Topics

#suggestion Add Group membership expiration #suggestion


Rick N
 

On Google's Workspace updates blog, they recently announced the general availability of group membership expiration.

From their site:

"The Cloud Identity Groups API feature that enables you to set expirations for group memberships is now generally available.

 
 
This enables admins to set an amount of time that users and service accounts are members of a group. Once the specified time has passed, users will be removed from the group automatically. Automatic membership expiration can help reduce the administrative overhead for managing groups, and can help ensure group membership is limited to the members that need access."

I thought this could be a useful feature and bears further discussion.


Andy Wedge
 

On Sat, Feb 20, 2021 at 09:46 PM, Rick N wrote:
This enables admins to set an amount of time that users and service accounts are members of a group. Once the specified time has passed, users will be removed from the group automatically.
I would make use of this on my group if it existed and was relatively simple to manage. Some things to consider may be:

  • A facility to set expiration dates on existing members - editing the membership details of individual members for large groups would not be practical
  • The ability to initially set an expiration date for individual members on the Direct Add feature (as opposed to adding groups of members with the same expiry date)
  • If members join groups by accepting an invite, does the membership period start from the day of the invite or the day of acceptance?
  • The ability to send out reminder messages (a new type of Member Notice?) at different intervals when memberships are about to expire
  • A group setting to determine if membership is managed by expiry date

Regards
Andy


 

On Sun, Feb 21, 2021 at 04:04 AM, Andy Wedge wrote:
A group setting to determine if membership is managed by expiry date
I think that would be a necessity. Expiration would have to be a group option, not just apply to all groups. I'd consider using it, assuming there were adequate controls, but more likely would not. 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu