Quick launch summary
The Cloud Identity Groups API feature that enables you to set expirations for group memberships is now generally available. It was previously available in beta.
This enables admins to set an amount of time that users and service accounts are members of a group. Once the specified time has passed, users will be removed from the group automatically. Automatic membership expiration can help reduce the administrative overhead for managing groups, and can help ensure group membership is limited to the members that need access.
See our beta announcement for more information and use cases for membership expiry.
This launch is another enhancement to the Cloud Identity Groups API. We recently also made the indirect membership visibility and membership hierarchy APIs generally available. Together, these make it easier to manage permissions and access control in your organization.
Getting started
- Admins and developers: Membership expiry is available to use for new and existing groups. Admins with permissions to modify groups memberships can set expiration. To get started, use the Cloud Identity Groups API.
- End users: Group owners and managers can set expiration. To get started, use the Cloud Identity Groups API.
Rollout pace
- Rapid Release and Scheduled Release domains: Full rollout (1–3 days for feature visibility) starting on February 8, 2021.
Availability
- Available to Google Workspace Enterprise Standard and Enterprise Plus, as well as G Suite Enterprise for Education and Cloud Identity Premium customers
- Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, and Enterprise Essentials, as well as G Suite Basic, Business, Education, and Nonprofits customers