. | Learn more


Seamlessly delete subsets of Sites 
Site editors can now delete a page with subpages and delete pages that were copied into another site during a partial site copy. | Roll out to Rapid Release began August 8, 2022; launch to Scheduled Release planned for August 29, 2022. | Learn more



Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Office Building support for Working Locations 
We’ve added the ability to select a specific office building as your working location. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Nonprofits, and legacy G Suite Business customers only. | Learn more


Improving data privacy with Client-side encryption for Google Meet 
We’ve added Workspace Client-side encryption to Google Meet, giving customers increased control over their data. | Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers hosting client-side encrypted calls only. | Learn more


Stronger protection for sensitive Google Workspace account actions 
There are now stronger safeguards for sensitive actions taken in your Google Workspace account. These apply to actions that, when done by hijackers, can have far reaching consequences for the account owner or the organization it belongs to. | Learn more


The Google Meet and Google Duo app icons are changing, additional information for Google Workspace users 
As part of the announcement that we are upgrading the Duo experience to include all Google Meet features, users will now begin to see their app name and icon update to Google Meet. | Learn more


Better location context for events and RSVPs in Calendar 
We’ve made it even easier to use RSVPs in Google Calendar and let others know how you’re planning to join a meeting. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Education Standard, Teaching & Learning Upgrade, Nonprofits, and legacy G Suite Business customers only. | Learn more


Improved notifications when editing Microsoft Office files in Docs, Sheets, and Slides 
We’ve rolled out a series of improvements to the notifications you see when editing a Microsoft Office-formatted file with Office editing mode. | Learn more


Unified experience for Gmail logs in BigQuery, configure your existing Gmail logs to route to Workspace logs 
In the coming months, we will move the location of the existing Gmail logs in BigQuery to Google Workspace logs and reports in BigQuery. | Available to Google Workspace Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Plus, Education Standard customers only. | Learn more


Google Meet call control for USB peripheral devices
We've introduced additional call control for Google Meet which will allow you to toggle between mute and unmute using headsets, speaker microphones, and other USB peripheral devices. | Learn more


Control visibility of admin alerts with admin role privileges
There is a new control that allows super admins to create a custom rule which ensures only admins with the DLP privilege can see DLP alerts. | Learn more.


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Stronger protection for sensitive Google Workspace account actions

What’s changing 

We’re introducing stronger safeguards for sensitive actions taken in your Google Workspace account. These apply to actions that, when done by hijackers, can have far reaching consequences for the account owner or the organization it belongs to. 


Google will evaluate the session attempting the action, and if it’s deemed risky, it will be challenged with a “Verify it’s You” prompt. Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action. For example, if a malicious actor gains access to your account and attempts to change the name on your account, the action will be blocked until the true account owner can verify that this was intentional. 


Note that this feature only supports users that use Google as their identity provider and actions taken within Google products. SAML users are not supported at this time. See below for more information. 



Who’s impacted 

Admins and end users 


Why it matters 

This added layer of security helps to intercept bad actors who have gained access to a user's account, further protecting their data and your organization's sensitive information. Additionally, these challenge attempts will be logged as an audit event allowing for further admin investigation. 

Additional details 

In the Admin console under Users > “UserName” > Security, admins can toggle login challenges OFF for ten minutes if a user gets stuck behind a "verify it's you prompt". We strongly recommend only using this option if contact with the user is credibly established, such as via a video call. 

Getting started 


Rollout pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 

Resources 

Migrate unmanaged accounts to your domain using new “UserInvitation” API functionality

What’s changing 

We’re introducing new API functionality which allows you to automate the process of finding conflicting accounts and inviting them to join your organization. 


Who’s impacted 

Admins, end users, and developers 


Why you’d use it 

When employees create a Google account using one of your organization’s domains to access Google services, this is known as an unmanaged account. Unmanaged accounts are not ideal for managing users and keeping their work data secure. 


Additionally, should an admin try to create a managed account with the same name, this conflict will prevent a managed account from being created. Using the UserInvitation API functionality, you can send a request to convert their personal account to a Google Workspace account. 


While the same action can be manually performed with the Transfer Tool, the API allows conflicting accounts to be identified and remediated programmatically, using logic that best suits your needs.


Getting started 

  • Admins and Developers: 
  • End users: 
    • If you accept the request from your admin to transfer their account, your admin will be granted access to their data and the ability to manage your account. 
    • If you don’t accept the invitation, you will have to rename your account. Your administrator can create a new, managed account for you. 

Rollout pace 


Availability 

  • Available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Standard, Enterprise, Cloud Identity Premium and Cloud Identity Free customers 
  • Not available to Google Workspace Essentials,, Enterprise Essentials, Education Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 

Resources 

Google Workspace Updates Weekly Recap – June 10, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all legacy Google Workspace and G Suite customers. 

Find and insert GIFs faster on Google Chat on iOS Devices 
You can now easily browse, select and insert GIFs while using the Chat iOS mobile app. When enabled by your admin, select the “GIF” icon in the Google Chat compose bar. We hope this makes it easier for you to express yourself when interacting with your colleagues. | Learn more


Set a custom duration for "Do Not Disturb" in Google Chat on web and iOS devices 
You can now set the duration of your "Do Not Disturb" status to a specific date and time. We hope this feature gives you the flexibility to mute notifications the way it best suits you. This feature is now available on web, Android and iOS devices. | Learn more


Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


New admin controls for access to discoverable spaces in Google Chat 
We’ve added the ability for Admins to set the default for newly created spaces and enable sharing scoped to specific audiences. | Learn more

Available to Google Workspace Business Plus, Enterprise Standard, Enterprise Plus, Education Plus, and Education Standard customers. 


Context-Aware Access remediator provides more context for access denials 
Admins using Context-Aware Access can now provide more information to end users when their access is blocked using the user remediation feature. | Learn more.

Available to Google Workspace Enterprise Plus, Education Plus, and Cloud Identity Premium customers. 


Mark your important tasks with a star in Google Tasks 
You can now mark important tasks with a star in Google Tasks. Additionally, you’ll be able to view or sort your starred items across various tasks lists in the new starred view. | Learn more
 
For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Context-Aware Access remediator provides more context for access denials

What’s changing 

Admins using Context-Aware Access can now provide more information to end users when their access is blocked using the user remediation feature. This feature will help end users quickly understand what steps they need to take to re-access Google Workspace. 


Who’s impacted 

Admins and end users 


Why it’s important 

Context-Aware Access allows admins to assign granular access control policies to apps based on attributes such as user identity, location, device security status, IP address, etc. When a user or device does not meet the requirements, they will be unable to access the respective apps. 


Currently, the only course of action for end users is to contact their admin for further support, which causes unnecessary delay, churn, and support calls. End user remediation will enable admins to provide their users with details about why their access has been denied and what steps need to be taken to restore access. 


Further, once an admin enables remediation, they’ll see a message in the Admin console noting whether remediation is enabled. Each remediation action corresponds to an attribute which is causing access to be denied. Visit the Help Center for a list of the possible remediation actions that may be shown to end users. 


Getting Started 

  • Admins: Admins can apply the new remediation messaging within the Context-aware Access section of the admin UI by navigating to Security > Context-Aware Access > User Message. Visit the Help Center to learn more about allowing users to unblock apps with remediation messages in Context Aware Access. 



  • End Users: End users will see the following message if they try to access a Google Workspace app when access is not allowed. 




Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Plus, Education Plus, and Cloud Identity Premium customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 

Resources 

Send group membership information in outbound SAML responses

Quick launch summary 

We’re adding the ability for admins to configure and send group membership information as part of SAML responses. 


Currently, you are able to configure SSO to send user attributes in the SAML response when a user logs in to an app using SAML SSO. With this launch, admins can configure SSO to send group membership information to the application. Apps can then use these attributes to assess user authorization and to implement other business logic. 

Getting started 






Rollout pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers and Cloud Identity customers 

Resources 

Google Workspace Updates Weekly Recap – May 13, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all legacy Google Workspace and G Suite customers. 


New idle status in Google Chat 
In Google Chat on web and Chat in Gmail, you'll see an orange clock badge for users that were recently active in Chat, but aren't currently active. We hope this makes it easier to determine the best time to connect with your colleagues. Visit the Help Center to learn more about availability statuses in Google Chat





Changes to the default Host Management controls in Google Meet for users with personal accounts 
The default setting for Host Management controls is changing for users with personal Google accounts. Previously, Host Management controls were ON by default — going forward, this setting will be OFF by default for new meetings. There are no changes to the behavior for Google Workspace customers or Google Workspace Individual users.



Previous announcements


The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Improved user interface for sharing your working location in Google Calendar
This update improves the working location feature by offering the same functionality for easily entering and updating location information in a more compact format that uses screen space more efficiently. | Learn more here and here

Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Plus, and Nonprofits, as well as G Suite Business customers. 


Easily search for Google Meet content in Google Drive
In Google Drive, you can now use app:”Google Meet” to easily find and organize Meet content such as Meet recordings, meeting transcripts, and more. | Learn more.


Import existing custom themes to new Google Sites
You can now import a custom theme from one new Google Site to another. | Learn more.


Create Spaces and Add Members with the Google Chat API, available in Developer Preview
Using the Google Chat API, you can now programmatically create new Spaces and add members to those Spaces. This functionality is available in preview – developers can apply for access through our Google Workspace Developer Preview Program. | Learn more.


Require email verification to book appointments in Google Calendar
When using appointment scheduling in Google Calendar, you can now opt to have users verify their email before booking an appointment. When enabled, the user must be signed into a Google account or validate their email address using a PIN code to complete the booking. | Learn more.

Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, the Teaching and Learning Upgrade, and Nonprofits customers.


New delegated VirusTotal privilege in the Alert Center
In 2021, we announced an integration between the Alert Center and VirusTotal. At that time, any admin who had the Alert Center privilege could access all VirusTotal reports. Now, we’ve added the ability for admins to control who can view VirusTotal reports. | Learn more.

Available for Google Workspace Business Plus, Enterprise Standard, Enterprise Plus, Education Standard and Education Plus.


Set up SSO profiles for multiple third-party identity providers with the Multi-IdP SSO beta launch
You can further customize authentication by setting up single sign-on (SSO) profiles for multiple identity providers and then configuring authentication for each group or OU. This feature is available beginning today as an open beta, which means you can use it without enrolling in a specific beta program. | Learn more.


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Set up SSO profiles for multiple third-party identity providers with the Multi-IdP SSO beta launch

What’s changing 

For over a decade, we have given admins the ability to configure authentication through a third-party identity provider . In 2021, we expanded this capability by making it possible to choose between third-party identity provider or Google authentication for specific groups or organizational units (OUs). 


Now, you can further customize authentication by setting up single sign-on (SSO) profiles for multiple identity providers and then configuring authentication for each group or OU. This feature is available beginning today as an open beta, which means you can use it without enrolling in a specific beta program.


You can now set up SSO profiles for multiple third-party identity providers




Who’s impacted


Admins

Why you’d use it

Currently, you can configure SSO with a third-party identity provider to apply to your entire domain and then require a subset of your users, such as vendors or contractors, to authenticate with Google instead. However, if you have more than one identity provider, you might require greater customization of authentication options. For example, your company might be migrating from one provider to another, or it might have acquired another company that uses a different provider.


The Multi-IdP SSO beta lets you set up SSO profiles for each of your third-party identity providers, giving you the flexibility to specify the authentication method for various users in your organization as needed.

Getting started

  • Admins: In the Admin console, navigate to Security > Settings > Set up single sign-on (SSO) with a third party IdP > Manage SSO Profile assignments. Visit the Help Center to learn more about setting up SSO for your organization.


Go to the Security settings to set up SSO profiles for third-party identity providers

  • End users: There is no end user setting for this feature.

Rollout pace

  • This feature is available now for all users.


Availability

  • Available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers
  • Available to all Cloud Identity customers
  • ​​Not available to Google Workspace Essentials customers
  • Not available to users with personal Google Accounts

Resources