Configure Google Workspace for Nonprofit
Each section in this guide will walk you through how to configure Google Workspace for your organization, ensuring security and access to critical features.
🏁 Prerequisites
Once your nonprofit has been approved for nonprofit licensing, you can continue through this process. You can verify your organization's nonprofit status with Google using this guide.
Almost all of the settings mentioned in this guide are located in the Google Workspace admin portal, located at https://admin.google.com. An administrator account is required to change these settings.
🌐 DNS Setup
Verify the domain and enable email
Navigate to Account > Domains > Manage Domains > Add a domain - https://admin.google.com/ac/domains/manage
Enter the domain name and continue through the guided steps. They will add you to add a TXT record to your DNS host that looks something like this:
Add the record to your DNS host and continue through the wizard. When prompted, add the MX records to your DNS
Add the correct MX record in the public DNS to complete the setup. Your domain is now email-enabled! In the next sections, we'll make sure it's secure.
Enable SPF for email security
To enable SPF, all you need to do is add TXT record in you DNS host. Craft the SPF record using this article.
If you don't have any other services that send email on your domain, you SPF record will look like this:
After you publish the SPF record, no further action is required.
Enable DKIM for email security
Enable DKIM on all email domains using this linked process. Make sure to add the correct DKIM record to the public DNS: https://support.google.com/a/answer/180504?hl=en
You must wait 24 to 72 hours after enabling Gmail with a registered domain before you can create a DKIM record. Google does this to prevent its platform from being used for spam.
Changes to DNS take time, be sure to enable DKIM at the end of business hours to avoid disruption of email flow.
📧 Email Setup
Set up any shared mailboxes (collaborative inbox from Google Groups) that will be needed and delegate them to the appropriate users.
Migrate any email from other platforms or personal accounts into Google Workspace. If needed, use Google's guide to assist with moving data from other platforms.
Finally, configure email filtering settings using this guide:
💾 Setup Storage (Google Drive)
Setup Shared Drives and Access
Enable Shared Drives: Go to Apps < Google Workspace < Drive and Docs < Manage Shared Drives > Enable shared drives for all users
Setup any Shared drives that will be needed within your organization and delegate them to users.
Enable Migration of Files to Google Drive: Apps < Google Workspace < Drive and Docs < Migration Settings < Enable the movement of files from non-owned files to the org
Remove storage limits for users: Go to Storage < Manage < User Storage Limit < Turn OFF. This allows user drives and email mailboxes to expand as needed.
Migrate Data to Google Drive
Migrate any email from other platforms or personal accounts into Google Workspace. If needed, use Google's guide to assist with moving data from other platforms.
🔑 Security Settings
Ensure that multifactor authentication is enforced across the entire org using this guide:
Password settings should be adjusted under Security < Password Management
Check the box called Enforce strong password, and set the minimum length to 14 characters.
Set password expiration to Never expires
Enable Login Challenges should be enabled under Security < Authentication < Login Challenges. Under Post-SSO Verification, select both radio buttons that say Ask users for additional verifications.
Disable less secure apps: Navigate to Security < Access and data control < Less secure apps. Check the radio button that says Disable access to less secure apps (Recommended)
Change third-party app settings by navigating to Security < Access and data control < API Controls < Settings < Unconfigured third-party apps. We recommend the choice called "Allow users to access third-party apps that only request basic info needed for Sign in with Google." We recommend not leaving it on the default setting, which leaves your organization vulnerable to phishing and OAuth attacks using third-party apps.
Enable Google Cloud Data Sharing: Navigate to Account settings < Legal & Compliance, and mark Google Cloud Platform Sharing Options as Enabled.
Enable Conflicting Accounts Management: Navigate to Account settings < Conflicting accounts management, then select 'Automatically invite users to transfer conflicting unmanaged accounts to managed ones' and set the 'Send daily follow-up emails for' to 2 weeks. Select the sub option for Replace their conflicting account with a managed one
📖 Directory Settings
We recommend the following settings Directory settings for Google Workspace:
Setting Location with Link | Instructions |
---|---|
Directory < Directory Settings < Sharing Settings < Contact Sharing | Choose: - Show all email addresses AND - Show both domain profiles and domain shared contacts |
Directory < Directory Settings < Sharing Settings < External Directory sharing | Choose Authenticated user basic profile fields |
Choose All users |
🎨 Personalization
Upload your organization's logo by navigating to Account < Account settings < Personalization and upload the logo. https://admin.google.com/ac/accountsettings
Last updated