Improve your Google Workspace security by adding a Super Admin account

A comprehensive guide to improving your small business Google Workspace security by setting up a separate Super Administrator account

Cartoon image of an eye peering through a hole depicting cybersecurity

When you sign up to Google Workspace, you are automatically assigned the ‘Super Admin’ role. That means you have access to all features in the Admin console and can manage every aspect of your organisation’s account.

Super administrators also have full access to all users’ calendars and event details. 

Which is great right? After all, you’re the owner of this small business and you might even be the sole employee (hello to all the sole traders and solopreneurs out there!); so you should definitely have all the rights and privileges that the Super Admin role gives you.

Except.

Google itself, in its Security best practices for administrator accounts states that a super admin account should not be used for daily activities and that staying signed in to a super admin account when you aren’t doing specific administrative tasks can increase exposure to phishing attacks. 

So, each super administrator should also have a separate ‘regular user’ account that they use for day-to-day activities.  For example, if Deepti is a super admin, she should have one identifiable admin account and one user account: 

Deepti should then sign in to her super admin account as needed to do specific tasks and then sign out on completion.

But it’s pretty difficult to NOT be signed in as a Super Admin if you only have the one login to Google Workspace – i.e the one that was created when you initially signed up for Google Workspace!

So what should you do to improve the security of your Google Workspace setup?

Well you should definitely create a separate user account to be the super-admin rather than continuing to use your regular user account! To do that though there’s four steps you need to undertake:

  • Sign up to Google Cloud identity Free
  • Create a new user
  • Add recovery information for this new user
  • Transfer the Super Admin role to that user and remove it from your current account.

By the way although there’s only four steps the process can be quite long when written out in full. If you prefer, you can access a PDF of this process from this link.

But why do I need to sign up to Google Cloud Identity? (And what is it??)

Let’s start with the second question first.

What is Google Cloud identity?

Cloud Identity is an Identity as a Service – basically it is a separate user who can have certain roles and accesses within Google Workspace but is not perhaps a physical employee. For our purposes we’ll be creating a Google Cloud Identity Free user which brings us back to the first question…

Why do I need to create a Google Cloud Identity Free user?

Ok, the reason for doing this is to essentially save money! Each user you add to Google Workspace is an additional licence cost, and when you’re the only employee it just doesn’t make sense to pay for an additional user – when that ‘user’ is actually just you signing in under a different guise!

Even as a small business owner with more than one employee, if you can save money on user licenses why not? 

Bear in mind that a Google Cloud Identity Free user is free precisely because they don’t have access to all services, such as Gmail, Google Calendar, and Google Sites. However, they can still access Google Drive, Docs, Sheets, Slides, Keep, Meet and act as an Administrator (which is exactly what we want).

Right, so let’s get on with creating this pseudo-user!

First step: Sign up to Google Cloud Identity

  1. Go to https://admin.google.com/ac/billing/catalog
  2. Click on Cloud Identity in the left hand side menu
2SOmhGFNe2awWjMl7w2HEDiFfXbQYnmrOh S2heGJmMg 2VfuZ141WOa4DGSNOGmnpc0A54p Y g wQv1QjbkXaHk WK5MMkquFlu6IBRYt30MICKPp0SB82XQaqVqslKLonPLkp
  1. Then click on Get Started under Cloud Identity Free
ay yGVAhYboA7sRjdY5R9VqAkZELSJjPxzW5JJWkFpR0rIW 8ZoDPQABNuILDdi33khZ zXbmYGBIyIQ9fJGGm6QOXMSCHpgpv4Cohc0p JnuTxXu4CqHRvB DZoxvX QkBmfnN
  1. Click on Get Started again
  2. Click on Checkout.
  3. Click on Place Order

You’ll now see confirmation of your ‘purchase’ and some interesting wording regarding reviewing your auto-licensing settings.

UEaW5n9n9i8h4owBH y1FG1WLIAX BN POtcr7Xtlx69jAnMbqnC7PSRg3rfeAEsYR8 nilxIAAwp4YzFcirNnT Rh8EeGUnOVP9rbcWT KbygrkCThtfGJhgpSRJ87GK9B4l Q

What does that mean?

Essentially what this is saying is that after you sign up for Cloud Identity, all new users you add to your organisation automatically become free Cloud Identity users as well as having a paid Google Workspace license. 

Since the whole reason for doing this is to have a free user, let’s go ahead and click on Review Licence Settings.

  1. Hover to the right of Automatic Licensing until you see the pencil icon and then click on it.
xQ52M0H3TNGncupt8EomUpcygAtRD1LK3vU FWC5rERCLkxcCAV1k5b4Bt41Vi8fRzF7q eFChJQnheqk3cteZLwQlaL8U4xR3vfYo5gYTaoI81UR1PWN33QKW OjGy0us3kvgms
  1. Click on the drop down arrow and then click on OFF.
yR4EcXG2xmEel
  1. Click on Save.

Now it’s time to add your pseudo-user!

Second step: Create the Pseudo-User

  1. Click on the Left Hand Side hamburger menu
  2. Hover over Directory and click on Users (or copy and paste this link to go directly to the Users screen: https://admin.google.com/ac/users)
gjl2RR9 zpF53LzcTzMS21AjF9BXzKnVzid L2sRxBkyuDIFjaAnyaOKR128FddDgY4T0WCqJS8r0s2wG5lWhJ82 0hO1bMOSqv6U1D1KOs0h5F89nCVtqB7AYusAg9efXAbvM
  1. Click on Add new user and fill in the details. Given this is a pseudo-user you might need to be creative about the first and last name as well as the email address. 
C8qKEjGcxbMF6RDYNEF2K UDP3tEuEO4rAwgNVDf7c4CwHQX3PGlHqNFW962dKP KkJM3rDea4oxqFTXTG1wvzK3vnpRCVrKWysR4Yugo6kcZhQZhUC0IU okbgZvmVrZGVJYhAX
  1. Click on Add new user.
  1. From the ‘New User added’ pop-up that now appears click on Copy Password. You’re going to need this to log in as the new user! (You might want to paste it in a Google Keep note for the time being as there’s one last step to go before you can log in as the new user). 
Qsw7X 06BiyU2zILZ7xaW1alr0l7Op cLhT1PvqGUpoM psUK480gnDwunALN7 96qOmlb8Iy5XN ZGz3TSM7qr Z9lTAOi0ia6mbNiN3qcQTPHWEZ5mwbcpZDVUjgC 37 jSv1
  1. Once you’ve pasted the password somewhere safe, click on Done in the bottom left.
  1. Click the Refresh arrow in the browser toolbar and you’ll see the new user added in your user list. 

If you want to confirm that you’ve given them a Free license rather than a paid Workspace licence 

  1. Click on the gear icon in the top right of the table.
  1. Then click on the drop down arrow and select Licence.
E0ZyChWbjooCM5pJ vy5f9 31ltX4p94wLNqWzK7 f9i0DfkYwTKQoSNS4fG nby5eeYjGI QrVotxXsJQ46xCDvc6D6fyrVJjjePdJ5uZIMkOBX F QuKLeacRzFh7oKt9oyl4L
  1. Click on Save.

You’ll see an additional column in the table now showing which users have a paid Google Workspace license and which ones do not. 

Third step: Set up recovery information 

THIS STEP IS MANDATORY. DO NOT SKIP THIS STEP. 

If you do not assign recovery information to your new user, and you lose access to the account for some reason, then you’ll lose access to your entire Google Workspace setup!

  1. Click on your pseudo-user.
  1. Click on Add a recovery email. 
  1. Scroll down the page and click on Add a recovery email. 
BAbDeZLdePsoOC RgIRF20e v hdOzWfnhnk3lLGQ T8yPyMkFBYi5uCR6D1OeP
  1. Type in an email address that you’ll have access to, even if you cannot log into Google Workspace. Enter a phone number that you will have regular and ongoing access to.
KmcMTAAWIFVLxJ WbheFlgUJyXpRasn1NIH3i0RKaUzrEcLusyP8pqRNcevoctiOgrpo B 9oWG48o5rLBLzbWcQrvbjvIn4LpGaNejgAuYwp aS4ZSq 0qgppCB2OzOSz IghX
  1. Click on Save.

Fourth (and final!) step: Assign the super-admin role to the pseudo-user and remove it from your personal user account

  1. Scroll back up the page and click on the little upward arrow to return to the main User details page.
  1. Scroll down the page and click on Assign Roles
rP55Wsti6VJDlZxb3CsFLuEEHXHmLj iC2wZSh0xCgEOxdpjQjkkbZoPlJYZsUkD8G LFO6n2A8KZZFfA6ZDpOtnUw4QfrSBg7RZN5wjz8BUCCCORuX TVmcOkiHSLy9RfhZ1 aK
  1. Next to the Super Admin role, click the slider so it’s marked Assigned.
B5780V3 4YQ8ToPP0DcKoqfBNYzY5F8bJ8400DSkgwBkKrxdXl pIyZxT2N2L3k7 ywYqIfvunpqTvjlhCV 4RQN5vxFhCwRbqqVysLQHnzUzbmsZuZb5p9 cI7uF1NRSApPIV8X
  1. Click Save.
  1. Open a New incognito window in your browser.
  1. Copy and paste https://admin.google.com/ac/users into the incognito window.
  1. Sign in as the pseudo-user. You may need to change your password at this time.
  1. Click on your personal user account name in the User List.
  1. Scroll down the page and click on ‘Super Admin’ under Admin roles and privileges
wPzltEmEOUYvbMwhosuFCV goqu5rKwXIjw 4405kCaC4OVabTscxha6ysrnrUgtgcQyyAfWHSvNMti6nD9ZQAphNDjI5DEdqfZf umjFsYwwc JobBch1p2FFGPfckjhQ5J 46X
  1. Next to the Super Admin role, click the slider so it’s marked Not Assigned.
  1. In the pop up screen ‘Assign Primary Admin’ type the email address of your pseudo-user.
H7WOaxOR4 XAIrbRYrJX6KO2sHcbB 53vdcsMHE7dVcSYZu2WjDIXirVbATFkB izlwc WDmEB6gQjPdA3jQjsaBY5Q7QkbiSM8o0yGXyGTmeA1J vJ2SbJE6997c3roTg1 Y69F
  1. Click on Assign.
  1. Click on Continue.
  1. Click on Save.

And that’s it! You’ve finished creating a new Super administrator account

Phew, that was a lot of steps to achieve “the number one thing you must do after setting up Google Workspace in your small business” but it was definitely worth it.

Now, you’ll be able to use the pseudo-user account to undertake all your super admin tasks, whilst using your personal account for day-to-day activities.

I highly recommend setting a recurring reminder on your Google Calendar to log into your super admin account once a week, even if you don’t have any tasks to complete, in order to access any administrative emails that Google might send you, including billing notices.

If you want these steps as a handy PDF file by the way, just go to this link.

Want more personalised help?

I hope this article was of assistance to you, but if you want more personalised help then why not get in touch?

I specialise in helping small business owners just like you work better with Google Workspace so you can save time and money by streamlining your business processes; increasing your productivity; and improving client and employee comunications.

Leave a Reply

Your email address will not be published. Required fields are marked *