New Google Workspace feature prevents sensitive security changes if two admins don’t approve them
Google is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced.
What does the feature do?
Google Workspace (formerly G Suite) is a cloud-based set of productivity and collaboration tools/services aimed at enterprise audiences.
The (optional) multi-party approvals feature is one of many that were announced by the Google Workspace team in August 2023.
If the feature is enabled, certain sensitive admin actions can be taken only if approved by an admin who did not initiate them and thus, in theory, preventing accidental or unauthorized changes made by either malicious insiders or outsiders that have managed to compromise an admin account.
Admins can view details about each approval request before allowing or denying it. (Source: Google)
“This added layer of approval helps ensure actions are being taken appropriately and not too broadly or too often,” the team explained.
“Multi-party approvals makes super admins aware of what changes are being attempted and gives them the opportunity to accept or reject these sensitive actions. Additionally, this is more convenient for admins because the action is executed automatically after approval and the requester doesn’t need to take additional action.”
Which changes can be made to require multi-party approvals?
The feature is off by default and can be turned via the Admin console (Security > Multi-party approval settings).
The sensitive admin actions that can require additional approval include changes to 2-step verification and account recovery policies, Advanced Protection and Google session control settings, account login (security) challenges, and the login-via-passkey option.
Multi-party approvals will be available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers.