Please visit the new updated version of this guide here.

The purpose of this guide is to provide a quick and easy overview on the possible ways to setup a Google Apps for Education account.

The areas of focus will be:

1. Overview of Best practices for Domain Design, Organizational Structure, and SSO

A brief overview of our Best Practices. We recommend you read through this document in its entirety to get a head start on your Google Apps deployment.

2. Domain Setup Options

There are three options for domain setup, and depending on your unique environment you will need to decide on one of them.

3. Provisioning Users and Groups

We will highlight the ways to create users in addition to groups and how you can request one of our provisioning partners to do this for you.

4. Organizational Unit (OU) Structure

Organizational Units provide the way to control which applications, services, settings and device policies are available to users. Through good OU design, you will be able to simply and efficiently set up different services and policies for different groups of users.

5. Online Resources

        This section includes links to our online resources and tools to give you more information.

Please note: Additional technical resources on deploying Google Apps and Chromebooks, as well as Networking best practices can be found on at deployment.googleapps.com.

1. Best practices for Domain Setup, Provisioning, and OU structure

Review Google Apps for Education Privacy Notice

We recommend you review the Google Apps for Education Privacy Notice for information on how Google collects and uses information from Google Apps for Education accounts specifically. You can also visit the Google for Education Trust site for answers to Frequently Asked Questions (FAQ).

Work with a Partner

Partners make life easier. They have the experience and expertise in deploying Google Apps and can reduce the time to deploy by months! We strongly recommend working with our partners.

Use a single Google Apps account if you have multiple domains

If you have separate domains, we recommend managing these in a single Google Apps account (managed through one Admin console). We call this Multiple Domain management. We don’t recommend creating separate Google Apps accounts for each domain as this limits sharing capabilities. It is also a manual, time consuming and unsupported process to merge Google Apps accounts in the future. Obviously there are some limitations of the managing multiple domains for one account, which are listed here.  

OU structure is important

You will control all of your domain’s services via OUs. A simple way to structure OU is by Schools (if you are a district) and also Grade levels - examples are shown here.  You should decide on an OU structure which is scalable and relevant for you.

Share using Google Groups

It’s important that you create a logical OU structure, but sharing is completed through Google Groups. If you are going to be sharing within classes, then you can create Google groups which contain class members. The administrator can solely be in charge of creating Groups or you can set more granular controls and enable users to also create their own groups through Google Groups for Business.

Synchronize your LDAP structure to Google Apps OUs

If you have an LDAP server, it may be useful to map the existing OU structure into Google Apps using GADS .This simplifies the management of both environments and gives you more time to focus on other things.

Integrate your SIS or LMS with one of our partners

When provisioning Google Apps accounts, it can be time consuming to export users from a legacy environment and then import them to Google Apps. There are partners who can collect all this information, put it in the cloud, and keep it up-to-date for your users. Partners such as Clever and Learnsprout offer these and work with the majority of SIS/LMS systems in the US.

2. Domain Setup Options

There are 3 options to configure your users’ Google Apps accounts with your domain(s).

Google Apps Domain Design Comparison

This following is an overview of the capabilities of each domain design option. Please make sure you also review the Multidomain Limitations and FAQ. This should be used as a guide to help you decide which option is best for your environment.

More information on these can be found in the Managing Multiple Domains with Google Apps Guide.

Please note: You cannot restrict sharing to the users in a single domain. Sharing options are based on the organization as a whole, not individual domains. It is also not possible to share document between separate Google Apps accounts via ‘Trusted domains’. A common setup example is separate Google Apps accounts for students and faculty. This is why we recommend a single Google Apps account for each student and faculty member.

Be aware that it is a manual process and time consuming to merge Google Apps accounts after you have created separate ones.  Please contact one of our partners if you require third-party assistance with this.

3. Provisioning Users and Groups

Creating users and Groups is one of the first things you will do after settings up your account.

Provisioning Users and Groups:

There are multiple ways to create users and Groups in Google Apps:

1. Add users and groups individually through the Admin console (manual process)
2. Add many users at once  through a userlist (.csv file upload) in the Admin console
3. Synchronizing and creating users and groups from your LDAP automatically in Google Apps (recommended if you use an LDAP)
4. Provisioning with partners (Clever or Learn Sprout) who can place your SIS in the cloud and then create users in Google Apps (recommended)
5. Create your own provisioning application using the Google Apps Directory API

Please Note: We recommend that you enter the Admin or Help desk contact information for end user password recovery, so users can contact the right team in case of any login issues, it only takes 1minute! See this article for the specific steps.

4. Organizational Unit (OU) Structure

Create an organizational structure to control which settings and device policies are available to users. A well-designed OU structure is critical to effectively and flexibly manage your Google Apps account.

Single School or University

This option involves simply creating OUs for the major groups of users who may have different services or settings enabled. You can also create sub-OUs to further organize your users, such as organizing them by Years or Subjects.  We also recommend you create a Google Group for each Year or Subject so that you can share Google Docs and other items via the Google Group.

5. Online Resources

Below is a list of the links used in each section, as well as additional resources.

Best practices for Domain Design, Organizational Structure and SSO

• Limitations of Multiple domains
• Google Apps Directory Sync (GADS)
• Google apps Password Sync
• Provisioning Partners - Clever and Learnsprout
• Partner Search

Domain Setup Options

• What is a domain?
• Managing multiple domains
• Add domains and domain aliases

Provisioning Users

• Options for adding users
• Upload many users at once
• Admin SDK
• Creating Groups
• Directory API (new)

Organizational Unit (OU) Structure

• Control which applications and services are available to users.
• Configure the available services differently for different sets of users.
• Configure different Chrome OS device settings for different sets of devices.
• Google Groups and Google Groups for Business
• Sharing with a Group

Single Sign-On (SSO)

• SAML Single Sign-On (SSO) Service for Google Apps
• SSO (Single Sign On)
• Open ID - using Google Apps as the IdP

Additional Guides and websites

• Google Apps Technical Transition Guide
• Chromebook Technical Planning Guide
• Going Google Guide
• http://learn.googleapps.com
• https://apps.google.com/setup/
• Administrator Guide to Accessibility
• Google for Education Trust Website
• Google Apps for Education Privacy Notice