Google Workspace Admin Basics: The Settings Every Admin Should Configure

You’re the admin now

When a small business signs up for Google Workspace, someone becomes the admin — often the owner or whoever set up the account. The admin console is powerful and complex, and most small business admins never go beyond the basics of adding users and resetting passwords.

A few hours in the admin console configuring the right settings prevents a disproportionate number of problems.

Security settings: do these first

Enforce 2-Step Verification for all users: Admin Console → Security → 2-Step Verification → Enforcement. Set this to “On” for all users. This is the single most important security setting in Google Workspace. Without it, a stolen password is sufficient to compromise an account.

Session length: Admin Console → Security → Google Session Control. Set the maximum session duration to 12 or 24 hours. This ensures users have to re-authenticate regularly rather than staying signed in indefinitely.

Mobile device management: Admin Console → Devices → Mobile & Endpoints → Settings. Enable basic device management for Android and iOS. This lets you remotely wipe a lost or stolen phone that has company data on it.

External sharing for Drive: Admin Console → Apps → Google Workspace → Drive → Sharing Settings. Review who can share files outside your organization. For most businesses, the default is too permissive. Set to “Only users in your domain can share outside the domain” or require admin approval for sharing.

User management: the important bits

Naming convention: Before adding users, decide on your email format (firstname@domain.com or first.last@domain.com) and stick to it.

Group email addresses: Create groups (support@, info@, billing@) that forward to the appropriate individuals. Groups are free — they don’t require paid seats. Admin Console → Directory → Groups.

Offboarding procedure: When an employee leaves, immediately: suspend the account (not delete — you can restore data from a suspended account), transfer ownership of their Drive files to their manager, and set up an auto-reply on their email for 30 days directing contacts to the appropriate person.