This official feed from the Google Workspace team provides essential information about new features and improvements for Google Workspace customers.
rss_feed
arrow_back Back

October 9, 2020

Use new APIs to understand and audit group memberships

What’s changing 

We’re launching new APIs in beta to help better identify, audit, and understand indirect group membership (also known as ‘transitive’ or ‘nested’ group membership, see explanation below). The indirect membership visibility, membership hierarchy, and check APIs are part of the Cloud Identity Groups API and enable you to: 
These APIs are currently available as an open beta, which means you can use it without enrolling in a specific beta program. Use our API documentation to learn more. 



Who’s impacted 

Admins and developers 



Why it’s important 

These features will help provide all of the information you need to create visualization of complex group structures and hierarchies. Having this kind of membership visibility can help you make decisions about who to add to or remove from your groups. 


Customers often use groups to manage access to content and resources within their organization. Using ‘nested’ groups is common as it can decrease duplication, simplify administration, and centralize access management. 


However, nested groups can create a complex hierarchy that can make it hard to understand who ultimately has access to content or resources and why they have access. These APIs simplify finding out these answers by making it easier to identify the direct and indirect members for a group. Some use cases include: 
  • A security team can quickly identify all group memberships and associated nested memberships when a bad actor account is identified. 
  • An admin could perform a deep-dive on group structure for audit and compliance. By using the APIs to list and validate direct and indirect members for groups with many nested groups. 
  • A developer could extract group information via the API and feed it to a visualization tool that supports DOT format to make auditing and visualizing complex nested structures easier. 


Additional details 

Indirect memberships, also known as transitive memberships, come from ‘nested’ groups. Nested groups refer to situations where groups are members of other groups. As a result, users in the sub-group are members of both groups. For example, group Y is a member of group X. Users in group Y are direct members of group Y and indirect members of group X. 


Getting started 

Rollout pace 

  • This feature is available now for all users in beta. 

Availability 

  • Available to Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to Essentials, Business Starter, Business Standard, and Business Plus, as well as G Suite Basic, Business, Education, and Nonprofits customers

Resources 

Useful Links

Join the official community for Google Workspace administrators

In the Google Cloud Community, discuss the latest features with Googlers and other Google Workspace admins like you. Learn tips and tricks that will make your work and life easier. Be the first to know what's happening with Google Workspace.

Learn about more Google Workspace launches

On the “What’s new in Google Workspace?” Help Center page, learn about new products and features launching in Google Workspace, including smaller changes that haven’t been announced on the Google Workspace Updates blog.

Learn about our customers

Discover how a diverse range of organizations, from small businesses and nimble startups to globally recognized Fortune 500 corporations, leverage the collaborative power of Google Workspace. Explore examples of how teams of are streamlining workflows and driving productivity by utilizing Google-Workspace.