Not sure if this is the right sub for this question, apologies in advance if it's not.
We're in the process of redoing our MDM solution, switching from a poorly configured BYOD profile setup to proper fully-managed Corporate Owned devices. Currently using MaaS360 but will be switching to Intune.
We have an in-house app that we need to be able to deploy to devices, and it seems the proper way to do this is to upload it to the Private section of Managed Google Play so that it can be deployed with Android Enterprise.
However it seems that to do this, you need a Google Admin Console account, which I can't seem to figure out how to actually create. I have an existing Google account created under my company email address (rather than a Gmail address), but when I go to https://admin.google.com and try to sign in, I get the following:
Sign in with an administrator account To sign in to admin.google.com, use an administrator account for a managed Google service, such as Google Workspace or Cloud Identity.
However I can't seem to find a way to actually create this Admin account.
I am able to sign in to https://play.google.com/work/adminsettings where I have myself and the rest of our IT team listed as Administrators, but this seems to be different from the Admin Console.
Maybe I'm just blind and not seeing it, but how do I actually create this Admin Console account so that we can have access to Private Managed Google Play?
Does it require paying for a Google Workspace account? We're a Microsoft shop so we already have 365 implemented, don't need the whole Google suite of software, just need to access Private Managed Google Play specifically.
EDIT: Nvm I'm dumb, in the Managed Google Play applet there's a Private section with a big-ass button to upload your own apps. Issue resolved.
How do I add an external administrator to a Google Suite? - Web Applications Stack Exchange
How to gain access to the Google admin console without buying the product?
Can't access admin console
Just Made an account, but how do I log in??
Which Google API call creates a new Google Workspace user?
How do I add users to Google Workspace?
What is Torii and how does it automate Google Workspace provisioning?
Videos
In the simple way you describe, it is not possible; i.e., one may not add [email protected] to domain.com as an administrator.
If you only want an unpaid (no email, storage, etc.) account with superadmin privileges to manage the domain, you can use the "Cloud Identity" service. You could also use a sub-domain, but that comes with many caveats. I've both explained below.
1. Using a free (unpaid) Cloud Identity account
Using the free-tier of the Google Cloud Identity service, it is possible to have a free administrator account within domain.com. This account will not be licensed for any paid Google services, but may still be used to log in to the Google Admin Console, etc.
Log in to the Google Admin console with a user which has sufficient permissions to create and assign whatever admin role you require for the new user.
Add the free-tier of the "Cloud Identity" service using
[fly-out side menu] > Billing > Get more services, chooseCloud Identityin the left column, thenCloud Identity Free. The free "Cloud Identity" service will be added to every user. Depending on the license assignment configuration fordomain.com, the Admin console may offer help to disable automatic-licenses (which will matter for the new user you are about to create, as you do not want it to receive any licenses for paid services). There is information about automatic licensing here.Create a new account. Ensure it has no Google licenses assigned. In the
Admin roles and privilegessection of the user configuration, assign whatever roles and privileges are necessary; in this case, perhapssuperadmin. There is documentation on this, "Make a user an admin".Optional After ensuring the new account works, remove
superadminprivileges from the other paid service accounts. Obviously, you can create as many free administrative accounts as you require.
I strongly recommend all the standard security practices for the administrator account, such as 2FA or security devices, etc.
The Google "Super administrator account best practices" article is quite helpful, and discusses organization admins and roles, discouraging super admin usage, etc.
2. Considering using a "secondary domain"
It may be possible if you add other-domain.com as a "secondary domain" of domain.com, but this comes with various implications and limitations. The documentation is plentiful, but not particularly clear with examples and I would worry about causing confusion for the users of each domain. I suspect the domains will not be as separate as might be prefered. The documentation on Add multiple domains or domain aliases, contains:
If you own another domain, you can add it to your Google Workspace or Cloud Identity account. For example, you manage multiple businesses or brands, each with their own domain. Depending on your needs, you add a domain as a domain alias or a secondary domain.
And, in the section no "secondary domains" it also contains:
Manage separate teams of users or businesses at different domains
For example, you signed up for Google Workspace with your-company.com (your primary domain). You manage a team that has their own domain, other-company.com. You add other-company.com as a secondary domain to your Google Workspace account.
Which both sound helpful with respect to dealing with multiple domains.
However, further on, that documentation also mentions "Pay for each user account", which seems to imply your-company.com will be billed for the services used by other-company.com. This seems to confirm it:
Important: Some information and features are linked only to your primary domain. For example, you can't set up a separate billing address or company logo for a secondary domain.
So, as someone simply managing a domain (as a consultant, contractor, IT support, etc.) for a business, I would stay away from secondary domains. (i.e., Do not add another company's domain as a secondary for the purpose of managing it.)
"Secondary domains" seem more about different names or brands or units for a single business.
Unfortunately it is not possible. You must create a new email address within the same domain as administration account.
I work in an organization using Gsuite under the domain asdf.com. We also own the domain qwer.com, we also have a website on that domain, and actually several other websites on subdomains under qwer.com. We have a "main" administrator, who is in charge of asdf.com and our Gsuite. However, I am (somewhat unofficially) the administrator for qwer.com.
The problem? I've implemented company-only Google-authentication for logging in on several of the subsites under qwer.com, one of which should also be accessible by users from erty.com, a company we have nothing to do with, except that their users should have access to this site.
Earlier, I guess I would administer this by logging into the Google admin console. All of this has now disappeared. If I try to log into admin.google.com using my asdf.com e-mail address, I'm told that only an administrator of asdf.com can do that. (We all have adsf.com e-mail addresses - there are no qwer.com e-mail addresses.)
So basically, if I want changes done, I now need to go through the "main" administrator of asdf.com. He's a very busy man, and spends an absolute minimum of his time on admin.google.com - he probably has no idea how to implement the changes I need done.
So I've been told that I need to tell him exactly which changes I need. In order to do that, I need to be able to log into the google admin console, since I don't remember what it looks like - it's been a while.
I could start a free trial using my personal domain, but that seems short-sighted.
Ideas are welcome.