As an administrator, you can use security groups to control access to sensitive information and resources. You can create a new group or update an existing group to a security group.
Adding the Security label to a group makes it a security group. This action is permanent and adds security features, but doesn’t remove any other features of the original group. Groups with the Security label are easily sorted in the Google Admin console.
When to use security groups
Use security groups when you want to:
- Prevent external or non-security groups from joining a certain group—Only a security group in the same organization can join another security group.
- Ensure that groups only include members allowed by the parent—A group joining a security group must have the same or more restrictive membership permissions.
- Apply security policies to a group—We recommend making any group that you apply policies to a security group.
- Disable the option to automatically add all of your organization's users to a group—Security group membership is limited to the users, service accounts, and security groups that you permit.
Note: Non-Google accounts cannot be added to Security groups since the security practices of external service providers cannot be verified.
Create a security group
To create a security group, follow the steps to create a group and check the Security box. For the steps, go to Step 1: Create a group.
Make an existing group a security group
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to Menu DirectoryGroups.
Click on the group nameGroup InformationLabels.
Check the Security box.