Project Description
📖 < 1 min read
Google is adding full support for service accounts in Groups in beta. This builds on its recent announcements of a new Cloud Identity Groups API beta and the ability to use service accounts with Groups APIs without domain-wide delegation. With this launch, you can now:
- Add service accounts from primary and secondary domains without turning the “Allow external members in the group” setting on.
- See the service account member type on the Groups page and audit logs in the Admin console.
- Add, remove, and manage service account membership via the Admin console and Cloud Identity Groups API.
Who’s impacted
Admins and developers
Why it’s important
Groups are a critical tool for customers to manage their Google Workspace deployment. Many customers use service accounts with Groups to automate user management, manage migrations, and integrate Google Workspace with other apps, tools, and services.
Until now, it was difficult to use service accounts in groups due to limitations in the functionality. This launch fixes many challenges and makes it easier to use service accounts with groups while increasing security and transparency.
Additional details
The feature does not affect Admin SDK Group APIs.
Getting started
- Admins: This feature will be available by default. You can use new or existing service accounts. Visit the Help Center to learn more about managing Groups for your organization, creating service accounts, using the Cloud Identity Groups API, or viewing the Groups audit log.
- End users: No impact to end users.
Rollout pace
- This feature is available now for all users.
Availability
- Available to all Google Workspace customers
Thanks for sharing and spreading the word!