External participants can now join Google Meet client-side encrypted calls
Tuesday, April 23, 2024
What’s changing
We’re enhancing the experience for client-side encrypted Google Meet calls to include support for inviting external participants, including users without a Google account. Admins will need to turn on access for external participants and determine which identity provider the guest uses to join.
Who’s impacted
Admins and end users
Why it’s important
Meet already encrypts all of your data at rest and in transit between our facilities — client-side encryption gives users direct control of their encryption keys and the identity service that they choose to authenticate for those keys. Adding support for external participants means customers can collaborate with any of their stakeholders safe in the knowledge that only the meeting participants can decrypt the call media. This feature further extends the privacy and compliance capabilities of Google Meet and is the latest security enhancement, alongside encryption for in-meeting chat messages, co-host support, and the ability to join an encrypted meeting from a mobile device. For more information about client-side encryption for Google Meet, see our original announcement.
Getting started
- Admins: Admins will need to update their IdP/KACLS configurations to open up for external participants and determine which third-party Identity Providers they can use to join a client-side encrypted meeting. Visit the Help Center for more information on providing external access to client-side encrypted content.
- End users:
- Organizing encrypted calls: To turn on client-side encryption for a meeting, go to a calendar event with Meet video conferencing, navigate to Settings (cog-wheel icon) > Security and select “Add encryption”.
- Contact your administrator to learn about your organization's policies and which external identity services and guests have been configured to allow access. Visit the Help Center to learn more about inviting participants to client-side encrypted meetings.
- Note that only directly invited participants can join client-side encrypted meetings.
- Joining encrypted calls: External users will validate their identity using a method supported by the Identity Provider. Authentication methods vary between providers. Some common options could be to log in with an account from e.g. Google or Microsoft, or by receiving an email with a one-time password. Visit the Help Center to learn more about client-side encrypted meetings.
Rollout pace
- Rapid and Scheduled Release domains: Full rollout (1-3 days for feature availability) beginning on Apr 23, 2024
Availability
Available to Google Workspace:
- Enterprise Plus
- Education Standard and Plus
Resources
Google Workspace Admin Help: Provide external access to client-side encrypted content
Google Workspace Admin Help: Connect to your identity provider for client-side encryption
Google Workspace Admin Help: Turn client-side encryption on or off
Google Meet Help: Learn about Meet Client-side Encryption (CSE)
Workspace Updates Blog: Improving data privacy with Client-side encryption for Google Meet
