Unlock is a feature within GAT+ that allows Google Workspace admins to take different actions across their domain.
The Unlock functionality is required for:
- Viewing content of Files and Emails
- Changing ownership of Google Drive Files
- Copying Google Drive folders and moving them to another user
- Adding or removing users from Drive and Shared Drive files
- Setting up email delegation to user accounts
- Using the GAT Flow functionality to:
-
- Onboard users into the domain
- Offboard users from the domain
- Modify users in the domain
-
The Unlock functionality requires each of the actions above to be approved by the Security Officer. This is designed as a security feature.
Note: To have access to GAT Flow you must have GAT Unlock configured, this product requires a paid subscription.
What is pre-approved access in GAT Flow? #
Preapproval in Unlock allows the action chosen for Flow, Drive, or Email to be done without the need of the Security Officer’s approval for every request.
i.e.: Allowing Unlock to be used without approval by the Security officer.
The setting up of Pre-approval must be set up and approved by Security Officer
How to set up GAT Flow pre-approval in GAT+? #
Navigate to GAT+ > Configuration > Security Officer > Access permissions
In Access Permissions click on the + button <- Click here to create new preapproved access
A new window will be displayed fill in the details required:
- Authorized user – select the user who you want to set pre-approved access to
- Type – Flow, Drive, Email
- Scope – User, Group, Org.Unit
- Valid until – set the time until pre-approved access will be granted
- Flow types – select the type of workflow
- Onboarding
- Offboarding
- Modify
Click on Save
Flow setup #
Navigate to Flow > Preapproved access > Create preapproved access
A new window will be displayed fill in the details required:
- User – select the user who you want to set pre-approved access to
- Scope type – User, Group, Org.Unit
- Scope – enter the user/group/org.unit
- Valid to – set the time until pre-approved access will be granted
- Flow types – select the type of workflow
- Onboarding
- Offboarding
- Modify
Click on Save
Result #
The Pre-approved access will be granted to the selected user.
The Pre-approved access must be approved by the Security Officer.
Approval in Flow #
Approval in GAT+ #
Create workflow result #
When pre-approval in Flow is enabled, the Admin will receive pop-up notifications every time they are about to send the request.
The pop-up will show them that pre-approval is enabled and security officer is not required
When the Admin “Create workflow”, they will receive a pop-up message as below.
Event and Recurring workflow result #
When Event or Recurring workflow is used:
- The Event and Recurring workflow needs to be approved separately from the Pre-approval
- The “pre-approval” option must be selected
Edit preapproval #
Edit existing pre-approved access.
Navigate to Flow > Preapproved access
- Click on the “pen” icon to edit existing preapproved access.
- Click on the (x) to delete the preapproved access.
Navigate to GAT+ > Configuration > Security Officer > Access permissions
Find the Preapproved access > click on the “eye” icon and edit the Flow types
Video of setting up pre-approval in Flow
