Skip to main content
TDX, the developer conference for the AI agent era is happening now. Watch live on Salesforce+ for exclusive digital content, a revolutionary keynote, and more.

Get Started with Google Workspace Security

Learning Objectives

After completing this unit, you’ll be able to:

  • Access a trial Google Workspace account.
  • Enable 2-step verification.
  • Review password policies.
  • Enable account recovery policies.
Note

This module was produced in collaboration with Google, which owns, supports, and maintains the Google products, services, and features described here. Use of Google products, services, and features is governed by privacy policies and service agreements maintained by Google. Learn more about partner content on Trailhead.

Get the Most Out of the Manage Google Workspace Trail

This is the third module of the Manage Google Workspace trail, where you explore the process and best practices for setting up and maintaining Google Workspace for your company. Learn how Google Workspace integrates with Salesforce.

It’s a good idea to take the Google Workspace Administration module as it builds on what is covered in this module. ‌It includes step-by-step exercises, and you can follow along when you sign up for a free trial of Google Workspace.

Bring More of the Business to the Cloud

In the previous modules, you, the awesome admin for a transportation provider, began setting up Google Workspace, enabling services like Gmail, Calendar, and Drive. You even started configuring your environment to adhere to your organization’s security and data policies. As a savvy admin, you see security as an ongoing priority instead of something you set and forget.

In this module, you explore the various aspects of Google Workspace security, including user password policies and how to enforce 2-step verification (2SV) for your users. Learn about application security and how to allow-list and block API access to your account. See how Google Workspace can easily be integrated with predefined third-party applications. You become familiar with the SSO options in Google Workspace. And you learn how to spot and address potential security risks within your organization using the tools available in the admin console.

Explore Common Security Settings

The following video discusses how you can fine-tune basic security settings within the admin console, like password policies, recovery options, and secondary sign-in checks. By implementing these security settings, you enhance the safety of your organization, data, and users.

Set Up Your Google Workspace Domain (Optional)

Complete the following steps if you need to create a new Google Workspace trial domain. To avoid getting unwanted charges, remember to cancel your trial afterward.

If your trial account is still active, feel free to move to the next section.

  1. Set up a Google Workspace trial account. You can purchase a new domain or you can use a domain that you already own. See the Help Center resource links below for more details on using an existing domain.
  2. Create the following organizational units (OUs).
    1. Executive
    2. Employees
    3. Contractors
  3. Create the following Google Workspace user accounts.

    First name

    Last name

    Email address

    Employee title

    Org Unit Path

    Alex

    Bell

    alex.bell@yourdomain

    IT Manager

    /Executive

    Ellie

    Gray

    ellie.gray@yourdomain

    Executive Assistant

    /Employees

    Jon

    Baird

    jon.baird@yourdomain

    HR Business Partner

    /Employees

    Lars

    Ericsson

    lars.ericsson@yourdomain

    HR Manager

    /Executive

    Samantha

    Morse

    samantha.morse@yourdomain

    CEO

    /Executive

    Timothy

    Lee

    timothy.lee@yourdomain

    Finance Manager

    /Executive

    Tom

    Edison

    tom.edison@yourdomain

    Support Engineer

    /Employees

    Will

    Marconi

    will.marconi@yourdomain

    Support Engineer

    /Employees

    Mark

    Jones

    mark.jones@yourdomain

    Consultant

    /Contractors

  4. Then, add the Building Details, Features, and Resources as described in the Manage Shared Resources unit of Google Workspace Administration.

Now you should be up to speed.

Configure Common Security Settings

Let’s review and set security features and settings for your entire organization. This provides your environment a base level of security—a good starting point before diving into deeper security features.

Note

You can apply these policies at the OU level.

  1. If you aren't already signed in, sign in to your domain as the administrator at admin.google.com.
  2. In the left panel, click Main menu.
  3. Then click Show more.
  4. Click the Security icon.
  5. Then select Authentication to expand the list of options.
  6. Click 2-step Verification. Here you can find the settings for 2-step verification (2SV).
    2SV puts an extra barrier between your business and cybercriminals who try to steal usernames and passwords to access business data. Turning on 2SV is the single most important thing you can do to protect your business. 2SV requires users to verify their identity through something they know (such as a password) plus something they have (such as a physical key or access code delivered to a device). It’s also called multi-factor authentication (MFA) or 2-factor authentication (2FA).
  7. Ensure Allow users to turn on 2-Step verification is checked. This makes 2SV available to your users. Note, it doesn’t automatically enroll them. To enroll, users need to configure their verification settings individually. This is covered later.
  8. Click SAVE if you need to change this setting.
  9. In the Main menu, click Security.
  10. Then click Overview to open the Security page. You can access security settings from this page, the left panel, or by using the Admin console search box.
  11. On the Security page, scroll down and select Password management.
    Google Workspace supports several password policies. You can enforce password strength and also set a password length policy by setting minimum and maximum length values. You can enforce the length and strength policies when your users next sign in to their account or when they next change their password. The default enforcement happens the next time the password is changed.
  12. Return to the Security page, scroll down and click Less secure apps.
  13. Ensure that Disable access to less secure apps (recommended) is selected.
  14. Click SAVE if you made changes to this setting.
  15. Return to the Security page, scroll down and click Account Recovery.
    This setting enables you to control whether a Super Admin can recover their account themselves using the Forgot Password link, or whether they must ask another Super Admin or Google Support to reset their password.
    This setting is also where you control whether users can recover their own passwords. This is achieved through the use of a recovery email address or phone number. Note that password recovery isn't available when using SSO, and 2-step verification users must use the email recovery option.
  16. By default, only a domain administrator can reset a user’s password. To enable user password recovery:
    1. Click User account recovery.
    2. Check the Allow users and non-super admins to recover their account.
    3. Then click SAVE.

In the next unit, learn more about managing common security settings, including user security and 2-step verification (2SV).

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback