G Suite User Management
G Suite User Management is, of course, user management applied to G Suite accounts. As it is for an organization as a whole, managing user accounts in G Suite is also a critical and basic building block to enable effective collaboration and productivity among, as well as control over, employees that use G Suite services for their core business functions.
Components of G Suite User Management:
The Admin console is where admins can access and manage essentially all of the features and tasks related to an organization’s G Suite services, starting with verifying your organization’s domain and creating your user accounts and assigning access and permission levels to your G Suite services, including email, calendar, docs and sheets, as well as sharing rights and attributes.
Populating the user directory in G Suite can be accomplished in several ways. The most simplistic way is to provision new G Suite users manually through the Admin console. This can be done one at a time or be done in bulk through a CSV file upload, where up to a couple of hundred users can be added at a time.
More advanced methods of user provisioning involved leveraging Google’s API hooks. Some organizations decide to take advantage of Google Directory API to create customized scripts tailored to their unique business needs. This can be a great tool, but it also requires a lot of development and the expertise, which many organizations leveraging G Suite either do not have or do not have time for.
Leveraging an existing directory solution, such as Microsoft Active Directory (AD) or LDAP, is also possible. Many third-party tools exist to bridge the connection to G Suite, providing a one-way sync from an existing directory into Google, including Google’s own tool Google App Directory Sync (GADS). Many single sign-on providers also have features to allow syncing from existing directories into G Suite, which can make for relatively easy user provisioning, presuming you already have a directory solution, as they all depend on existing, on-premises infrastructure and all the resources required to maintain it. For modern and asset-light companies that are taking advantage of solutions like G Suite, this is similar to attaching a heavy chain to a hot air balloon in order to connect to a huge anchor firmly wedged in the ground–this largely defeats the point of a hot air balloon.
Once the G Suite directory is populated, organizational units (OUs) allow administrators to assign and limit access and permission levels across a set or subset of users simultaneously. An organization can create as many OUs as necessary to achieve the level of customization needed, arranging them into a hierarchy if desired, allowing attributes from parent OUs to carry over and then be customized for any child units.
Groups is another user management feature, allowing admins to setup easy collaboration channels between sets of users, including things like shared inboxes, common email distribution lists, shared calendars, etc. Together with OUs, these two features are very helpful building blocks for G Suite user management.
Configuring Authentication is another critical piece of user management. G Suite provides limited functionality in setting password requirements for users, including setting password length, monitoring password strength, and allowing for users to reset their own passwords. While these options are relatively limited and not necessarily the most secure, it does provide a layer of convenience for users. A more secure user management system might also include multi-factor authentication, password rotation, and/or additional character requirements to ensure strong passwords.
For many smaller organizations with only a handful of users who essentially use G Suite for nearly all of their business needs, the Google Admin console is an acceptable tool for effective user management. But as companies mature and scale, they tend to lean on more and more IT resources to meet an ever expanding set of business functions, which is why G Suite user management is only a piece of a larger identity and access management system that an organization should be thinking about. A Directory-as-a-Service® solution can incorporate G Suite users into a more comprehensive and centralized identity and access management solution that comprises user management for other web-based applications in addition to G Suite, as well as many other critical IT resources that organizations depend on, including hosted applications on Amazon Web Services or Google Compute Engine, machine access for Mac, Windows, or Linux operating systems, RADIUS and WiFi networks, and much more.