As an administrator, you can use security groups to control access to sensitive information and resources. You can create a new group or update an existing group to a security group.
Adding the Security label to a group makes it a security group. This action is permanent and adds security features, but doesn’t remove any other features of the original group. Groups with the Security label are easily sorted in the Google Admin console.
When to use security groups
Use security groups when you want to:
- Prevent external or non-security groups from joining a certain group—Only a security group in the same organization can join another security group.
- Ensure that groups only include members allowed by the parent—A group joining a security group must have the same or more restrictive membership permissions.
- Apply security policies to a group—We recommend making any group that you apply policies to a security group.
- Disable the option to automatically add all of your organization's users to a group—Security group membership is limited to the users, service accounts, and security groups that you permit.
- Give users who have the Groups Reader or the Groups Editor role the privileges to only certain groups—If your organization has security groups, you can give a Groups Reader or a Groups Editor privileges either to all your groups, only to security groups, or only to non-security groups.
Note: Non-Google accounts cannot be added to Security groups since the security practices of external service providers cannot be verified.
Create a security group
To create a security group, follow the steps to create a group and check the Security box. For the steps, go to Step 1: Create a group.
Make an existing group a security group
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
-
Click on the group name
Group Information
-
Check the Security box.
-
Click Save.
