Intune

Setup Multiple Admin Accounts for Managed Google Domains

By
Sebastiaan Smits
This is some text inside of a div block.

In this blog post, we dive deeper into the Google Admin Console and explore how to create additional admin accounts capable of managing Managed Google Play in Intune. Previously, using the 'Managed Google Play account enterprise' setup posed significant challenges. Administrators had to rely on recovery accounts, and enabling MFA required cumbersome methods to share the additional factor.

Note: If you don’t have a paid subscription to Google Workspace—as many organizations do not—you will only be able to assign the Super Admin role. Other roles or custom roles will not be available

Pre-requisites

  • You need an account with Super Admin permissions in the Google Admin Console. The first account that sets up the binding with Intune will have this permission by default.
  • The administrator account you plan to add must have an existing Entra Account with:
    • A mailbox (to receive the invitation).
    • First and last name fields filled in.

Steps to Invite an Extra Admin

With a Managed Google Domain, you can invite additional administrators to the Google Admin Console, enabling them to log in to Managed Google Play at https://play.google.com/work.

  1. Log in to the Google Admin Console (https://admin.google.com) → DirectoryUsers, and click Invite new user.

"Screenshot of the Google Admin Console showing the 'Invite new user' option under Directory > Users."

  1. In the Invite a new user dialog box, enter the Entra account email address for the new admin and press Send Invite.

"Dialog box in the Google Admin Console prompting to enter the Entra account email address for the new admin."

  1. The administrator will receive an invitation via email. They can join by clicking the link in the email.

"Email received by the administrator containing the invitation to join the Google Admin Console."

  1. The administrator must select Sign in with Microsoft and grant the necessary permissions for the Google Workspace Entra app by clicking Accept.

"Permissions request screen for the Google Workspace Entra app, with an 'Accept' button."

  1. Log back into the Google Admin Console using the initial Super Admin account. Go to DirectoryUsers. It may take some time (e.g., 5 minutes) for the new user to appear in the list. Once visible, click on the user.

"Google Admin Console displaying the newly added user in the Directory > Users section."

  1. Click Assign Role.

"User profile page in the Google Admin Console with the 'Assign Role' button highlighted."

  1. Grant the user Super Admin permissions.

"Role assignment interface showing the selection of 'Super Admin' permissions for the user."

Conclusion

By following these steps, you can easily add additional administrators to your Managed Google Domain, ensuring redundancy and flexibility in managing Managed Google Play. This setup eliminates the need for shared recovery accounts and simplifies MFA processes, enhancing both security and efficiency. While the limitations of free Google Workspace subscriptions restrict role assignments to Super Admin, having multiple admin accounts ensures better control and scalability for managing your organization's Android device ecosystem.

READ MORE

February 3, 2025

Use Cloud PKI with Intune – Part 2: Device Configurations

This blog post, part two of the Cloud PKI series, guides you through deploying a Root Certificate and configuring SCEP in Intune to ensure devices receive client certificates for secure authentication.

June 8, 2025

Knox Mobile Enrollment with Intune: Streamlining Android Device Provisioning

Master seamless Android device provisioning. See how to integrate Knox Mobile Enrollment (KME) with Microsoft Intune for efficient, zero-touch enterprise deployments. Your guide to simplified mobile device management starts here.

June 15, 2025

Enhancing Script Security: Implementing Multi-Admin Approval for Intune Scripts

Strengthen your Intune environment against unauthorized or accidental actions across your Windows, iOS and Android fleets. Learn to implement multi-admin approval for critical device commands, adding a vital layer of security and accountability.

June 17, 2025

Automate & Secure: How Intune's DDM Ensures Latest iOS Versions on Your Devices

Master Intune DDM for iOS software updates. This guide shows IT admins how to automatically enforce the latest iOS versions, ensuring devices are secure and compliant. Read more!

In-depth blog posts on Intune, PowerShell, and Mobile Device Management—driven by real-world enterprise experience managing iOS, Android, and Windows devices at scale.
Menu
AboutContact UsPrivacy Policy
External
AppleAndroidWindows
Follow us
© SecureSein by Sebastiaan Smits. Powered by Webflow