Managing Google APIs Console Teams with Groups (including Apps for Business!)

As a Developer Advocate @ Google, I’ve worked with tons of individuals & companies who have multiple projects with Google. A key piece to all of their integrations is our Google APIs Console (and soon to be the Cloud Console) — the one-stop shop to create and manage Google API projects. One question that comes up often is, “how do we manage team access?” This is especially important for companies where employees come and go over time, possibly taking the keys to their projects with them.

The tl;dr is use Google Groups to manage Team members.

The console has a built-in system to manage project members via email addresses. It can be found under Team:

As you can see, you can add multiple emails to this list. A common practice among companies is to create a shared `mycompany-google-api@gmail.com` address and pass around that email password. WAT?!? DON’T DO THIS. Sharing passwords is insecure and generally bad for the universe.

Everyone working on your Google projects should have their own account. Instead of adding each user to the team, add them to a Google Group. Then add that group as a member (probably owner) of the project and manage ownership through the built-in management controls of Groups.

Protip: Did you know that anyone can create a Google account, even with a non-Gmail or Google Apps email? A smart move would be to have your developers create a new Google Account with your company email and not use their personal Google accounts for work-related development.

If you’re looking at Google Groups, I would recommend naming your group as `company-google-api-owners@googlegroups.com` and setting the group as invite-only.

Note for Google Apps for Business: Your domain won’t let you add members to a project that isn’t in your domain, so a standard Google Group won’t work (see how it is @googlegroups.com above?) Fortunately, we have a solution! Google Groups for Business works in the same way as a standard group but is created by admins and ends with `@company-domain.com.`

Note for Cloud Console: Projects created through the Cloud Console require at least one real user owner, so you can’t try and delete yourself as the owner of the project if you’ve added a Group. You can have a sole Group owner if the project was created in the Google APIs Console.

Hope this tip helps you and your teams prevent future headaches!

P.S. if your company manages a Google+ Page and/or YouTube page, check out my post on how to manage your accounts.

Show your support

Clapping shows how much you appreciated Jonathan Beri’s story.