As an administrator, you can use security groups to control access to sensitive information and resources. You can create a new group or update an existing group to a security group.
Adding the Security label to a group makes it a security group. This action is permanent and adds security features, but doesnât remove any other features of the original group. Groups with the Security label are easily sorted in the Google Admin console.
When to use security groups
Use security groups when you want to:
- Prevent external or non-security groups from joining a certain groupâOnly a security group in the same organization can join another security group.
- Ensure that groups only include members allowed by the parentâA group joining a security group must have the same or more restrictive membership permissions.
- Apply security policies to a groupâWe recommend making any group that you apply policies to a security group.
- Disable the option to automatically add all of your organization's users to a groupâSecurity group membership is limited to the users, service accounts, and security groups that you permit.
- (Beta) Give users who have the Groups Reader or the Groups Editor role the privileges to only certain groupsâIf your organization has security groups, you can give a Groups Reader or a Groups Editor privileges either to all your groups, only to security groups, or only to non-security groups.
Note: Non-Google accounts cannot be added to Security groups since the security practices of external service providers cannot be verified.
Create a security group
To create a security group, follow the steps to create a group and check the Security box. For the steps, go to Step 1: Create a group.
Make an existing group a security group
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu DirectoryGroups.
-
Click on the group nameGroup InformationLabels.
-
Check the Security box.
-
Click Save.