External participants can now join Google Meet client-side encrypted calls

What’s changing 

We’re enhancing the experience for client-side encrypted Google Meet calls to include support for inviting external participants, including users without a Google account. Admins will need to turn on access for external participants and determine which identity provider the guest uses to join.

Who’s impacted

Admins and end users

Why it’s important

Meet already encrypts all of your data at rest and in transit between our facilities — client-side encryption gives users direct control of their encryption keys and the identity service that they choose to authenticate for those keys. Adding support for external participants means customers can collaborate with any of their stakeholders safe in the knowledge that only the meeting participants can decrypt the call media. This feature further extends the privacy and compliance capabilities of Google Meet and is the latest security enhancement, alongside encryption for in-meeting chat messages, co-host support, and the ability to join an encrypted meeting from a mobile device. For more information about client-side encryption for Google Meet, see our original announcement.

Getting started

• Admins: Admins will need to update their IdP/KACLS configurations to open up for external participants and determine which third-party Identity Providers they can use to join a client-side encrypted meeting. Visit the Help Center for more information on providing external access to client-side encrypted content.
  
  
• End users: 
• Organizing encrypted calls: To turn on client-side encryption for a meeting, go to a calendar event with Meet video conferencing, navigate to Settings (cog-wheel  icon) > Security and select “Add encryption”. 
• Contact your administrator to learn about your organization's policies and which external identity services and guests have been configured to allow access. Visit the Help Center to learn more about inviting participants to client-side encrypted meetings.
• Note that only directly invited participants can join client-side encrypted meetings.
  
  
• Joining encrypted calls: External users will validate their identity using a method supported by the Identity Provider. Authentication methods vary between providers. Some common options could be to log in with an account from e.g. Google or Microsoft, or by receiving an email with a one-time password. Visit the Help Center to learn more about client-side encrypted meetings.

Rollout pace

• Rapid and Scheduled Release domains: Full rollout (1-3 days for feature availability) beginning on Apr 23, 2024

Availability

Available to Google Workspace:

• Enterprise Plus
• Education Standard and Plus

Resources

• Google Workspace Admin Help: Provide external access to client-side encrypted content 

• Google Workspace Admin Help: Connect to your identity provider for client-side encryption

• Google Workspace Admin Help: Turn client-side encryption on or off

• Google Workspace Admin Help: About Client-side encryption

• Google Meet Help: Learn about Meet Client-side Encryption (CSE) 

• Workspace Updates Blog: Improving data privacy with Client-side encryption for Google Meet

• Workspace Updates Blog: Stronger data security and privacy with Google Workspace Client-side encryption