What’s changing
We’re adding full support for service accounts in Groups in beta. This builds on our recent announcements of a new Cloud Identity Groups API beta and the ability to use service accounts with Groups APIs without domain-wide delegation. With this launch, you can now:
- Add service accounts from primary and secondary domains without turning the “Allow external members in the group” setting on.
- See the service account member type on the Groups page and audit logs in the Admin console.
- Add, remove, and manage service account membership via the Admin console and Cloud Identity Groups API.
Who’s impacted
Admins and developers
Why it’s important
Groups are a critical tool for customers to manage their G Suite deployment. Many customers use service accounts with Groups to automate user management, manage migrations, and integrate G Suite with other apps, tools, and services.
Until now, it was difficult to use service accounts in groups due to limitations in the functionality. This launch fixes many challenges and makes it easier to use service accounts with groups while increasing security and transparency.
Additional details
The feature does not affect Admin SDK Group APIs.
Getting started
- Admins: This feature will be available by default. You can use new or existing service accounts. Visit our Help Center to learn more about managing Groups for your organization, creating service accounts, using the Cloud Identity Groups API, or viewing the Groups audit log.
- End users: No impact to end users.
Rollout pace
- This feature is available now for all users.
Availability
- Available to all G Suite customers
Resources
- G Suite Admin Help: About Google Groups
- G Suite Admin Help: Groups audit log
- API documentation: Creating and managing service accounts
- G Suite Blog: Manage Groups programmatically with the Cloud Identity API beta
- G Suite Blog: Use service accounts with Google Groups APIs without domain-wide delegation