What’s changing
We’re making security groups available in beta. Security groups help you easily regulate, audit, and monitor groups used for permission and access control purposes. They enable admins to:
- Apply a label to any existing Google Group to distinguish it from email-list groups.
- Provide strong guarantees that:
- External groups (owned outside your organization) and non-security groups cannot be added as a member of a security group.
- Security labels, once assigned to a group, cannot be removed.
Soon, you’ll be able to use more granular admin roles to separate administration of security and non-security groups. Keep an eye on the G Suite Updates blog for an announcement when that rolls out.
Who’s impacted
Admins and developers
Why you’d use it
Groups are used in a variety of ways. This can include groups that help teams communicate and collaborate, as well as groups that control access to important apps and resources. Security groups can help customers manage these categories of groups differently to increase their overall security posture.
For example, if you have compliance or regulatory requirements for managing access control, you may have set up naming conventions to keep track of which groups were used for this purpose. With security groups, you can now assign a security label to these groups and more easily manage them without having to use workarounds like naming conventions.
Getting started
- Admins: You can assign a group as a security group through the Cloud Identity Groups API, and then manage these groups through the Admin SDK Groups API, the Admin console, or the Cloud Identity Groups API. See our API documentation to learn how to update a Google Group to a security group.
- End users: There is no end user setting for this feature.
Rollout pace
- This feature is available now for all users in beta.
Availability
- Available to all G Suite customers