Google Workspace Updates: Protect sensitive admin actions with multi-party approvals (original) (raw)

April 9, 2024

• Admin console
• Rapid Release
• Scheduled Release
• Security and Compliance

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.

What’s changing

To protect our customers from malicious actors taking sensitive admin actions, we’re launching multi-party approvals where one admin must approve certain sensitive actions initiated by another. Multi-party approvals will be required for the following settings:

• 2-Step verification
• Account recovery
• Advanced Protection
• Google session control
• Login Challenges
• Passwordless (beta)

This feature is available for eligible Workspace customers with multiple super admin accounts — see the “Getting started” section below for more information.

Who’s impacted

Admins

Why it’s important

Multi-party approvals adds an extra layer of security for sensitive actions taken in the Admin console by ensuring no sensitive action happens in a silo and, most importantly, helps prevent unauthorized or accidental changes from being made. This added layer of approval helps ensure actions are being taken appropriately and not too broadly or too often. Additionally, this is more convenient for admins because the action is executed automatically after approval and the requester doesn’t need to take additional action. Multi-party approvals makes super admins aware of what changes are being attempted and gives them the opportunity to accept or reject these sensitive actions.

Outlined below is an example of the feature in action, in this case there is an attempt to make a change to 2-step verification policies:

When 2-step verification changes are attempted, admins will be required to submit the change to a super admin for approval.