Open in app

Sign in

Write

Sign in

Create Security Group with Google Cloud Identity API and Apps Script

Stéphane Giron
2 min readOct 23, 2020

--

With the launch of the new version of Cloud Identity API ne capabilities have been added to Google Groups. Discover how to create Security Groups with Apps Script and REST. This is the next part of my previous article, on how to use Google Cloud Identity API for Google Groups.

Security Groups is a new concept from Google, more details in this news. The main feature of a security groups is, once label applied, forbid any users even Super Admin to add an external Google Groups to the Security Groups or add an internal groups which is not a Security Group.

Let say for example you had created a sensitive group for management, you can restrict who can add users but if for a specific need someone add another group. This new group do not have the same settings and by mistake somone can add an external users and this external user will receive email sent to top management. With security groups this is not possible.

Before to start

  1. We reuse a part of the code writen in the previous article so don’t forget to copy also the previous code.
  2. You need a GCP project with Cloud Identity API and Admin SDK activated.

⚠️ this action has no way back, once a group is aSecurity Group impossible to move back.

The code

We need to do a PATCH request, don’t forget the updateMask parameter in the url ;-)

function setSecurityGroups() {
  
  // Remember first the group need to exist before to be updated
  
  var email = "sgi_secuity_groups@test.gpartner.eu";
  var group = getGoogleGroups(email);
  
  var url = 'https://cloudidentity.googleapis.com/v1beta1/'+group.name+'?updateMask=labels' ;
  
  Logger.log(url)
  
  var security = {"labels" :  {
    "cloudidentity.googleapis.com/groups.security": "",
    "cloudidentity.googleapis.com/groups.discussion_forum": ""
  }
                 };
  
  var param = {
    method      : "PATCH",
    contentType : "application/json",
    headers     : {"Authorization": "Bearer " + ScriptApp.getOAuthToken() },
    payload     : JSON.stringify(security),
//    muteHttpExceptions:true,
  };
  
  var group = JSON.parse(UrlFetchApp.fetch(url,param).getContentText());
  Logger.log(JSON.stringify(group))
  
}

Source code n the GitHub repo : link check security_groups.gs

Result

For a Google ̶G̶ ̶S̶u̶i̶t̶e̶ Workspace admin there is no specific mention in the admin console about Security Group. If you try to add a group to the Security Group you will have a warning message.

Google Security Group wanring message
Apps Script
G Suite
Google Workspace

--

--

Stéphane Giron

Written by Stéphane Giron

217 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams