1

I get the error "Groups are not allowed to be added to this role." when I try to add a Google Group in my Cloud Identity domain as a Super Admin (through admin.google.com).

Is there anyway to provide super admin roles to a group of users rather than on individual users?

Thanks.

3thanZ
  • 133
  • 1
  • 1
  • 4
  • I am not really sure if it is possible, but it is written in this [post from support](https://support.google.com/a/answer/2405986) that the recommended super user should only be 2 individual user and having more that 3 super user limits all your administrators' options for password recovery. – MαπμQμαπkγVπ.0 Nov 21 '18 at 10:45

1 Answers1

0

Basically you cannot create a Super Admin group, and there is a reason:

Super admin accounts have irrevocable administrative permissions that we do not recommended using in the day-to-day administration of your organization.

Indeed, this does not really fit with a group-based policy. Super admin accounts must be managed with direct ownership and countable.

The best practice advised by Google is the one as follows:

Create a new email address that is not specific to a particular user as the G Suite or Cloud Identity super admin account. This account should be further secured with multi-factor authentication, and could be used as an emergency recovery tool.

Disclaimer: Comments and opinions are my own and not the views of my employer.

vdenotaris
  • 13,297
  • 26
  • 81
  • 132