Configure member restrictions for groups, available in open beta

What’s changing

We’re adding group level controls that will allow admins to restrict group memberships based on:

Internal or external members,

Member type (service account, user, group)

This feature is available as an open beta, which means you can use it without enrolling in a specific beta program.


Who’s impacted

Admins and end users who are group owners and managers


Why it’s important

This feature helps ensure Groups are properly configured and stay within the confines of specific restrictions. For example, if an Admin configures a group to exclude service accounts, that restriction will be preserved and enforced for all future group changes.


Once a restriction is in place, we’ll indicate whether there are violating memberships and suggested actions to resolve the discrepancy. Further, this feature will prevent any new changes from violating the current setting, ensuring the group remains secure.


Additional details

Important note: Group owners and managers cannot remove restrictions once they’re applied, but may be able to add additional restrictions. For example, If a group is configured to contain individual users and groups, the group owner could further restrict it to only users. However, the group owner could not change a group which is set up to only contain individuals to allow both individuals and groups.


Getting started

Rollout pace

Availability

  • Available to Google Workspace Enterprise Plus, Enterprise Standard, Education Plus, and Cloud Identity Premium customers

  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers

Resources