Create an Admin Role for Gmail Integration

To manage Google users, Workspace ONE requires a Gmail administrator account with specific privileges. Either a super user account or an administrator account with specific privileges can be used.

To create a custom set of admin permissions:

Note:

1. If you choose to use a super admin account, skip to step 5.

2. Use a service account if you do not want Workspace ONE to change or revoke the admin password from the Google console.

  1. Log into your Google dashboard and navigate to Admin Roles.

    creating role

  2. Select Create A NEW ROLE. The Create New Role form displays.

    creating role 1

  3. Enter the Name and Description for the role, and then select Create.

    creating role 2

  4. On the Privileges tab, select the privileges for the new role. The required privileges include:
    • Admin console Privileges

      • Organization Units - Read
      • Users - Read
      • Update - Rename users, Move users, Reset Password, Force Password, Add or Remove Aliases, Suspend Users
    • Admin API Privileges
      • Organization Units - Read
      • Users - Read
      • Update - Rename users, Move users, Reset Password, Force Password, Add/Remove Aliases, Suspend Users

    creating role 3

  5. Select Save.
  6. Select the Admins tab and then Assign admins to assign the created role to an administrator and then select Confirm Assignment.

    creating role 5