Earning the Google Professional Workspace Administrator role demonstrates that a person has the knowledge necessary to translate organizational goals into actual settings and rules for a company’s Google Workspace environment. Google Workspace Administrators translate corporate goals into practical practices that allow employees to collaborate, communicate, and access data in a safe and effective way. They do this by having a thorough awareness of the people, procedures, and infrastructure of their company.
If you have used Google Workspace products, you should know how practical and effective collaboration tools they are. You must be familiar with the Gmail account, which helps businesses and employees to collaborate considerably better and manage meeting calendars, document sharing, google drive, sheets, chats, and more. And, to make sure all the process happens effectively, Google Workspace Administrator plays an important role. As a result, the demand for this role is greater than ever due to the rise in remote and hybrid work environments.
So, let’s get started with the guide to assist you in getting ready for and passing the Google Professional Workspace Administrator exam.
Steps to become a Google Professional Workspace Administrator
When it comes to earning a professional-level role, the first common thing that strikes our mind is the knowledge and experience required. Having accurate skills and abilities is an important thing to have for any role. And, same goes for the Google Professional Workspace Administrator role. To get into this role, it is important to earn the GCP Workspace Administrator certification, for that you need to understand the knowledge area and experience needed for this exam.
So, let’s begin with our first step, an overview of the exam!
Step 1: GCP Workspace Administrator Exam Overview
Your ability to translate corporate goals into actual settings, rules, and security procedures related to users, content, and integrations will be enhanced by passing the Professional Google Workspace Administrator test. You will make it possible for people to collaborate, communicate, and access data in a safe and effective manner by taking into account this role’s responsibilities and utilizing your grasp of their organization’s infrastructure.
Furthermore, you will utilize instruments, programming languages, and APIs to automate activities while operating with an engineering and solutions perspective. While promoting Google Workspace and the Google toolkit, this job searches for ways to inform end users and boost operational efficiency.
Experience Needed:
- You must have 3+ years of professional experience, including 1+ years of Google Workspace (previously G Suite) administration experience, in order to qualify for the Professional Google Workspace Administrator exam.
- For Google Workspace to be implemented and used within your business, you must have expertise in managing and creating best practices.
- You should have knowledge of managing security settings, restricting service access, and managing user accounts.
- Additionally, you should be familiar with account provisioning, domain settings, domain providers, and managing users and groups inside your company’s Cloud Directory.
Exam Format:
- Exam Time Duration:
- 2 hours
- Registration fee:
- $200 (plus tax where applicable)
- Languages:
- English, Japanese
- Exam format:
- Multiple-choice and multiple select
- Exam Delivery Method:
- Online-proctored exam from a remote location.
- Onsite-proctored exam at a testing center.
Step 2: Skills Measured in the Exam
The Professional Google Workspace Administrator exam basically validates your skills and knowledge using various exam objectives. These objectives are the sources that will help you pass the exam. This works only if you are able to understand the topics. There are various sections and subsections covered in these objectives that will help you in having better preparation. They are:
Section 1: Managing objects (20%)
1.1 Managing account lifecycles by using provisioning and deprovisioning processes. Considerations include:
- Transferring ownership data to another account (Google Documentation: How to transfer file ownership)
- Provisioning users based on a process determined by an organization’s policy (for example, where to list accounts) (Google Documentation: Organization policy constraints)
- Provisioning and deprovisioning accounts, including:
- Creating, reviewing, updating, deleting accounts (CRUD [create, read, update, and delete] operations). (Google Documentation: Perform CRUD operations on a MySQL database)
- Adding users (for example, individual, bulk, and automated) (Google Documentation: Add or update multiple users from a CSV file)
- Offboarding accounts (for example, suspending, deleting, and recovering)
- Editing user attributes (for example, renaming, passwords, and aliases) (Google Documentation: Admin settings – User attributes)
- Creating administrative roles (for example, default roles, and custom roles) (Google Documentation: Create and manage custom roles)
- Revoking account access outside of a typical organizational policy (for example, security reasons and personnel issues) (Google Documentation: Revoke access to a Google Cloud project)
- Configuring, monitoring, troubleshooting, and updating lifecycle management by using Google Cloud Directory Sync (GCDS) (Google Documentation:About Google Cloud Directory Sync)
- Auditing and reviewing GCDS (for example, interpreting log data)
1.2 Configuring Google Drive. Consideration include:
- Managing the lifecycle of shared drives based on user requests and organizational policies (for example, OU [organizational unit] placements)
- Configuring shared drive permissions, given specific requirements or scenarios (Google Documentation: Set up shared drives for your organization)
- Implementing shared drive membership permissions based on organizational policies (Google Documentation: Manage data policies for specific shared drives)
- Transferring user data from one user’s drive to another drive (Google Documentation: How to transfer Drive files from one user to another)
- Applying security best practices for shared drives based on the business need (Google Documentation: Best practices and tips for shared drives)
1.3 Managing calendar and calendar resources. Considerations include:
- Creating and managing calendar resources (Google Documentation: Create buildings, features & Calendar resources)
- Managing and delegating calendar access and resources
- Managing the lifecycle of both individual and shared calendars (for example, differentiating between an individual’s calendar and a calendar resource) (Google Documentation: What is a Calendar resource?, Share room and resource calendars)
- Configuring Google video conference room options (for example, Jamboard, Google Meet) (Google Documentation: Manage Meet settings (for admins))
- Scheduling Google Meet conferences and livestream meetings or events (Google Documentation: Hold large remote events)
- Monitoring usage reports and recommending changes (Google Documentation: Monitor usage & security with reports)
- Troubleshooting calendar issues (Google Documentation: Google Workspace Known Issues)
1.4 Configuring and managing Groups for business. Considerations include:
● Configuring memberships and advanced settings, including:
○ Adding users to groups (Google Documentation: Add people to your group)
○ Implementing current Google Workspace APIs
○ Automating tasks by using Apps Script (Google Documentation: Automation quickstart)
● Using a Google group to apply membership permissions for a shared drive
● Creating specific types of Google-native groups (for example, dynamic, security, identity-mapped, and POSIX) (Google Documentation: Groups API overview)
● Implementing Google group security access controls to restrict members (Google Documentation: Control access to sensitive data with security groups)
● Troubleshooting issues in a Google group (for example, calendar invites not expanding, invites unable to be sent to a group)
Section 2: Configuring services (18%)
2.1 Implementing and managing Google Workspace configurations based on corporate policies. Considerations include:
● Assigning and configuring permissions to Google Workspace tools by using organizational units (OUs) and Google groups (Google Documentation: How the organizational structure works)
● Modifying OU policies (Google Documentation: Creating and managing organization policies)
● Implementing application and security settings according to OU inheritance and override settings in parent OUs
● Delegating granular Identify and Access Management (IAM) administrator roles and permissions to users in a domain (Google Documentation: Identity and Access Management (IAM))
● Implementing security configuration options for installing or using Google Cloud Marketplace applications or add-ons (Google Documentation: Configure Security Command Center services)
● Configuring Drive labels for data organization (Google Documentation: Create Drive labels for your organization)
● Configuring a Rapid Release or Scheduled Release for feature releases (Google Documentation: Choose when users get new features)
● Configuring Google Meet to align with corporate policies and requirements (Google Documentation: Manage Meet settings (for admins))
● Creating and configuring security and data region settings (Google Documentation: Data regions: Choose a geographic location for your data)
● Implementing security integration protocols and addressing questions and objections from users
● Managing content compliance rules (Google Documentation: Advanced filtering with Content Compliance rules)
● Investigating and remediating an issue by using Security Health Analytics check results (Google Documentation: Remediating Security Health Analytics findings)
2.2 Configuring Gmail. Considerations include:
● Configuring basic mail routing scenarios for split delivery (Google Documentation: Set up Split Delivery with Google Workspace first)
● Configuring a mail host (Google Documentation: Add mail servers for Gmail email routing)
● Configuring end-user access to Gmail by using Google Workspace Sync for Microsoft Outlook (GWSMO) or email client (for example, POP, IMAP, Thunderbird, Outlook) (Google Documentation: Set up Gmail with a third-party email client)
● Configuring POP and IMAP access to align with corporate policies and requirements (Google Documentation: Turn POP & IMAP on or off for users)
● Configuring administrator access for mail forwarding by using advanced Gmail settings (for example, compliance rules, default routing, APIs) (Google Documentation: Add Gmail Routing settings)
● Managing and understanding all available spam controls (for example, allowlist, denylist, inbound gateway, and IP allowlist) (Google Documentation: Allowlists, denylists, and approved senders)
● Enabling email delegation for an OU (Google Documentation: Delegate a user’s email address)
● Managing Gmail archives (Google Documentation: Archive former employee accounts)
Section 3: Troubleshooting (24%)
3.1 Troubleshooting mail delivery problems reported by users. Considerations include:
● Determining whether user behavior or a broader issue (for example, rules, or Cloud Data Loss Prevention [DLP]) is causing an error (Google Documentation: Use Workspace DLP to prevent data loss)
● Determining whether an issue is an expected behavior (for example, a missing attachment, or an attachment filter issue) (Google Documentation: Set up rules for basic email content filtering)
● Auditing and reviewing mail flow structure and end-user actions to determine the root cause of delivery issues (Google Documentation: About the audit and investigation tool)
● Analyzing message headers or email audit logs by using Google Workspace tools or security investigation tools (Google Documentation: About the security investigation tool)
● Recommending and/or implementing an appropriate course of action related to mail delivery issues (for example, implementing mail policy changes) (Google Documentation: Email sender guidelines)
3.2 Troubleshooting and collecting logs and reports needed to engage with the support team. Considerations include:
● Documenting steps taken by end user to reproduce an issue (Google Documentation: Manage Approvals)
● Collecting appropriate log file types (Google Documentation: Drive log events, Collect Google Workspace logs)
● Searching for known issues and application status (Google Documentation: Google Workspace Known Issues)
● Generating HAR files
3.3 Identifying, classifying, troubleshooting, and mitigating basic email attacks. Considerations Include:
● Configuring:
○ Blocked senders (Google Documentation: How to block or mark suspicious email as spam)
○ Email allowlist (Google Documentation: How to add an IP address to allowlist)
○ Objectionable content (Google Documentation: Control message delivery based on message content)
○ Phishing settings (Google Documentation: Advanced phishing and malware protection)
○ Spam settings (Google Documentation: How to customize spam settings on Google Workspace)
○ Gmail safety settings
○ Administrator quarantine (Google Documentation: Set up email quarantine)
○ Attachment compliance
○ Secure transport compliance (Google Documentation: Send email over a secure TLS connection)
● Implementing Sender Policy Framework (SPF); Domain-based Message Authentication, Reporting, and Conformance (DMARC); Mail Transfer Agent Strict Transport Security (MTA-STS); and DomainKeys Identified Mail (DKIM) to secure email transmission (Google Documentation: Help prevent spoofing and spam with DMARC, About MTA-STS and TLS reporting)
● Investigating whether custom configurations are responsible for any issues or vulnerability (for example, email allowlist and IP addresses) (Google Documentation: Allowlists, denylists, and approved senders)
● Investigating the scope of email attacks by using available Google Workspace email tools (Google Documentation: Investigate reports of malicious emails)
● Analyzing message contents for common attack patterns (for example, name, domain, and brand spoofing) (Google Documentation: Spoofing report)
● Mitigating successful attacks and preventing future attacks by using Google Workspace email tools (for example, identifying the issue and responding)
3.4 Troubleshooting Google Workspace access and performance issues. Considerations include:
● Identifying why a user is having an issue when they access a single Google application (for example, Drive) (Google Documentation: Troubleshoot shared drives for your users)
● Identifying the root cause of a performance issue when accessing a Google Workspace application (for example, a known issue, an outage, a network, or a device) (Google Documentation: Google Workspace Known Issues)
● Analyzing, evaluating, and modifying settings to ensure delivery of critical emails (for example, specific IP ranges, X-headers)
● Troubleshooting authentication issues that users reported (Google Documentation: Troubleshoot login challenges, 2-Step Verification, & sign-in issues)
● Troubleshooting issues that users reported when they set up Google Workspace on a mobile device
● Troubleshooting Google Meet video call issues from the administrator console (Google Documentation: Unable to start Google Meet sessions)
● Troubleshooting Google Meet device issues by using the administrator console (Google Documentation: Manage Meet settings (for admins))
● Troubleshooting network configuration issues to ensure high-quality meetings by using Google Meet (Google Documentation: Prepare your network for Meet meetings & live streams)
● Troubleshooting Jamboards (Google Documentation: Troubleshoot Jamboard device)
● Troubleshooting access to Google Workspace services (for example, Gmail and Drive) (Google Documentation: Troubleshoot shared drives for your users)
● Troubleshooting data visibility issues by enabling/disabling licenses or services
● Investigating access issues in applications for OUs (Google Documentation: About the security investigation tool)
● Interpreting and responding to alerts in the Alert Center API (Google Documentation: Google Workspace Alert Center API)
Section 4: Data access and authentication (24%)
4.1 Configuring policies for all devices (for example, mobile device, desktop, Chrome OS, Google Meet Hardware, Jamboard, Google Voice, and browser). Considerations include:
● Configuring:
○ Chrome user and browser policy settings (Google Documentation: How to activate user-level policies for Chrome)
○ ChromeOS device policy settings (for example, Enterprise) (Google Documentation: How to set policies for ChromeOS devices)
○ Windows 10 login and device policies (for example, Google Credential Provider for Windows (GCPW)
○ Managed Chrome browsers (for example, Chrome Browser Cloud Management) (Google Documentation: Chrome Browser Cloud Management)
○ Basic device management (Google Documentation: Set up basic mobile device management)
○ Basic and advanced device management for Android and iOS (Google Documentation: Set up advanced mobile management)
○ Company-owned device management for Android and iOS (Google Documentation: Set up company-owned iOS device management)
○ Context-aware access policies (Google Documentation: About Context-Aware Access)
○ Personal device settings for Android and iOS (for example, password, advanced, device approvals, application management, and insights) (Google Documentation: Apply settings for Android mobile devices)
● Enabling Endpoint Verification security by using BeyondCorp (Google Documentation: Endpoint Verification overview)
4.2 Configuring and implementing Gmail DLP and sharing access control lists (ACLs) based on governance policies. Considerations include:
● Identifying areas of improvement for secure collaboration based on data exfiltration reports (Google Documentation: Security checklist for medium and large businesses (100+ users))
● Scanning emails by using Gmail DLP (Google Documentation: Scan your email traffic using DLP rules)
● Implementing Gmail DLP policies to prevent the over-sharing of sensitive data
● Configuring and implementing Gmail DLP options for data classification (Google Documentation: Use Workspace DLP to prevent data loss)
● Configuring and implementing data classification settings on Drive (Google Documentation: Label Google Drive files automatically using AI classification)
● Implementing context-aware access policies based on data governance policies (Google Documentation: Protect your business with Context-Aware Access)
● Configuring settings to limit external sharing on Drive based on organizational policies (Google Documentation: Manage external sharing for your organization)
● Configuring settings to limit email delivery based on organizational policies (Google Documentation: Restrict email messages to authorized addresses or domains only)
● Configuring and implementing client-side encryption services for Drive (Google Documentation: Turn client-side encryption on or off)
4.3 Managing third-party applications. Considerations include:
● Implementing automatic releases of a browser extension to OUs within the domain (Google Documentation: Automatically install apps and extensions)
● Implementing security configuration options for installing or using Google Cloud Marketplace applications or add-ons
● Reviewing and authorizing user requests for a new Google Workspace Marketplace application, Google Play, or a Chrome extension (Google Documentation: App review process and requirements for the Google Workspace Marketplace)
● Pushing an application to a user’s phone by using Google’s mobile device management (MDM)
● Configuring Google as a Security Assertion Markup Language (SAML) provider for a third-party application (Google Documentation: Set up your own custom SAML app)
● Deploying password-vaulted apps (Google Documentation: Add apps to the password vaulted apps service)
● Deploying and restricting Google Workspace Marketplace and Google Play Store applications (Google Documentation: Set whether users can install Marketplace apps)
● Granting API access to applications (Google Documentation: Granting and revoking access to the API)
● Integrating third-party user provisions (Google Documentation: Set up third-party partner integrations)
● Integrating third-party marketplace applications to specific OUs in Google Workspace (Google Documentation: Integrate 3rd-party apps with Google Workspace)
● Managing access to additional Google services (for example, AdSense and YouTube) for a specific set of users
● Revoking third-party author access
● Removing connected applications and sites (Google Documentation: Authorization for Google Services)
4.4 Configuring user authentication. Considerations include:
● Configuring:
○ 2-step Verification for the administrator and high-risk accounts (for example, requiring a physical key or not allowing SMS) (Google Documentation: Deploy 2-Step Verification)
○ 2-step Verification for low-risk and standard accounts (for example, Google Authenticator) (Google Documentation: Protect your business with 2-Step Verification)
○ Google-side connection to third-party single sign-on (SSO) providers
○ Google Multi-IdP options for SSO
○ Basic SAML SSO configuration for third-party application authentication when Google is the SSO provider (Google Documentation: Set up SSO for your organization)
○ Third-party SSO for Google Workspace
○ Access control based on the use of the security functionality within API Controls (Google Documentation: Control API access with domain-wide delegation)
○ Google session control based on a company’s legal policies (Google Documentation: Set session length for Google services)
● Implementing basic user security controls (for example, password length enforcement) (Google Documentation: Enforce and monitor password requirements for users)
● Implementing security aspects of identity management, perimeter security, and data protection
Section 5: Supporting business initiatives (14%)
5.1 Using Vault to support legal initiatives. Considerations Include:
● Configuring retention rules based legal security policies (for example, setting retention rules, placing legal holds, exporting data for additional processing and review, auditing reports, and searching a domain’s data by user account, OU, date, or keyword) (Google Documentation: How retention works, Manage retention rules and holds)
● Assisting with or creating:
○ Legal matters to hold data (Google Documentation: Place Drive, Meet, and Sites data on hold)
○ Export matter content (data) for analysis (Google Documentation: Get started with Vault search and export)
○ Delegation protocols for Vault access (Google Documentation: Set up Vault privileges)
○ Google Workspace content by using Vault (searching)
○ Legal holds for Google Workspace content by using Vault
○ Vault audit reports (running) (Google Documentation: Vault log events)
5.2 Creating and interpreting reports for the business. Considerations include:
● Generating and interpreting user adoption reports (for example, Work Insights) (Google Documentation: Understand users’ Google Workspace adoption)
● Investigating issues by using the Alert Center (Google Documentation: About the alert center)
● Investigating and monitoring a service outage for a specific Google Workspace application (Google Documentation: Check the status of a Google Workspace service)
● Investigating issues by using data objects and metrics available within activity reports (Google Documentation: Monitor usage & security with reports)
● Configuring group alerts triggered by a specific event (Google Documentation: Configure alert center email notifications)
● Creating and reviewing audit logs (Google Documentation: Audit Logging)
● Using BigQuery to combine multiple Google Workspace logs and usage reports to provide actionable insights (Google Documentation: About reporting logs and BigQuery)
5.3 Supporting data import and export. Considerations include:
● Assisting with off-boarding employees and transferring data (for example, Drive, Calendar, and Google Data Studio)
● Migrating Gmail data between Google Workspace accounts (Google Documentation: Migrate email with the data migration service)
● Exporting data from Google Workspace offline or to other platforms (Google Documentation: Export all your organization’s data)
Step 3: Use the Google Official Learning Paths
In order to assist you in preparing for the Professional Google Workspace Administrator test, the learning path guides you through a number of courses. Furthermore, this learning path leads you through a hand-picked selection of on-demand classes, labs, and skill badges that provide you with practical, hands-on practice with Google Cloud technologies necessary for the Workspace Admin role.
– Google Cloud Hands-on Labs
https://www.cloudskillsboost.google/focuses/2794?parent=catalog
You will start using Google Cloud in this introductory lab by acquiring practical experience with the Cloud Console. You will learn about the specifics of the lab environment in addition to identifying major Google Cloud capabilities. Furthermore, you will get knowledge of the following in this lab:
The ability to recognize fundamental elements of a lab setting, as well as the laboratories platform
- How to use special credentials to access the Cloud Console.
- Identify typical misunderstandings about Google Cloud projects.
- How to identify different Google Cloud service types using the Google Cloud Navigation menu.
- Examining the activities available to certain users using the Cloud IAM service.
- The API library, and consider its key components.
– Introduction to Google Workspace Administration
https://www.cloudskillsboost.google/course_templates/90
Any new Google Workspace administrator will use this series as a starting point as they go on their journey to manage and build Google Workspace best practices for their organization. Learners can expect to complete this course with all the knowledge they need to begin as Google Workspace administrators after a series of readings, detailed hands-on activities, and knowledge tests.
You will register for a Google Workspace account and set up your DNS records for Google Workspace in this course. And, discover how to set up and manage users, as well as how to make groups and calendar resources for your company. Your Cloud Directory will be explained to you, and you’ll discover how to divide your business into organizational units to make user and service administration simpler. Finally, you’ll discover how to grant other users in your company administrative rights.
– Managing Google Workspace
https://www.cloudskillsboost.google/course_templates/92
The primary services of Google Workspace, including Gmail, Calendar, Drive & Docs, are the subject of this course. You will become familiar with the different service options and discover how to make them available to all of your users or a specific group of them. You will learn more about Google Vault, their ediscovery service and you will be able to search and filter the data in the many reports that are available in the admin panel. Last but not least, you will discover how Google Workspace can be utilized with various domains and discover how to add a new domain to your account.
– Google Workspace Security
https://www.cloudskillsboost.google/course_templates/48
The several features of Google Workspace Security, such as user password restrictions and how to set up and enforce two-step verification (2SV) for your users, will be the main topics of this course. Application security will be covered, and you’ll learn how to whitelist and prohibit API access to your account. You’ll learn how a variety of preset third-party apps may be quickly and simply linked with Google Workspace. You will also learn about Google Workspace’s SSO choices. Lastly, you will learn how to identify possible security issues inside your company and how to mitigate them by utilizing the admin console’s features.
– Google Workspace Mail Management
https://www.cloudskillsboost.google/course_templates/91
You will learn how to defend your business from spam, spoofing, phishing, and malware threats in this course. You will set up email compliance and become familiar with data loss prevention (DLP) implementation for your company. Furthermore, you will learn how to whitelist and prohibit senders as well as comprehend the mail routing choices that are accessible. Other mail features including inbound and outbound gateways, third-party email archiving, and journaling to Vault will also become known to you.
– Planning for a Google Workspace Deployment
https://www.cloudskillsboost.google/course_templates/93
You will learn about Google’s deployment process and best practices in this course. You will see Katelyn and Marcus prepare Cymbal for the implementation of Google Workspace. The key technical project areas of provisioning, mail flow, data migration, and coexistence will be their main areas of concentration, and they will think about the optimum deployment approach for each area.
You will also learn about the significance of change management in a Google Workspace deployment, which makes sure that users move to Google Workspace without any difficulty and benefit from work transformation.
Step 4: Make use of Additional Resources
The more study resources you have, the more prepared you will be to pass the Professional Google Workspace Administrator certification exam. To put it another way, you should prioritize strengthening your fundamental knowledge if you want a successful rewrite. However, the following sources are worth looking into:
Step 5: Use practice tests to evaluate your performance.
You can discover your weak points and improve by taking Professional Google Workspace Administrator certification exam practice tests. By evaluating yourself using these exams, you will also be able to determine your areas of strength and weakness. Additionally, you’ll be able to speed up your answering, which will save you time. But when you’ve covered one entire topic, it’s best to start administering practice tests.
Exam Tips:
- Set the date of your exam in advance and schedule your study and preparation time accordingly,
- When registering, choose whether you want to take the test in a nearby testing facility or remotely.
- Examine the test guide to see if/how your present knowledge corresponds to the exam’s topic.
- Complete the hands-on labs, quests, and courses in the Google Workspace Administrator learning path.
- Examine the practice test questions to become familiar with the format of the exam questions and examples of topics that could be examined. Utilize the practice exams to evaluate your knowledge, then go over any sections you missed again.
- Pass the test by completing it. Explore various positions using the value of your credentials. Such as IT systems administrator, cloud solutions engineer, collaboration engineer, systems engineer, etc.
