What’s changing
We’re adding the ability to set expirations for group memberships using the Cloud Identity Groups API. This enables admins to set an amount of time that users are members of a group. Once the specified time has passed, users will be removed from the group automatically.
Membership expiry is currently available as an open beta, which means you can use it without enrolling in a specific beta program.
Who’s impacted
Admins and developers
Why it’s important
Groups are a powerful way to manage permissions and access control in your organization.In many cases,, there’s a known amount of time that a user should be a member of a group. This can make managing membership time consuming, and increases the possibility that a user has overly-broad access.
Automatic membership expiration can help reduce the administrative overhead for managing groups, and can help ensure group membership is limited to the members that need access. This can help:
- Increase security by ensuring users do not have long lived membership in groups, and that your group memberships don’t become too expansive.
- Manage security groups by using group membership with our recent launch of security groups.
- Reduce admin time and administration costs by automating some group management tasks
Getting started
- Admins: Membership expiry is available to use for new and existing groups. Admins with permissions to modify groups memberships can set expiration. To get started, use the Cloud Identity Groups API.
- End users: Group owners and managers can set expiration. To get started, use the Cloud Identity Groups API.
Rollout pace
- This feature is available now for all users.
Availability
- Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers
- Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, G Suite Essentials, and Cloud Identity Free customers