Tag Archives: identity

Dynamic groups beta enables automatic group membership management

What’s changing 

Dynamic groups let you create a group with membership that is automatically kept up to date with a membership query. Dynamic groups can be based on one or many user attributes, including addresses, locations, organizations, and relations. You can manage dynamic groups in the Cloud Identity Groups API and the Admin console. 

Dynamic groups is currently available as an open beta, which means you can use it without enrolling in a specific beta program. 


Who’s impacted 

Admins and developers with group create and user read privileges


Why you’d use it 

Dynamic groups work the same as other Google Groups with the added benefit that their memberships are automatically kept up-to-date. This means you can use them for the same functions, including for distribution lists, access-control list (ACL) management, and more. By automating membership management you can increase security, reduce errors, and alleviate user frustration while minimizing the burden on admins. 

Here are some examples of how you can use dynamic groups. You can create groups of: 
  • All users based in your New York office, which you can then use for email communications related to that office location. 
  • All engineers, which you can then use to provide access to specific tools. 


Additional details 

At launch, you won’t be able to manage policies such as context-aware access policies using dynamic groups. Once available, you will be able to create a dynamic group which you could then use to manage specific context-aware access policies. We are working on adding this functionality in the future, and will announce it on the G Suite Updates blog when it’s available. 


Getting started 



Rollout pace 

  • This feature is available now for all eligible users. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Essentials, G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, and Cloud Identity Free customers 

Resources 

Dynamic groups beta enables automatic group membership management

What’s changing 

Dynamic groups let you create a group with membership that is automatically kept up to date with a membership query. Dynamic groups can be based on one or many user attributes, including addresses, locations, organizations, and relations. You can manage dynamic groups in the Cloud Identity Groups API and the Admin console. 

Dynamic groups is currently available as an open beta, which means you can use it without enrolling in a specific beta program. 


Who’s impacted 

Admins and developers with group create and user read privileges


Why you’d use it 

Dynamic groups work the same as other Google Groups with the added benefit that their memberships are automatically kept up-to-date. This means you can use them for the same functions, including for distribution lists, access-control list (ACL) management, and more. By automating membership management you can increase security, reduce errors, and alleviate user frustration while minimizing the burden on admins. 

Here are some examples of how you can use dynamic groups. You can create groups of: 
  • All users based in your New York office, which you can then use for email communications related to that office location. 
  • All engineers, which you can then use to provide access to specific tools. 


Additional details 

At launch, you won’t be able to manage policies such as context-aware access policies using dynamic groups. Once available, you will be able to create a dynamic group which you could then use to manage specific context-aware access policies. We are working on adding this functionality in the future, and will announce it on the G Suite Updates blog when it’s available. 


Getting started 



Rollout pace 

  • This feature is available now for all eligible users. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Essentials, G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, and Cloud Identity Free customers 

Resources 

Group membership expiration available in beta

What’s changing 

We’re adding the ability to set expirations for group memberships using the Cloud Identity Groups API. This enables admins to set an amount of time that users are members of a group. Once the specified time has passed, users will be removed from the group automatically. 

Membership expiry is currently available as an open beta, which means you can use it without enrolling in a specific beta program. 


Who’s impacted 

Admins and developers 


Why it’s important 

Groups are a powerful way to manage permissions and access control in your organization.In many cases,, there’s a known amount of time that a user should be a member of a group. This can make managing membership time consuming, and increases the possibility that a user has overly-broad access. 

Automatic membership expiration can help reduce the administrative overhead for managing groups, and can help ensure group membership is limited to the members that need access. This can help: 
  • Increase security by ensuring users do not have long lived membership in groups, and that your group memberships don’t become too expansive. 
  • Manage security groups by using group membership with our recent launch of security groups
  • Reduce admin time and administration costs by automating some group management tasks 

Getting started 

Rollout pace 

  • This feature is available now for all users. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, G Suite Essentials, and Cloud Identity Free customers 

Resources 

Group membership expiration available in beta

What’s changing 

We’re adding the ability to set expirations for group memberships using the Cloud Identity Groups API. This enables admins to set an amount of time that users are members of a group. Once the specified time has passed, users will be removed from the group automatically. 

Membership expiry is currently available as an open beta, which means you can use it without enrolling in a specific beta program. 


Who’s impacted 

Admins and developers 


Why it’s important 

Groups are a powerful way to manage permissions and access control in your organization.In many cases,, there’s a known amount of time that a user should be a member of a group. This can make managing membership time consuming, and increases the possibility that a user has overly-broad access. 

Automatic membership expiration can help reduce the administrative overhead for managing groups, and can help ensure group membership is limited to the members that need access. This can help: 
  • Increase security by ensuring users do not have long lived membership in groups, and that your group memberships don’t become too expansive. 
  • Manage security groups by using group membership with our recent launch of security groups
  • Reduce admin time and administration costs by automating some group management tasks 

Getting started 

Rollout pace 

  • This feature is available now for all users. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, G Suite Essentials, and Cloud Identity Free customers 

Resources 

Service accounts in Google Groups and with Groups API now generally available

Quick launch summary 

We recently announced betas for two new features related to service accounts. Now, these features are generally available: 
  • Support for service accounts in Google Groups, which makes it easier to use service accounts with groups while increasing security and transparency. Learn more
  • Use service accounts with Google Groups APIs without domain-wide delegation, which enables service accounts to perform critical business processes without compromising your strong security and compliance posture. Learn more

Groups are a critical tool for customers to manage their G Suite deployment. Many customers use service accounts with Groups to automate user management, manage migrations, and integrate G Suite with other apps, tools, and services. Use the announcements linked above to learn more about the features and how you can use them. 

Learn more about these and other launches in our Security Blog post highlighting 10 new security and management controls for security at scale

Service accounts in Google Groups 

Getting started 

Rollout pace 

Availability 

  • Available to all G Suite customers 

Resources 

Service accounts in Google Groups and with Groups API now generally available

Quick launch summary 

We recently announced betas for two new features related to service accounts. Now, these features are generally available: 
  • Support for service accounts in Google Groups, which makes it easier to use service accounts with groups while increasing security and transparency. Learn more
  • Use service accounts with Google Groups APIs without domain-wide delegation, which enables service accounts to perform critical business processes without compromising your strong security and compliance posture. Learn more

Groups are a critical tool for customers to manage their G Suite deployment. Many customers use service accounts with Groups to automate user management, manage migrations, and integrate G Suite with other apps, tools, and services. Use the announcements linked above to learn more about the features and how you can use them. 

Learn more about these and other launches in our Security Blog post highlighting 10 new security and management controls for security at scale

Service accounts in Google Groups 

Getting started 

Rollout pace 

Availability 

  • Available to all G Suite customers 

Resources 

See which apps are Google verified in the Admin console

Quick launch summary 

With this launch, we’ll show whether apps are Google verified in the Admin console on the app details page and the App Access Control summary page. We hope this visibility will make it easier to make informed decisions about access to G Suite data within your organization. 

Apps often require access to G Suite data to help your users get work done. Google works with app developers to make sure that third-party apps comply with Google privacy and security requirements. 

If apps meet certain verification requirements, they are considered “Google verified”. If they don’t complete the verification process, they are considered “unverified” and might be subject to restrictions. You can control which apps can access sensitive G Suite data via App access control, and choose to authorize unverified apps if you want. 


Getting started 


Rollout pace 

Availability 

  • Available to all G Suite and Cloud Identity customers 

Resources 

See which apps are Google verified in the Admin console

Quick launch summary 

With this launch, we’ll show whether apps are Google verified in the Admin console on the app details page and the App Access Control summary page. We hope this visibility will make it easier to make informed decisions about access to G Suite data within your organization. 

Apps often require access to G Suite data to help your users get work done. Google works with app developers to make sure that third-party apps comply with Google privacy and security requirements. 

If apps meet certain verification requirements, they are considered “Google verified”. If they don’t complete the verification process, they are considered “unverified” and might be subject to restrictions. You can control which apps can access sensitive G Suite data via App access control, and choose to authorize unverified apps if you want. 


Getting started 


Rollout pace 

Availability 

  • Available to all G Suite and Cloud Identity customers 

Resources 

See apps installed on managed Windows 10 devices

Quick launch summary 

You can now view a list of all apps installed on Windows 10 devices that you manage with Windows device management. The list includes when the app was first installed, the current version, and the publisher. You can use this information to identify devices that have malicious or untrusted apps on them. 

Note that this feature requires the device to be enrolled in Windows device management. Learn more about our enhanced security for Windows or how to view Windows device details in the Admin console

See apps installed on managed Windows 10 devices 


Getting started 

Rollout pace 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, G Suite Essentials, and Cloud Identity Free customers 

Resources 

See apps installed on managed Windows 10 devices

Quick launch summary 

You can now view a list of all apps installed on Windows 10 devices that you manage with Windows device management. The list includes when the app was first installed, the current version, and the publisher. You can use this information to identify devices that have malicious or untrusted apps on them. 

Note that this feature requires the device to be enrolled in Windows device management. Learn more about our enhanced security for Windows or how to view Windows device details in the Admin console

See apps installed on managed Windows 10 devices 


Getting started 

Rollout pace 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, G Suite Essentials, and Cloud Identity Free customers 

Resources