Today, I have a quick and happy update on recent story about Google accounts and guest access to G Suite.
In December 2018, Google announced a new “visitor session” feature in G Suite, that allows users to share documents with collaborators via email addresses that are not associated with a Google account.
Prior to this announcement, to share a G Suite document without making it public, the recipient had to have a Google account set up with their email address.
The problem is that many users get their accounts confused. If the invitation to collaborate is sent to a work email address, the recipient might get to the login screen and try to proceed with their personal Gmail account. Oftentimes, they don’t know that they should just create a Google account with their work email address (or they don’t even know it’s possible). Instead, they might just say “Hey, can you share this with my Gmail account?” When we’re talking about enterprise content, this is obviously a security concern.
Google addressed this by creating the visitor session feature described in their blog post.
But as I pointed out in my coverage, there was still another problem. Google handles multiple identities very well, but the process of creating an account with an existing email address wasn’t clear. Older versions of the account creation dialogue have had a link for this, but it was missing in the current version.
Check out the screenshots of the process, which I took on January 9. First, the new account screen tries to channel you into making a Gmail account. There’s nothing that tells you how to make an account with an existing address.
Start typing. The “@gmail.com” part is still there.
Now I put an “@” sign in, and the “@gmail.com” part disappeared, so I’m good!
That was the old way, and it was confusing!
However, last week I again had to help a co-worker create an account with their corporate email address. Check out what I saw this time, in these screenshots from February 12. Yep, that’s a link that advertises that you can use your current email address instead!
Here’s what it looks like when you click on it.
I know this is just one tiny feature, but it’s one that could prevent corporate data from leaking into a personal account, so it’s important!
I can’t stress enough that identity management and concepts like conditional access and zero trust are some of the most important topics in end user computing right now. This Google account feature is another example of how important these topics are.
(Okay, I have to admit that I also wanted to write this article because I noticed the change after I brought up the issue in my previous blog post. I’m not taking credit or anything, but it is a fun coincidence!)