To manage Google users, Workspace ONE requires a Gmail administrator account with specific privileges. Either a super user account or an administrator account with specific privileges can be used.

Note: 1. If you choose to use a super admin account, skip to step 5. 2. Use a service account if you do not want Workspace ONE to change or revoke the admin password from the Google console.

Procedure

  1. Log into your Google dashboard and navigate to Admin Roles.
    Google Admin
  2. Select Create A NEW ROLE.
    The Create New Role form displays. Create A New Role
  3. Enter the Name and Description for the role, and then select Create.
    Create New Role
  4. On the Privileges tab, select the privileges for the new role.
    The required privileges include:
    • Admin console Privileges

      • Organization Units - Read
      • Users - Read
      • Update - Rename users, Move users, Reset Password, Force Password, Add or Remove Aliases, Suspend Users
      • Security - To allow an admin with a custom role to revoke G tokens, enable the User Security Management on both Admin console privileges and Admin API privileges.
    • Admin API Privileges
      • Organization Units - Read
      • Users - Read
      • Update - Rename users, Move users, Reset Password, Force Password, Add/Remove Aliases, Suspend Users
      • Groups - To allow an admin with a custom role to revoke G tokens, enable the User Security Management on both Admin console privileges and Admin API privileges.
  5. Select Save.
  6. Select the Admins tab and then Assign admins to assign the created role to an administrator and then select Confirm Assignment.
    Assign Admin Roles