Google G-Suite - Transferring from an 'info@' user to several users and shared mailbox
We currently have G-Suite Business, although I'm considering downgrading to G-Suite Basic - unless I need the Business for the particular solution below.
Our small organization has one Google G-Suite account, i.e. info@<ourdomain>.com. Three people share the password for this. There is also a few GBs of files in the My Drive of this account.
I'm trying to sort out this bad security practice, i.e. for the three of us to have a separate G-Suite user account, so we can then enable 2 factor authentication on them, to help secure our data.
But despite trying to do the right thing, it's proving much more complicated than I thought to make it so that we can continue to collaborate as easily as we do now.
I've seen videos on Youtube that show you can go (in the Gmail of 'info@') into Settings > Account, and there's an option to 'Grant access to your account'. And then the users that you grant access to, will be able to switch to the info@ Gmail in the top-right account selector. However, on the Gmail account of info@, I do not have this 'Grant access to your account' option at all. Any idea why?
Then I've been looking a lot into Shared Mailboxes and Collaborative Inboxes. I'm struggling to find the difference betwen them. In my Google Admin, when I create Google Group for Business, I don't get the option to switch between the two. When I create a new group, I get to decide the name, the owners, the permissions, but pretty much nothing else.
What I want is a 'Shared Mailbox' as in the Office 365 sense. A mailbox that isn't attached to an user, and therefore doesn't consume a licence, where emails sent to info@ will land in this mailbox, and then users are granted access to the mailbox. Then, anyone that's in their 'personal' (within the organization) Gmail can go to the top-right and switch mailbox to the other one - similar to how the 'Grant access to your account' works. Also, these users will have the option to switch to this mailbox in their Gmail smartphone app as well.
Is this possible with G-Suite?
When I read up on Collaborative Inbox, I thought that that's what this was. But with this I can't find any screen that actually looks like Gmail, only the 'Group' screen which looks completely different to a Gmail inbox.
I still want all email to be sent from the 'info@' mailbox, not from the personal mailboxes wil Send As permissions, because I want all replies to be visible to everyone else.
Any advice on the above would be appreciated.
Then about Google Drive. We currently have about 13GB in the My Drive of the info@ account. We have many folders that are shared with either one of the 3 people mentioned, or other people outside of the organization. I saw "Shared Drives" and thought that this looked ideal, but then I discover that inside a shared drive, every member of the drive will always see all files and folder inside, and that you cannot hide some folders from some people. Why would you encourage teams to use Shared Drives but give them less functionality?? Seems stupid to me. Google's argument is that you should arrange your files and folders into separate shared drives, but then you'd need separate shared drives for every permutation of users that you have. If you have a team of people, and want to hide a specific sub-folder from one of the drive members for sensitivity reason, then what are you meant to do, start another Shared Drive with the intended people, and have the files separate from thr main files of that project?? People don't work like this!
Sorry, rant over.
Anyway, I want users to have access to all of the organizations' files (that they have access to) from within their own Google Drive site.
So any advice about how to treat the files would be good as well.
Many thanks.
Our small organization has one Google G-Suite account, i.e. info@<ourdomain>.com. Three people share the password for this. There is also a few GBs of files in the My Drive of this account.
I'm trying to sort out this bad security practice, i.e. for the three of us to have a separate G-Suite user account, so we can then enable 2 factor authentication on them, to help secure our data.
But despite trying to do the right thing, it's proving much more complicated than I thought to make it so that we can continue to collaborate as easily as we do now.
I've seen videos on Youtube that show you can go (in the Gmail of 'info@') into Settings > Account, and there's an option to 'Grant access to your account'. And then the users that you grant access to, will be able to switch to the info@ Gmail in the top-right account selector. However, on the Gmail account of info@, I do not have this 'Grant access to your account' option at all. Any idea why?
Then I've been looking a lot into Shared Mailboxes and Collaborative Inboxes. I'm struggling to find the difference betwen them. In my Google Admin, when I create Google Group for Business, I don't get the option to switch between the two. When I create a new group, I get to decide the name, the owners, the permissions, but pretty much nothing else.
What I want is a 'Shared Mailbox' as in the Office 365 sense. A mailbox that isn't attached to an user, and therefore doesn't consume a licence, where emails sent to info@ will land in this mailbox, and then users are granted access to the mailbox. Then, anyone that's in their 'personal' (within the organization) Gmail can go to the top-right and switch mailbox to the other one - similar to how the 'Grant access to your account' works. Also, these users will have the option to switch to this mailbox in their Gmail smartphone app as well.
Is this possible with G-Suite?
When I read up on Collaborative Inbox, I thought that that's what this was. But with this I can't find any screen that actually looks like Gmail, only the 'Group' screen which looks completely different to a Gmail inbox.
I still want all email to be sent from the 'info@' mailbox, not from the personal mailboxes wil Send As permissions, because I want all replies to be visible to everyone else.
Any advice on the above would be appreciated.
Then about Google Drive. We currently have about 13GB in the My Drive of the info@ account. We have many folders that are shared with either one of the 3 people mentioned, or other people outside of the organization. I saw "Shared Drives" and thought that this looked ideal, but then I discover that inside a shared drive, every member of the drive will always see all files and folder inside, and that you cannot hide some folders from some people. Why would you encourage teams to use Shared Drives but give them less functionality?? Seems stupid to me. Google's argument is that you should arrange your files and folders into separate shared drives, but then you'd need separate shared drives for every permutation of users that you have. If you have a team of people, and want to hide a specific sub-folder from one of the drive members for sensitivity reason, then what are you meant to do, start another Shared Drive with the intended people, and have the files separate from thr main files of that project?? People don't work like this!
Sorry, rant over.
Anyway, I want users to have access to all of the organizations' files (that they have access to) from within their own Google Drive site.
So any advice about how to treat the files would be good as well.
Many thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is the support article on a collaborative account. Perhaps it will make things more clear
https://support.google.com/a/answer/167430
I don't think this is optimal and using a ticketing system would make this easier but this is the way for GSuite.
You can either share at the file level or change the structure of your folders.
Let's say you have a top level folder called, 'Clients' and below that folder are individual folders for each client. Then inside each client folder you have folders for Client_Intake, Billing and Documents. And the only thing you want to share with others are the documents folder. You can now share that and all it's contents by right clicking on the folder and select Share.
I found the easiest way to create a template folders is to have a list of these folders in another folder perhaps called "Folder Templates" and then copy that template to each new client.
If you only use one top level folder for each client, managing this is going to be harder. The trick will be in how you manage folder hierarchy.
The best option for a team is going to be using Shared Drive (Was TeamDrive) and this is different than "Shared with me" https://support.google.com/a/users/answer/9310249?hl=en
https://support.google.com/a/answer/167430
I don't think this is optimal and using a ticketing system would make this easier but this is the way for GSuite.
As for Drive, if we have a folder in a Shared Drive that we're working on, but then need to bring in someone outside the organisation to help on a project (which happens a lot) but not give them access to every single file in the Shared Drive, then we would have to move the folder out of Shared Drive and into one of the three My Drives for it to work. That would just create a mess, because you'd have to let people know that they've moved etc
You can either share at the file level or change the structure of your folders.
Let's say you have a top level folder called, 'Clients' and below that folder are individual folders for each client. Then inside each client folder you have folders for Client_Intake, Billing and Documents. And the only thing you want to share with others are the documents folder. You can now share that and all it's contents by right clicking on the folder and select Share.
I found the easiest way to create a template folders is to have a list of these folders in another folder perhaps called "Folder Templates" and then copy that template to each new client.
If you only use one top level folder for each client, managing this is going to be harder. The trick will be in how you manage folder hierarchy.
The best option for a team is going to be using Shared Drive (Was TeamDrive) and this is different than "Shared with me" https://support.google.com/a/users/answer/9310249?hl=en
ASKER
OK, I've figured out why I'm not seeing the option when I create a new group to enable Collaborative Inbox. It's because this option doesn't exist when creating a new group in Google Admin. This is 'Google Groups for Business'. There is however a small and easily missed hyperlink, after you create the group, called 'advanced settings', which has the setting there.
Although if you go in to 'classic' Google Groups and create a new group (i.e. not through Google Admin), then you get the option for Collaborative Inbox when you create the group.
Having tested this a little, I feel that it falls far short compared to the regular Gmail inbox in terms of ease of use. Firstly, I don't know how to get in to this, without going through Google Admin. I currently have to type "google groups" into google, then click on something, log on, then click through 3 or 4 screens until I get there. The Collaborative Inbox screen itself is really clunky as well - it looks like Gmail did in 2008!
Also, I've yet to find a way of accessing this through a smartphone app, which is a complete showstopper for me. No responsive layout, no smartphone notifications. In my view, Collaborative Inbox simply isn't there yet as a product.
But as for the other option of Gmail mailbox delegation, I don't understand is why I'm not getting the option in Gmail to 'Grant access to your account' - the option simply isn't there. This would be sufficient for what I need I think. Any ideas why that's not there?
I really don't understand why Google are making such a meal of this really simple function that every business needs. I just want a shared mailbox! Office 365 is becoming more and more of an option by the day.
Drive
I realise that more granular permission settings can be applied in My Drive, but that's my point - for specific folders that you want to share with all members of a team PLUS outside individuals, then you shouldn't have to keep them in My Drive anyway because this defeats the object of a Shared Drive. The clue's in the name - "My" Drive. There will be no "central" My Drive, because the "central" account will be closed down. And if I have to keep the "info@" account just to use its My Drive, and share everything out from there, then this would make Shared Drives completely redundant for me.
Although if you go in to 'classic' Google Groups and create a new group (i.e. not through Google Admin), then you get the option for Collaborative Inbox when you create the group.
Having tested this a little, I feel that it falls far short compared to the regular Gmail inbox in terms of ease of use. Firstly, I don't know how to get in to this, without going through Google Admin. I currently have to type "google groups" into google, then click on something, log on, then click through 3 or 4 screens until I get there. The Collaborative Inbox screen itself is really clunky as well - it looks like Gmail did in 2008!
Also, I've yet to find a way of accessing this through a smartphone app, which is a complete showstopper for me. No responsive layout, no smartphone notifications. In my view, Collaborative Inbox simply isn't there yet as a product.
But as for the other option of Gmail mailbox delegation, I don't understand is why I'm not getting the option in Gmail to 'Grant access to your account' - the option simply isn't there. This would be sufficient for what I need I think. Any ideas why that's not there?
I really don't understand why Google are making such a meal of this really simple function that every business needs. I just want a shared mailbox! Office 365 is becoming more and more of an option by the day.
Drive
I realise that more granular permission settings can be applied in My Drive, but that's my point - for specific folders that you want to share with all members of a team PLUS outside individuals, then you shouldn't have to keep them in My Drive anyway because this defeats the object of a Shared Drive. The clue's in the name - "My" Drive. There will be no "central" My Drive, because the "central" account will be closed down. And if I have to keep the "info@" account just to use its My Drive, and share everything out from there, then this would make Shared Drives completely redundant for me.
Office 365 is becoming more and more of an option by the day.Yes, I agree. I administer both and in most cases, Microsoft365 does more of what you need and acts more like you are working with servers. That fact is also what makes GSuite desirable for others.
With Google Drive, you have to change your thinking. It is not a central server. What I do as the main admin account is to share one of the top level folders with everybody in the domain. For me, this shows up in "My Drive". For everybody else it is in, "Shared With Me" but they can put it in their own MyDrive. That does not affect if person 3 changes something and later person 1 views the file from their MyDrive or Shared With Me it will still show the changes. You can even work on the document together.
With that said, you should work with shared drives (formerly team drives) for groups. It is much easier to understand and then there is no MyDrive/Shared with me.
https://support.google.com/a/users/answer/9310351?hl=en
In Microsoft365 this works similarly with OneDrive. However, there is also SharePoint which is meant for teams. Google's Shared Drive is their answer to MS SharePoint. Both Google Shared Drive and Microsoft Sharepoint/OneDrive have a desktop client that allows you to view files on the file system even if they are in the cloud. You have the option of downloading (in the background) as you work on a cloud file or having it stay in the cloud. Either way it will get synced.
You can create a shared box in Microsoft365 more like you would expect https://docs.microsoft.com/en-us/microsoft-365/admin/email/create-a-shared-mailbox?view=o365-worldwide but I think you will run into the same issue as it is not a ticketing system. If you have several people working remotely, it is not easy to know who 'took' an email to respond. That is what a ticketing system is for.
ASKER
I've now sorted the problem where I wasn't able to 'grant access to my account' to others. It was disabled in Google Admin, but in a different place to where I've been looking. Half the articles on the Google site are wrong because they are pointing to an old location to enable it that doesnt exist any more. This will do the job for me. It means I will still be needing to keep the 'info@' account live, which will cost a licence (a licence that I wouldn't need to pay for with Office 365), but I will downgrade the domain to Basic to save costs.
If I was starting from scratch here, I'd definitely go for Office 365. I have a lot of experience with it from other organizations. But to change now would be too much of an upset I think, just to solve what originally just a security issue.
I'm still not happy with Google's Shared Drive. It leaves one still reliant on My Drive for stuff shared with others, which to me defeats the object of a Shared Drive. They're trying to simplify things by having a flat permissions structure through each entire Shared Drive, but ending up making it much more complex because projects are never as simple as having x amount of people all wanting access to every single file/folder and no-one else needed access to anything. Anyway, hopefully Google will introduce folder permissions in Shared Drives in the future.
Thanks for your input.
If I was starting from scratch here, I'd definitely go for Office 365. I have a lot of experience with it from other organizations. But to change now would be too much of an upset I think, just to solve what originally just a security issue.
I'm still not happy with Google's Shared Drive. It leaves one still reliant on My Drive for stuff shared with others, which to me defeats the object of a Shared Drive. They're trying to simplify things by having a flat permissions structure through each entire Shared Drive, but ending up making it much more complex because projects are never as simple as having x amount of people all wanting access to every single file/folder and no-one else needed access to anything. Anyway, hopefully Google will introduce folder permissions in Shared Drives in the future.
Thanks for your input.
ASKER
For the email side, this isn't quite what I'm looking for. If I've understood what you're saying, what you're describing is basically a distribution list, where emails to info@ are sent on to the inboxes of the 3 'named' users on the list. But how would one know if one of the other people have dealt (or are intending to deal) with an enquiry that's come in?
What I need is a central mailbox where the emails come in, and where one of the 3 people can then either respond immediately from there, or tag/label/assign the query to themselves or one of the other two, for dealing with the enquiry later on (also from within the central mailbox). I don't necessarily want the enquiries to reach the users' names mailboxes at all.
What I'm describing above is how shared mailboxes work in Exchange Online, and the shared mailboxes don't consume a license, because they don't 'belong' to an user. Is this possible with G-Suite?
As for Drive, if we have a folder in a Shared Drive that we're working on, but then need to bring in someone outside the organisation to help on a project (which happens a lot) but not give them access to every single file in the Shared Drive, then we would have to move the folder out of Shared Drive and into one of the three My Drives for it to work. That would just create a mess, because you'd have to let people know that they've moved etc
Besides, I don't want these to be held in a person's My Drive anyway, because there'll be confusion over which of the three My Drives a particular file/folder is kept. Secondly, I don't want the person sharing those files/folders with external users to have to take a positive step to share these files with the other two named users.
Another annoyance with Shared Drives is that the Shift-Z "Add here" doesn't work at all.
So basically we'd have to pay 3 times more than we do now for licenses, and get a worse solution, just to improve our security. Which surely isn't right.
Is there another way?