Provide more secure access to data & resources

As an administrator, you can use security groups to grant access to sensitive information and resources. You can only nest a security group inside another security group. This nesting limitation guarantees that only authorized people and groups can access sensitive information or resources. You can effectively turn any group into a security group.

Change a group into a security group

After you add a security label to a group, it takes on the qualities of a security group. This process adds security features to any type of group and locks down membership permissions, but it doesn’t remove any other features of the original group.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. On the Admin console Home page, go to Groups.
  3. Click on the name of a groupand thenGroup Informationand thenLabels.
  4. Check the Security box.
  5. Click Save.
    This action is permanent.
    The group now has a security label in the groups list.

Automate security policies using dynamic security groups

You can enforce policies using dynamic groups by first adding a security label to them.

For example, you might set policies for everyone at your company who works in a specific geographic location. 

  1. Create a dynamic group of everyone with that location in their user profiles.
    As employees move and change their location in their profile, the system automatically adds or removes them from the dynamic group. 
  2. Add a security label to the dynamic group.
    Doing so allows you to apply policies to dynamic groups.
  3. Create a policy and choose which policies take precedence by following the steps in Customize service settings with configuration groups.

Related topics

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center