Learn how a Google Workspace super administrator can adjust admin access, modify session length, check security alerts and review reports.
If you’re a Google Workspace super administrator, you may modify all sorts of settings that affect how people sign in, access and collaborate with Google Workspace. And, as a super administrator, there’s also a good chance you have a full calendar of tasks and responsibilities already.
But the following four settings and features are too often neglected or overlooked–even in organizations with a full-time IT team. How many Super admins does your organization have? How often do you require people to login? Are there any security alerts that require action? How are people in the organization using Workspace? If you’re a Super administrator, sign to the Admin console to review (and maybe adjust) your organization’s Workspace configuration and activity.
1. Check Admin access
(Security | Users | Add a filter | Check Admin role | Apply. List displays as in Figure A.)
For most organizations, the number of accounts with Super administrator access should be at least two and kept to as few as possible beyond that. For example, I often suggest that small and mid-sized nonprofit organizations give one technically savvy board member and one staff person Super administrator access. Large, global organizations with full-time IT teams might prefer to ensure that there’s always one person with Super administrator access available 24 hours a day.
Remember, many tasks may be managed by Admin accounts less powerful than the Super administrator role. Google provides pre-configured admin roles such as Groups Admin, User Management Admin, Help Desk Admin, Services Admin and Android Admin. A Super admin can create and customize other Admin roles as needed or desired.
2. Adjust Google Session controls
(Security | Settings | Google session control)
Some editions of Google Workspace let an Admin control how often people will be prompted to authenticate on the web, with options that range from one hour to Session Never Expires (Figure B). Set it to seven days, and people will need to sign in at least once a week. Set it to four hours to require people to authenticate twice in a typical work day.
Additionally, you may want to select different Session settings for different types of accounts. To do this, you’ll need to assign people to different organizational units, then choose a different session duration for each organizational unit. For example, you might assign Administrators to one organizational unit and set the session length for that unit to eight hours, while assigning standard accounts to a different organizational unit set for a session length of five days.
3. Check Security Alerts
(Security | Alert center | Optional: Filter by Alert type)
Go to Security | Alerts and then review Security Alerts as part of your efforts to protect the organization’s data. These include data loss protection alerts that trigger on selected events, such as when the system detects that an employee has stored a credit card number or Social Security number in a document. Filter the list by alert type or status, as shown in Figure C.
You may review each alert, dig into the details, then decide what actions to take. For example, Google’s Security alert from June 2021 indicated that a security update will be applied to some shared folders and files on Google Drive in September 2021 (Figure D). If an admin does nothing, the security update will be applied to some of your organization’s shared files and folders. In other words, if you find you can’t access a Google Drive item after September 2021, request access, since the security update may have modified the Share settings in order to secure the items. An admin may choose to adjust how this update is applied.
4. Review Reports
(Reports | Select desired section from left-menu)
Google groups reports into three major sections: Highlights, Reports and Audit. (Additional reports may be available, depending on your edition.) Highlights provides visual summaries of things such as the current status of accounts (active, suspended, archived, blocked), storage used and files shared externally. Reports provide overall activity information about apps, users and devices. For example, the Gmail report gives you some sense of total email activity (inbound and outbound), inbound spam and outbound email (delivery and rejections), as shown in Figure E. Reports in the Audit section can provide information about specific actions, such as who edited a document or modified a calendar event, as well as detailed data about logins, device access and admin actions.
In my experience, Workspace administrators who are IT professionals tend to care about and refer to some of these reports and audit details regularly. However, people who have “Workspace admin” as only a portion of their job (e.g., smaller organizations) may not always even know the types of reports and audit logs that are available for review. If you’re in the latter category, I encourage you to schedule an hour to methodically take a look at each item available to you in the Reports and Audit subcategories of the Workspace Reports section.
SEE: The future of work: Tools and strategies for the digital workplace (free PDF) (TechRepublic)
What’s your experience?
How many Super administrators does your organization have? If it is either one or more than two, why? What Google Session length have you selected? Do you require people with administrator accounts to sign in more often than other people? Are there other Google Workspace Admin sections or settings you think administrators tend to miss? If you’re a Super administrator, let me know what choices and items you focus on, either in the comments below or on Twitter (@awolber).