Just before the holidays, Google Cloud announced a beta feature that will let G Suite users share documents with non-Google accounts.
This is going to solve some major identity management headaches, plus it reminds me of another topic that we used to talk about a lot: Apps that make the jump from the consumer space to the enterprise, and the “consumerization of IT.”
Why the G Suite login process is confusing for guest collaborators
A problem arises when G Suite (which is the official, paid version of Drive, formerly known as Google Apps for Work) users need to collaborate with people at other companies. More than once, I’ve witnessed a co-worker get to the G Suite login and say:
“This doc is shared with my work email address, but our company doesn’t use Google. Can you share it with my personal Gmail address?”
To those of us in the identity space, this is a simple issue. The user just needs to create a second Google account using their work email address. But for many guest users, the G Suite login process can be a difficult leap. They know they already have their personal Gmail account, and it’s not obvious or clear what to do next.
First, they would have to realize that they need to create a new account using their company email address. Second, they would have to successfully make an account. This is hard because Google’s interface channels users into creating an account with a new Gmail address by default, and on top of that, the functionality to make an account with an existing non-Gmail address is hidden. (The form automatically puts “@gmail.com” in the username field, and it only goes away when you type in the “@” character. Try it. I’ve seen this stop users in their tracks, and it’s an unfortunate miss from a company that obviously knows how to do identity at scale.) (Update, February 13, 2019: Google has updated the account creation screen to make this easier. Check out my newer article for screenshots.)
I’m sure many G Suite customers deal with this constantly. They must get a ton of emails from external collaborators saying, “I can’t open it!” or, “Can you share it with my Gmail account?”
Thankfully, in a recent post on the G Suite blog, Google Cloud announced a new feature called Pincode Sharing, now in beta.
With Pincode Sharing, a G Suite user can share a Google Doc, Sheet, or Slides file with a non-Google account. Instead of creating a new account in the G Suite login process (or getting confused and frustrated) the recipient just has to verify their email account by entering a PIN, which Google sends to their email address. In Google’s demo video, this is called a visitor session.
I’d argue that Google’s account creation process should be clearer, but for this use case, Pincode Sharing and visitor sessions look to be faster and easier.
Pincode sharing could also be more secure, too. If the sharing recipient gets to the G Suite login stage and creates a new Google account with their corporate email address, this new account isn’t managed or secured by their company. Whereas, when the recipient uses their corporate email to receive a pincode and start a visitor session, their company is securing the process, because they control the email inbox that it’s sent to.
Either way, I’m sure this feature is going to solve countless headaches when it rolls out.
Back in the first half of this decade, we spilled a lot of ink about the “consumerization of IT.” One idea under CoIT (as we called it) was that some consumer-facing apps would begin adding in enterprise management and security features—and that’s exactly what G Suite and countless others have done.
But with that consumer-to-enterprise transition comes the need to handle multiple identities. Apps have to do fast account switching; SaaS offerings may need a way to “take over” consumer accounts created with enterprise email addresses; and they have to figure out sharing.
And on the customer side, now is definitely the time for desktop and mobile pros to learn about identity.