Notification

Learn about Meet Client-side Encryption (CSE)

To protect your information, Meet always encrypts call media in transit and at rest. Call media can only be decrypted by the meeting participants and Google's data center services for Meet.

Client-side encryption adds an additional encryption layer for privacy and only shares that session key with:

  • meeting participants
  • the key service of the meeting host organization (as CSE is used with an IdP/key service infrastructure)

With CSE, all media is encrypted by each participant's browser using keys only made available to the participants. Only the meeting participants can decrypt the call media while it remains unreadable to Google's servers or any other service provider.

To use CSE, your admin must connect Google Workspace to an external identity provider and encryption key service (IdP+key service). Learn how admins manage CSE for your organization.

Learn about CSE requirements in a video meeting

Important:

CSE is available in these Google Workspace editions:

  • Enterprise Plus
  • Education Standard
  • Education Plus

Your Google Workspace administrator who manages Google Meet for your organization must first set up CSE for your organization.

Learn how CSE works in meetings

You can join a CSE meeting the same way you join a non-CSE meeting. For CSE meetings, participants can’t join until the host or a co-host assigned by the organizer has joined. Participants that join before the host get a black screen with the words “waiting for the host to join”.

Learn about unavailable functions in CSE meetings

Due to the extra layer of privacy, these functions are not available in CSE meetings:

  • Abuse reporting
  • Adaptive Audio
  • Add-ons
  • Noise cancellation
  • Recordings
  • Live streams
  • Use a phone for audio
  • Add people by phone
  • Captions
  • Polls
  • Q&A
  • Jamboard
  • Share joining info
  • Interoperability through a 3rd party gateway
  • In Host controls, turn on Everyone is a viewer.

Learn how to invite a participant to a CSE meeting

If your admin configures CSE for external access, you can invite external participants regardless of whether they use Google Workspace or not. Your CSE call's level of privacy with external participants remains as high as it would be with only internal participants, and session keys are never shared with Google. Learn how admins manage CSE for external access.

Due to authentication requirements, participants must be invited to join a meeting. Participants can no longer knock to join a meeting.

A participant can enter a CSE meeting if the host sends an invitation:

Create an encrypted event in Google Calendar

Important: You can only add CSE when you create an event.

  1. On your iPhone or iPad, open the Google Calendar app Calendar.
  2. Tap Create Insert and then Event Event.
  3. Tap Add encryption and then Add encryption.
    • You may get a pop-up to authenticate with your IdP.
    • Tip: Always turn on CSE before you enter any event details. When you turn on CSE, event descriptions and unencrypted attachments are reset.
  4. Add event details like:
  5. Tap Save.

Find out if CSE is turned on for a meeting

Important: Only hosts can add CSE to their meetings.

So you know when CSE is on, a shield appears.

Before the meeting, the shield appears:

  • Next to the “Join with Google Meet” button in a Google Calendar invite.
  • Next to the meeting on your agenda at meet.google.com or in the Meet app .

During the meeting, the shield appears at the top left hand corner of the meeting window.

Search
Clear search
Close search
Google apps
Main menu
12323454650800211678
true
Search Help Center
true
true
true
true
true
713370
false
false