Configure Google Workspace for Nonprofit

Each section in this guide will walk you through how to configure Google Workspace for your organization, ensuring security and access to critical features.

🏁 Prerequisites

Once your nonprofit has been approved for nonprofit licensing, you can continue through this process. You can verify your organization's nonprofit status with Google using this guide .

Almost all of the settings mentioned in this guide are located in the Google Workspace admin portal, located at https://admin.google.com. An administrator account is required to change these settings.

🌐 DNS Setup

Verify the domain and enable email

Navigate to Account > Domains > Manage Domains > Add a domain - https://admin.google.com/ac/domains/manage
Enter the domain name and continue through the guided steps. They will add you to add a TXT record to your DNS host that looks something like this:

google-site-verification=mzch0RoooBunchOfLettersAndNumbersjJKmd4e4

Add the record to your DNS host and continue through the wizard. When prompted, add the MX records to your DNS
Add the correct MX record in the public DNS to complete the setup. Your domain is now email-enabled! In the next sections, we'll make sure it's secure.

Enable SPF for email security

To enable SPF, all you need to do is add TXT record in you DNS host. Craft the SPF record using this article.
If you don't have any other services that send email on your domain, you SPF record will look like this:

v=spf1 include:_spf.google.com ~all

After you publish the SPF record, no further action is required.

Enable DKIM for email security

Enable DKIM on all email domains using this linked process. Make sure to add the correct DKIM record to the public DNS: https://support.google.com/a/answer/180504?hl=en
- You must wait 24 to 72 hours after enabling Gmail with a registered domain before you can create a DKIM record. Google does this to prevent its platform from being used for spam.
- Changes to DNS take time, be sure to enable DKIM at the end of business hours to avoid disruption of email flow.

📧 Email Setup

Set up any shared mailboxes (collaborative inbox from Google Groups) that will be needed and delegate them to the appropriate users.
Migrate any email from other platforms or personal accounts into Google Workspace. If needed, use Google's guide to assist with moving data from other platforms.
Finally, configure email filtering settings using this guide:

pageConfigure Email Protection Settings in Google Workspace

💾 Setup Storage (Google Drive)

Setup Shared Drives and Access

Enable Shared Drives: Go to Apps < Google Workspace < Drive and Docs < Manage Shared Drives > Enable shared drives for all users
Setup any Shared drives that will be needed within your organization and delegate them to users.
Enable Migration of Files to Google Drive: Apps < Google Workspace < Drive and Docs < Migration Settings < Enable the movement of files from non-owned files to the org
Remove storage limits for users: Go to Storage < Manage < User Storage Limit < Turn OFF. This allows user drives and email mailboxes to expand as needed.

Migrate Data to Google Drive

Migrate any email from other platforms or personal accounts into Google Workspace. If needed, use Google's guide to assist with moving data from other platforms.

🔑 Security Settings

Ensure that multifactor authentication is enforced across the entire org using this guide:

pageEnabling Multi-factor Authentication (MFA) Enforcement in Google Workspace

Password settings should be adjusted under Security < Password Management
- Check the box called Enforce strong password, and set the minimum length to 14 characters.
- Set password expiration to Never expires
Enable Login Challenges should be enabled under Security < Authentication < Login Challenges. Under Post-SSO Verification, select the radio button that says Ask users for additional verifications.
Disable less secure apps: Navigate to Security < Access and data control < Less secure apps. Check the radio button that says Disable access to less secure apps (Recommended)
Change third-party app settings by navigating to Security < Access and data control < API Controls < Settings < Unconfigured third-party apps. We recommend the choice called "Allow users to access third-party apps that only request basic info needed for Sign in with Google." We recommend not leaving it on the default setting, which leaves your organization vulnerable to phishing and OAuth attacks using third-party apps.

🎨 Personalization

Upload your organization's logo by navigating to Account < Account settings < Personalization and upload the logo. https://admin.google.com/ac/accountsettings

PreviousHow to Apply for FREE Nonprofit Google Workspace Services NextConfigure Email Protection Settings in Google Workspace

Last updated 1 month ago