PCG logo
Article

Managing Permissions for External Users in Google Workspace

image-d2c93044be8d

Within the scope of Identity & Access Management (IAMExternal Link), it is essential for Google Workspace admins not only to define access permissions for individuals within the organisation but also for external ones. Often, it is necessary for a smooth collaboration to provide external individuals such as freelancers, consultants, or partners with their own accounts within the organisation.

However, in most cases, they should not have full access to internal information. In this blog post, we will introduce you to ways in which you can grant or restrict access for external individuals in the Google Workspace Admin Console. Additionally, we will share best practices for implementation.

Generally, there are 2 ways you can go about this:

  1. Add external users to your own domain.
  2. Create a separate domain for external users.

Both ways offer both advantages and disadvantages.

#1. Adding external people to your own domain

Pros:

  • Reduced administrative effort as you can manage all settings through a single admin console.
  • Simpler resource booking.

Cons:

  • There is no clear separation between internal and external users.
  • Initial sharing changes may be required if files have been shared organisation-wide but should not be shared with external users.
  • Calendar information can only be hidden from external users through a workaround (see point 4 in Best Practices below).

Best Practices:

  1. Assign an email suffix like klaus.mustermann.external@domain.com or klaus.mustermann@ext.domain.com.
  2. Create a separate organisational unit specifically for external users and move the relevant users there.
  3. Shared Drive:
    1. Create target audiences (e.g., Internal and External).
    2. Enable access checks for target audiences to avoid overly generous sharing (under Apps > Google Workspace > Drive and Docs > Sharing settings)
  4. Customise calendar shares to prevent external users from accessing internal employees' calendars. To do this:
    1. Users must restrict their own calendars (no longer share with the entire organisation).
    2. Calendar should be shared to a group where internal users are in. (a and b can be found in Calendar Settings > Access Permissions).

#2. Adding external users to a separate domain

Pros:

  • There is a completely visible separation of the organisation.
  • You don't need to change sharing policies for organisation-wide data.
  • Calendars of internal staff are not visible to external users by default.

Cons:

  • It increases administrative overhead because there are two different admin consoles.
  • Shared resource booking is more complex.

Best Practices:

  1. If you want to share calendars, you have to do it manually via the share menu
  2. Assign an email suffix to external users, such as klaus.mustermann@ext.domain.com.
  3. If you do not want to completely share documents externally, it is best to create the primary domain as an Allowlist.
image-9cdef63d00af

Conclusion

Ultimately, every organisation must determine its preferred sharing settings. While including external individuals in your own organisation might reduce administrative tasks, opting for a separate domain can offer advantages, especially if you have stringent security requirements.

Do you have questions or concerns about Permissions?

As an experienced Google Cloud Premier Partner and MSP, we're here to answer all your queries with expert advice, and support you in implementing and optimising Google Workspace efficiently. Our customers also enjoy complimentary admin support. Feel free to contact us!

Learn more



Services Used

Continue Reading

Article
Big Data
Machine Learning
AI
Google Gemini 2.0 has arrived – smarter, faster, multimodal

Discover Gemini 2.0: Google's AI model with agents for increased efficiency and innovation in businesses.

Learn more
Article
Big Data
Machine Learning
E-Commerce
Reduce E-Commerce Returns with Data & AI

Fewer Returns, More Revenue: Discover how Google Cloud's Data & AI services can help you reduce e-commerce returns and drive profitability. Learn more!

Learn more
Article
Machine Learning
Digital Workplace
Gemini for Google Workspace now available in German

Attention, Google Workspace users! Gemini now also available in German. AI power in 7 new languages for efficient work.

Learn more
Article
Google Workspace: A more secure alternative?

Discover how Google Workspace protects your business from modern cyber threats with AI-powered defence, cloud security and data protection.

Learn more
See all

Let's work together

United Kingdom
Arrow Down