Get Google Unmanaged Accounts under control with Zygon

Unmanaged Google accounts created with company email addresses pose security and management risks. They remain out of control of organizational administrators!

By claiming your domain and converting these accounts to managed ones, you'll be able to mitigate these threats effectively.

‍

Potentially, you have no control over Google unmanaged accounts!

Imagine your company’s email services are hosted on platforms like an on-premise Exchange server, Microsoft 365, or GoDaddy email... If an employee (tom@acme.com) needs access to Google services, they might create a personal Google account using their company email.

This account could be used for activities such as:

• Managing Google Analytics,
• Getting SaaS access via OIDC,
• Accessing Google Drive documents.

Once the account is created, it’s linked to your company domain but remains entirely unmanaged by your organization (!)

As an admin, you have no control over these accounts - meaning thant you cannot access its password, view activity logs, or manage it through your own email systems.

Any password resets or changes made in your company’s email system will not affect this Google account.

In other words, these accounts are created independently by users using one of your organization’s domains. Since these accounts are personally managed by the individual who created them, they are not under the control of Cloud Identity administrators, nor do they belong to domain-verified customers.

‍

Risks are underestimated but real

As a result, your organization has no oversight over the configuration, security, or lifecycle of these accounts.

These unmanaged accounts are often called personal or consumer accounts because the user registered for Google consumer services with their company email address.

This situation is common, but it’s not ideal for managing your users and securing their work data. A business-related unmanaged account that uses a corporate email address presents two main risks to your organization:

1. No control over the lifecycle of an unmanaged user account: If an employee departs from the company, they could continue using the unmanaged account to access corporate resources (like Google Services or Apps they logged into while employed) or to incur corporate expenses.
2. Social Engineering Risk: even if you revoke access to all resources, an unmanaged account can still present a risk. Since the account uses a seemingly legitimate identity with your company’s domain, a former employee might persuade current employees or business partners to grant access to resources once more - such as a sensitive Drive file or a social network.

This former employee might exploit the unmanaged account to engage in activities that violate your organization’s interests.

‍

The solution is simple and free

Step 1: claim your domain name on Google.

As a Google Workspace administrator, you'll be able to:

• Set policies for handling conflicting accounts during user provisioning
• Invite unmanaged users to convert their accounts to managed ones within your domain

Step 2:  integrate your Google Workspace with Zygon

You'll gain visibility into all apps and accounts that were previously unmanaged. Additionally, a new identity source will be created for each user found in Google Workspace. New Apps and accounts are automatically added to  Zygon.