By Katherine Livick
The Google Apps Admin Console gives administrators hundreds of options to control their users’ experience with G Suite for Education. It’s easy to get overwhelmed by all the choices--what can you do, and what should you do, to make Google Apps useful for students and teachers?
What Can I Do?
Using the Google Apps Admin Console, you can create and manage users, set permissions for access to different Google services, manage your education Chromebooks and other mobile devices, and even configure mail routing. If you’re a sysadmin already, you’ll be familiar with some of the controls you encounter, though they may not be where you expect them to be.
Basic Setup and User Management
You can create users in the console directly or upload them in bulk from a .csv file. If you’ve already got a user organization structure in Active Directory, you can use Google Cloud Directory Sync (GCDS) to sync your AD user orgs to Google Apps. As a best practice, you’ll want to create sub-organizations for different groups within your userbase, rather than dumping all users into a single user organization. You can set this up in a variety of ways, depending upon what works for your district or organization, but at minimum, you will want to have teachers and students in separate organizations. See Google Apps for Education: Domain Best Practices for an in-depth discussion of this idea, or check out my “cheat sheet” for recommendations. Google has a lot of resources for migration to and deployment of Google services - take a look at their migration guide.
Wrangling Google Apps
Once your domain is set up, you’ll want to enable different apps and services for different users. For instance, many school districts choose to disable email for younger students or create a “walled garden” for students to have internal email only. You can (and should) turn off Google+ for students while enabling it for staff to use in their professional learning communities, or manage YouTube and Hangouts for certain groups of students. If you’ve already organized your users, this is pretty simple - just be sure you’ve selected the correct user organization before changing a setting. Many settings can be changed only for certain user organizations, but some apply globally to your entire organization. If a setting can be changed for particular organizations, your list of user orgs will show up at left when you select the setting.
Apps are organized into three major categories - Google Apps (the 11 services governed by the Google Apps agreement you signed when you registered), Additional Google Services (other Google-branded apps and services not covered by the agreement, such as Blogger and Youtube), and Marketplace Apps (third-party apps that you can add to your domain and push out to users). There’s also a category for SAML apps that you may wish users to sign into using SSO. Most of your frequently used services are included in the first Google Apps pane: Drive, Docs, Gmail, Classroom, Calendar, and more. Options for each service vary, so it’s best to just take a tour through each app’s settings and see what you can do with it.
Things can get a little confusing in the Device Management pane. Within are three sub-panes: Mobile Devices, Chrome Devices and Chrome Devices for Meetings. The sidebar in Device Management has options for Network and for Chrome Management. Once you have enrolled devices in your domain for management, they’ll show up in the Mobile or Chrome Devices panes; you can view serial numbers, move devices between user organizations, and disable devices from there. Settings that affect what users can do on a Chrome device (or with Chrome itself while logged in as a user in your domain) are available in Chrome Management in the sidebar. This is also where you determine settings for public sessions and kiosk mode. You’ll want to organize your devices in a way that allows you to determine different settings for different groups of devices--whether enforcing age-appropriate restrictions for certain grade levels, or locking down Chromebooks for secure state testing.
General best practices
If you’re just starting out, begin with the end in mind. Get your user organizations sorted out from the beginning so you have control. Don't operate in an IT vacuum when establishing policy as far as what services you want to enable. Communicate with instructional staff to be sure you understand how they are using the tools. Your understanding of the use of these tools (especially around security and why teachers and students need various functions) is different than what a teacher deals with day-to-day. Get into a classroom periodically if you can--you and teachers need to understand each other.
Consider security. Have you made two-step authentication available to your users? What about your admins? If you’re thinking of making it mandatory, be sure you don’t enforce this policy on users until they’ve opted in, or people will lose access. Do you have a backup Super Admin? Do you have limited admin roles to delegate tasks, while keeping higher-level functions more secure?
Above all--go with the flow. Google changes stuff CONSTANTLY. Often it's for the better. Use the help and search functions in the Admin console, and find a community of other admins for your personal learning (check out the GSFE Admins Group on Google+). There's a lot of stuff to read through, but contextual help in the Admin panel is continually improving, and there are a lot of minor caveats that can make a big difference. Keep learning and roll with it!