PCG logo
Article

Managing Permissions for External Users in Google Workspace

image-d2c93044be8d

Within the scope of Identity & Access Management (IAMExternal Link), it is essential for Google Workspace admins not only to define access permissions for individuals within the organisation but also for external ones. Often, it is necessary for a smooth collaboration to provide external individuals such as freelancers, consultants, or partners with their own accounts within the organisation.

However, in most cases, they should not have full access to internal information. In this blog post, we will introduce you to ways in which you can grant or restrict access for external individuals in the Google Workspace Admin Console. Additionally, we will share best practices for implementation.

Generally, there are 2 ways you can go about this:

  1. Add external users to your own domain.
  2. Create a separate domain for external users.

Both ways offer both advantages and disadvantages.

#1. Adding external people to your own domain

Pros:

  • Reduced administrative effort as you can manage all settings through a single admin console.
  • Simpler resource booking.

Cons:

  • There is no clear separation between internal and external users.
  • Initial sharing changes may be required if files have been shared organisation-wide but should not be shared with external users.
  • Calendar information can only be hidden from external users through a workaround (see point 4 in Best Practices below).

Best Practices:

  1. Assign an email suffix like klaus.mustermann.external@domain.com or klaus.mustermann@ext.domain.com.
  2. Create a separate organisational unit specifically for external users and move the relevant users there.
  3. Shared Drive:
    1. Create target audiences (e.g., Internal and External).
    2. Enable access checks for target audiences to avoid overly generous sharing (under Apps > Google Workspace > Drive and Docs > Sharing settings)
  4. Customise calendar shares to prevent external users from accessing internal employees' calendars. To do this:
    1. Users must restrict their own calendars (no longer share with the entire organisation).
    2. Calendar should be shared to a group where internal users are in. (a and b can be found in Calendar Settings > Access Permissions).

#2. Adding external users to a separate domain

Pros:

  • There is a completely visible separation of the organisation.
  • You don't need to change sharing policies for organisation-wide data.
  • Calendars of internal staff are not visible to external users by default.

Cons:

  • It increases administrative overhead because there are two different admin consoles.
  • Shared resource booking is more complex.

Best Practices:

  1. If you want to share calendars, you have to do it manually via the share menu
  2. Assign an email suffix to external users, such as klaus.mustermann@ext.domain.com.
  3. If you do not want to completely share documents externally, it is best to create the primary domain as an Allowlist.
image-9cdef63d00af

Conclusion

Ultimately, every organisation must determine its preferred sharing settings. While including external individuals in your own organisation might reduce administrative tasks, opting for a separate domain can offer advantages, especially if you have stringent security requirements.

Do you have questions or concerns about Permissions?

As an experienced Google Cloud Premier Partner and MSP, we're here to answer all your queries with expert advice, and support you in implementing and optimising Google Workspace efficiently. Our customers also enjoy complimentary admin support. Feel free to contact us!

Learn more



Services Used

Continue Reading

Article
Google Cloud report uncovers: GenAI as a driver of growth and success

The study ‘The ROI of Generative AI’ by Google Cloud delivers impressive figures. Find out how organisations around the world benefit from GenAI.

Learn more
Article
Google Cloud Backup & DR: Ultimate protection for your critical data

Backup & Disaster Recovery in the Cloud: Why you should rely on Google Cloud.

Learn more
Article
Gemini for Google Workspace: Prompting Guide for Efficient Use of AI

Your cheat code for Gemini for Google Workspace: Get the most out of the AI features with our prompting guide.

Learn more
Article
Cloud Security
IDC study: 60% fewer security incidents using Google Chronicle

A new IDC study about Google Chronicle SecOps delivers impressive figures: 407% ROI & 60% fewer security incidents at companies worldwide.

Learn more
See all

Let's work together

United Kingdom
Arrow Down