🌐 Setup Google Workspaces for Staff

Preparation 🏗️ ⭐⭐ ⭐⭐ 🏗️🏗️ 🔁💵 2021-06-24


If you are currently all using @gmail.com addresses, signing your organisation up for Google Workspaces will mean that you have much better control over the usage and security of email in your organisation, and you will all be able to use @yourorganisation.org addresses instead making it easier for third-parties to identify that a message is really from your organisation./


What you should do

1. Setup Google Workspace for your organisation

As the exact steps and advice depend on the size of your organisation, we suggest that you follow the setup instructions from the official Google Guide or this helpful series by Goldy Arora which includes how-to videos.

2. Manage role-based accounts with Groups

Google Groups may be designed to serve as a mailing list - it is actually also really useful to manage role-based email accounts, i.e. instead of using [email protected] to sign up for an online service, you can use [email protected] instead and direct the emails to the right users within the organisation. Or, for example, if you were accepting contributions for your organisation's blog or competition, you could use [email protected] instead of someone's personal email address.

This has the benefit that people's personal email addresses are not unnecessarily exposed, and the people are not immediately tied to the activity. It also makes it easier to manage access to those roles - for example, if "Maria" leaves the organisation, and the practice was to send Maria all the receipts via [email protected], then you can simply remove Maria from the Google Group for "reimbursements", and add whomever is now responsible for handling reimbursements to that Google Group. This way staff don't have to learn who to send their receipts to, and can just continue sending them to [email protected].

This also avoids paying 'extra' as Google normally would charge you 'per user' for these additional addresses, even if there is no real user behind them.

  1. Visit Google Admin and log in with an account which has admin rights fro your Google Workspaces account
    Pasted image 20210625172750.png
  2. Click "Groups"
  3. Click "Create A Group"
    Pasted image 20210625172912.png
  4. Fill in the details for the group you want to create
    Pasted image 20210625173048.png
  5. Set the access rights for the group - the most important one is whether you want to allow external accounts (i.e. people who do not have an @organisation.org address to send emails to this address. If you want to allow this check "Publish post" in the External column, otherwise uncheck it.
    Pasted image 20210625173454.png
  6. From here you want to "Add members" to Reimbursements - where a member is someone who will be receiving these emails. This follows from the access rights we configured in the previous step. So in our example, anyone in the organisation can send in their reimbursements, but only the people we add as members here (in addition to the admins) will be receiving those emails.
    Pasted image 20210625173550.png
  7. All the members and admins would be listed in this view
    Pasted image 20210625173911.png
  8. All mail sent to [email protected] will now be sent to all the members of the group
    Pasted image 20210625174806.png

3. Enforce a password policy

  1. Visit Security Settings : Password Management in your Google Workspaces Admin panel
  2. To ensure that everybody in the organisation uses a Strong Passphrase for their Google accounts (and hopefully a password manager!) set strict password policy requirements so that anybody who isn't following the password policy will be requested to strengthen their password on the next login:
    Pasted image 20210625175226.png

4. (Optional) Enforce 2-step verification

If your organisation has decided to 🔒 Use Multi-Factor Authentication, then it may help to enforce it as a policy:

  1. Visit Security Settings : 2 Step Verification in your Google Workspaces Admin panel.
  2. To ensure that everybody in the organisation uses a second factor for their Google account, set a 2-step policy requirement:
    Pasted image 20210625180805.png