This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

Contracted outside organizations needing an internal access

E8419
New Contributor III

‎10-17-2023 03:59 PM - edited ‎10-17-2023 04:01 PM

Hello was wondering if anyone could give me some advice as to their policies and procedures with outside organizations such as the YMCA and others.

In the past the YMCA has been given a standard YMCA@domain.com address and then that email is shared between them all.h

That's obviously is not a good solution with two factor and the access to organizational data that they have.

We are looking for ways to give these groups that we contract with access to certain documents such as transportation logs etc.

We are currently thinking this through and right now we are coming up with an email that is: firstinitiallastname-ymca@domain.com

I am a little hesitant giving these emails out willy-nilly as the YMCA may have upwards of 10 people working for them and giving an email out with drive access gives them access to anything shared with domain.com as well as with them.

They really just need access to things that are shared directly with them such as a transportation log etc. They also may need access to get email from distribution lists within the district.

What do you guys do for outside organizations that need access to internal communication?

Topics:
Reply
3 REPLIES 3

claycodes
Staff

‎10-17-2023 04:22 PM

Excelent flag on the risk of an account managed by multiple users. Especially users from outside your organization. 

You can create a secondary domain and provide accounts to individuals with that secondary domain to further delenieate between your users and the organization. 

For sharing if you have Standard or Plus you can use Trust Rules to granularly define sharing between the accounts and whomever they need to collaborate with. The sharingn with your domain has other risks when educators share student information with everyone mistakenly. 

You can also leverage Shared drives and add their external accounts to a Google Group and the group to the shared drive as a content contributor. The requirement would be that files go into the drive for collaboration. Probably the least risky solution. 

Interested to hear what other think. 

 

0 Kudos
Reply

Kim_Nilsson
Admin Moderator

‎10-17-2023 11:11 PM

If all the content they need to access is in Shared Drives, they don't even need the Drive service enabled, as Shared Drives work without Drive. Yes, it's weird, but it's true. AFAIK, they can even create content in a Shared Drive without Drive service access.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Kim_Nilsson
Admin Moderator

‎10-17-2023 11:15 PM - edited ‎10-17-2023 11:15 PM

Also, NOTHING should be shared with domain.com. Nothing.

Everything should be shared with a Target Audience in mind, even if you don't have the named feature Target Audience. Everything should be shared with either a/several User/s, a/several Group/s or be in a Shared Drive.

Absolutely nothing should be shared with Domain.

There will always be times where you don't want that. This is one of those times.

--
https://wheretofind.me/@NoSubstitute
Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines