Google launches multi-party approvals to protect sensitive admin actions

Google today launched multi-party approvals where one admin is required to approve certain sensitive actions initiated by another. Available for eligible Workspace customers with multiple super admin accounts, multi-party approvals make super admins aware of what changes are being attempted and allow them to accept or reject these sensitive actions.

Multi-party approvals will be required for 2-Step verification, Account recovery, Advanced Protection, Google session control, Login Challenges and Passwordless (beta).

"Multi-party approvals adds an extra layer of security for sensitive actions taken in the Admin console by ensuring no sensitive action happens in a silo and, most importantly, helps prevent unauthorized or accidental changes from being made. This added layer of approval helps ensure actions are being taken appropriately and not too broadly or too often. Additionally, this is more convenient for admins because the action is executed automatically after approval and the requester doesn't need to take additional action," Google wrote in a blog post.

Multi-party approvals can be turned on in the Admin console under Security > Multi-party approval settings. Starting today, the new feature is rolling out to Rapid Release and Scheduled Release domains and it may take longer than 15 days for the feature to be fully visible. It will be available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers.