Google Workspace
While Google Workspace has long since gone to a paid-only model, the pricing for the starter version is reasonable at $6/month (I don’t count Workspace Essentials as it lacks some basic functionality like Gmail. For $7/month you can have most of the features available to a standard system administrator for a single email. But this is Google, you’ll want to keep around your personal account for a variety of reasons I’ll get into below.
User Management
Learning how organizations manage users is a useful skill to learn. I was able to pick it up pretty rapidly, but using Workspace to understand what administrators can, and cannot, see can be enlightening. Explore the audit tools to see if your account was hacked. Play with Android’s Work Profile functionality (but be careful, you can only have one). Learn what it takes to manage an email server, and check out the logs to see what you can do. Setup internal mailing lists via Groups, so mail from shared accounts can be routed to all users of the account.
The Apps
You get all your favorite Google apps with Workspace. Meet, Calendar, Drive, and, of course, Gmail. Why pay for what you can get for free? Because they’re tied to your actual email address. I’ve had the eBower domain since 1998, back when changing ISPs or moving house meant a new email address and I wanted something permanent. However, now I’m in a weird state since people sending a calendar invite, document share, or Meet request to my @ebower.com address often need to understand that my personal Gmail address is the one that really needs access. Now they can send an invite to me directly and everything is seamless.
Federated Authentication
More importantly, my personal Gmail address is all over the place now. Federated login makes it much easier to rely on Google to provide authentication and most services I prefer not to have a dedicated password sitting around someplace. This means that some services are tied to my Gmail address while others to my forwarded personal email address - it makes account management difficult at best. More importantly, it gives me yet another datapoint to check against since new SaaS offerings without a federated login button are a tough sell due to increased friction on signup.
SAML Authentication
As someone who creates a lot of web applications, I never want to store passwords locally - even hashed. Federated login is great for anything that needs to have public access, but for stuff built only for myself I can use SAML to create an app that lives in my Workspace and can control access. This also gives me a chance to experiment with actual Enterprise-level authentication, creating groups to control access within an organization, applying specific permission sets based on those groups, and even self-provisioning users based on their memberships.
Limitations of Google Workspace
Despite all the benefits that could come with offering a paid personal Google service with better tooling, Workspace is designed for businesses. As such, Workspace members are often let down when it comes to certain functionality and I won’t be giving up my personal Gmail any time soon.
Google Takeout
Google Takeout is great, it allows you to have a single stop to download all of your Google content to do with as you please. But it’s only half of a feature, there is no import functionality. For example, if I wanted to move my decades of legacy email from one Gmail account to another I'd likely need to setup and configure a third-party client like Thunderbird and move stuff over manually. Most of my purchases will continue to ride with my personal account until Takeout adds a feature to simply associate content with my personal Gmail address with my Workspace address.
Many Services Don’t Work
Google Workspace members can’t be invited into a Family group. I have not been able to invite my Workspace email into my Home account. In order to consolidate purchase history, I have not attempted to buy anything using my Workspace account, nor even setup Wallet. Essentially, Workspace is my sandbox to maintain my admin skills, but I’ve run into too many roadblocks to make it my primary Google account.
Email Routing
My email routing is a bit of a mess. In order to have a proper system, I’d need everyone with an eBower email as a member of the Workspace and to migrate their personal Gmail data over. This is time-consuming, plus adds to my monthly bill for a feature my family doesn’t really care about. As such, my MX records (DNS entries that tell servers where to send my email) points to CloudFlare’s mail forwarding servers. From there, I use a secret second email address that always gets configured on the {{your-domain}}.test-google-a.com address to route it to Google’s servers instead of forwarding it to my Gmail account. Outgoing mail for Workspace is easy and “just works,” but outgoing mail for my Gmail account keeps changing as bandages get applied to the fundamentally broken email protocols. Now I need to use Brevo - a free email marketing service, to send emails from Gmail as my eBower address. Switching everything to Workspace has benefits here in simplified outbound and inbound routing (by bypassing the CloudFlare forwarding), but it does mean spending a lot more per month than it’s worth at the moment.
Per-User Pricing
I currently pay $2/month for extra storage on my personal account. However, most SaaS services don’t have per-user tiered pricing so if I needed to upgrade the storage on my Workspace account I’d have a bigger bill per user. It does work well in some cases, the data is pooled across users so you’re less likely to need an upgrade, but the calculations are quite different when only one user needs a feature and you need to buy it for every user.
Summary
If you’ve never managed a corporate suite like this but have a reasonable understanding of DNS, it’s definitely worth signing up for a free trial. For me, the experiments I want to run and the solutions I need to provide to clients make this an invaluable toolset to explore. And it increases my visibility into attempts to authenticate against my Workspace email to overall improve my security posture.