As an admin, you’re often getting requests to provide various types of permissions/access to a small set of users in an OU that may currently have the service otherwise disabled.
For example, you may get a special request to allow a single middle school class to have access to YouTube for a project, even though you have YouTube disabled for your middle school OU. Another scenario could be if you have a remote student that needs Google Hangouts to communicate with their teachers. You can now turn Hangouts on for only that student.
What happens if the OU for the group of students has these services turned off? Do you turn them on for everyone or would that compromise security or policies your school district has set in place for that OU level? What about creating a brand new sub-OU for these exceptions? Does that require additional checks on automation to make sure your hard work isn’t undone next time your sync runs?
Ultimately, the answer to these requests often end up in the no-go pile because up to this point, there has not been a way to break up your OU to allow flexibility for special scenarios. This minor, yet a pivotal point of frustration has been addressed with a recent Google update to Groups.
As of December 2018, admins will now have the ability to enable Core Apps and Additional Apps and services to groups of users within your organization.
If we were to refer back to my example with the middle school class requesting access to youtube, this new Groups functionality would allow you, the admin, to keep youtube turned off for the entire OU, yet also select the students in the class to create a custom Group for granting youtube access.
It should be noted, you can enable a service for specific users within an OU, but you cannot create a group to remove privileges that are already granted to an OU. In short, these Group controls are additive only. You can add access to users who don’t already have access to apps or services, but you will not be able to take away access from users that already currently have access/privileges through your domain or OU level setting. This feature also only applies to the Core and Additional Google services and does not apply to 3rd party services or add-ons.
As you might imagine, with expanded access availability will also come to an ever-expanding list of Groups with a wide variety of unique scenarios. That could result in a totally different issue of its own including management of Groups. Don’t worry – we already have that covered. There are 3 different tools we recommend for help managing your Google Groups.
-
-
Google Cloud Directory Sync: Sync groups to Google: Your Google users, groups, and shared contacts are synchronized to match the information in your LDAP server.
-
-
Group Gator: Allows you to delegate who is a member of a specific group to a different user. In other words, the Admin can delegate a ‘group leader’ so that this leader can manage the delegation of members to the Group rather than requiring the Admin to do group management.
-
-
Gopher for Groups: This tool allows you to manage all of your group settings en masse. For example, if you create a slew of new groups, each group has its own individual settings, so auditing those group settings will become important – since they all have the default values. So Gopher for Groups allows for granular & mass edits of each group’s settings from within a google sheet.
Where services are only being enabled for the members of the groups within the OrgUnits, each service’s settings will still be applied based on the user’s OrgUnit. With these new capabilities, a new emphasis on groups along with a greater level of flexibility is introduced. The management of groups has always been essential to optimizing Google Workspace implementation but with the added controls, an admin will need tools to support these changes. Amplified IT has the tools and expertise to support the customization of your environment.
Reach out today to find out how our tools and team can help your school district.
Find this article useful? Share it!
-
Kendal Shomura
Google for Education Training Consultant -
About the Author:
Kendal Shomura joined the Amplified IT team in 2018 after 7 years working in Public Schools as an educator, Instructional Coach, Technology Integration Specialist, and as a Professor in Masters of Educational Technology program at Touro University. He spent 3 years as a Google Administrator while training staff on how to integrate Google Workspace tools into their classrooms. Kendal’s wide array of experiences with Educational Technology allows him to understand the important nuances of technology in schools. Today, he is a Google for Education Consultant who works to help schools better understand their Google environment and empowers them to configure Google Workspace in the most optimum way for student safety while still allowing for robust usage of the tools.