Set up Cloud Identity as a Google Cloud admin

This document shows you how to set up Cloud Identity and become aGoogle Cloud administrator who can manage Google Cloud usersand resources. Setting up Cloud Identity is one of the first stepsthat you'll take when creating a Google Cloudresourcehierarchy.

For more information about the differences between these services, seeCompareCloud Identity features and editions.

Requirements

  • Cloud Identity Free: You need your company's domain name and theadministrator username and password to your domain registrar to get started.
  • Cloud Identity Premium: You need your company's domain name to getstarted, or you need to purchase a domain during sign-up.

Sign up for Cloud Identity Free

If you're a Google Workspace customer

  1. Sign in with an administrator account to theGoogle Admin console.

    If you aren't using an administrator account, you can't access the Adminconsole.

  2. Go toBilling> Buy or upgrade.

    Make sure that you have theBilling managementadministrator privilege.

  3. InCategories, clickCloud Identity.

  4. InCloud Identity Free, clickGet Started.

  5. Follow the guided instructions.

If you're not a Google Workspace customer

  1. Go to the following sign-up page:https://workspace.google.com/gcpidentity/signup?sku=identitybasic
  2. Follow the guided instructions.

Sign up for Cloud Identity Premium

If you're a Google Workspace customer

  1. Sign in with an administrator account to theGoogle Admin console.

    If you aren't using an administrator account, you can't access the Adminconsole.

  2. Go toBilling> Buy or upgrade.

    Make sure that you have theBilling managementadministrator privilege.

  3. ClickCloud Identity.

  4. Next toCloud Identity Premium, clickStart Free Trial.

  5. Follow the guided instructions.

If you're not a Google Workspace customer

  1. Go to the following sign-up page:https://workspace.google.com/gcpidentity/signup?sku=identitypremium
  2. Follow the guided instructions.

Create your Cloud Identity account and first administrator user

To create your Cloud Identity account and first administrator user using theSetup Wizard:

  1. ForAbout you, enter your first and last name in theNamefield.

  2. InCurrent email address you use for work, enter your emailaddress.

    This email address will be used as a recovery address.It must bedifferent from the address you create that you'll use as your adminaccount for Cloud Identity.

  3. In theAbout your business section, forBusiness or organization name, enter your company name.

  4. In theCountry/Region list, choose the appropriate country or region.

  5. To set up your domain, clickNext.

  6. In theYour Cloud Identity Domain window, add the domain that you'vealready purchased for your company. You'll later need to verify that you ownthe domain.

  7. In theCreate your Cloud Identity account window, enter a username andpassword. This account is your Cloud Identity administrator accountand must be different from the email address you entered in step 2. As abest practice, we recommend that you enter a username with the followingformat:admin@example.com

For more details and instructions about verifying your domain, seeVerify yourdomain for Cloud Identity.

Congratulations! You successfully enabled Cloud Identity and createdyour first user.

Finishing setup

After you create your Cloud Identity account and verify your domain,you're returned to the Google Cloud console. Before you continue, you'llneed to accept the Cloud Identity Agreement on behalf of yourorganization. You're then directed to theIdentity page.

You now have a fully functioning Cloud Identity account. But you'll alsohave the option to complete a few more setup steps in the console, described inthis document.

Note: Later, you might want to return to the Google Admin console to addmore users and create groups. For instructions, seeManageusers.

About your Cloud Identity organization

Your Cloud Identity organization is created after you finish your signupand setup steps for your Cloud Identity service. This maps aCloud Identity account from the Admin console to Google Cloud, andis used to group all of your projects for billing and management purposes. Forexample, using your Cloud Identity organization you can restrict projectaccess only to Cloud Identity users.

As the first super administrator to access the Google Cloud console, you'll beassigned the role ofOrg Owner, and you'll be able to manage theorganization settings and assign policies at the highest level.

Migrate projects and billing accounts and set permissions

Important:

  • Complete steps 1–2 from your non-administrator Google Cloudaccount. This account is typically a personal Gmail account.
  • Complete steps 3–6 from your Cloud Identity administrator account.

To migrate content from a previous account, follow these steps:

Step 1: Grant access to billing accounts

Follow these steps to migrate projects and billing accounts from accounts outside of your Cloud Identity organization to your new Cloud Identity organization. We recommend that you open this page in a separate tab to use as reference while completing the steps.

  1. Sign in to the Google Cloud account that has the existing billing account you want to connect to.
  2. Grant your organization administrator from Cloud Identity access to this billing account.
    1. Go to the left nav and openBilling.
    2. Navigate to the billing account that you want to connect to.
    3. Add the Organization administrator of your Cloud Identity as a Billing administrator.

Step 2: Grant access to projects

You can grant access to projects one at a time or using the bulk permissions UI. Step 1 walks through the one-at-a-time method, while step 2 walks through the bulk method.

  1. Grant your organization administratorOwner access to projects.
    Navigate to theIAM and Admin page for the projects you want to migrate, and add your organization admin's account asOwner.
  2. Set Bulk permissions (optional).
    Navigate to theIAM and Admin section and clickManage Resources orAll projects from the left navigation. From the Manage Resources view, select all the projects you want to migrate and use the Identity and Access Management (IAM) panel to add your new account asOwner to these projects.

Step 3: Sign in to your Cloud Identity account, and accept the project invitations

Sign in to your Cloud Identity account and check your email.

For the projects you're migrating, you must accept the project invitation sent by email to your new account. You must click the link in each email for each project that you're migrating.

Step 4: Go to Google Cloud, sign in with your Cloud Identity account, and remove access

  1. Remove access to the billing account.
    Navigate to the billing account you connected from your old account, and remove access for any user accounts that are not within your company's domain, including your@gmail.com account.
  2. Remove access to projects.
    1. Navigate to theIAM and Admin page, and clickManage Resources.
    2. From theManage Resources page, selectNo organization from the drop-down list next to the filter control.
    3. The projects from your old account are displayed with a yellow warning icon. Select these projects and use the IAM panel to remove access for any accounts that are not within your company's domain, including your@gmail.com account.

Step 5: Migrate projects

  1. Navigate to theIAM and Admin section, and clickManage Resources.
  2. From the Manage Resources page, clickNo organization from the drop-down list next to the filter control. The projects from your old account are displayed with a yellow warning icon.
  3. Select these projects from your old account, and clickMigrate from the top bar, or click the icon for each project.

After the migration is finished, your projects will be moved to your company's organization. You must switch theNo organization drop-down to your company's organization to view the projects.

Step 6: Set permissions

  1. Navigate to theIAM and Admin section, and select your organization from the top bar drop-down list. This will allow you to set IAM permissions that will affect all projects under your organization.
  2. From the IAM page, add your Admin users and grant them the appropriate roles.

For more details, see also Configuring permissions on Google Cloud.

Activate a Cloud Billing account

Free trial users: After you set up Cloud Identity,check your billablestatus to verify thatyou have remaining free trial credits. When thefree trial offerends, you canactivate a full, paidCloud Billing accountto continue to use Google Cloud resources that require aCloud Billing account. To learn more about the free trial, seeFreecloud features and trial offer.

Troubleshooting steps

While signing up for Cloud Identity with your domain, you might encounter oneof the following error messages. Based on the message, try the followingsolutions.

"This domain is already in use."

If you receive this message when trying to sign up for Cloud Identity, it might be because:

  • You have a Google Workspace account with this domain and tried to sign up for Cloud Identity Premium from a marketing page or third party. Instead, you need to sign up for Cloud Identity Premium with this domain from the Billing section of your Google Admin console.Learn more.
  • You have an account for Cloud Identity Free edition through Google Cloud with this domain, and tried to sign up for Cloud Identity Premium from a marketing page or third party. Instead, you need to sign up for Cloud Identity Premium with this domain from the Billing section of your Google Admin console.Learn more.
  • You recently removed this domain from another Google Account. It can take 24 hours (or 7 days if you purchased your account from a third party) before you can use the domain with a new account.
  • You or someone in your organization already created a Cloud Identity or Google Workspace account with your domain. Tryresetting the administrator password. Then we'll send an email to the secondary email you provided when you signed up, with details on how to access the account.
  • You're using the domain with another Cloud Identity account you own. If so,remove the domain from the other account.

"This domain has been registered and is in the process of ownership verification."

If you receive this message when trying to sign up for Cloud Identity, it might be because:

  • You or someone in your organization already created a Cloud Identity or Google Workspace account with your domain and is in the process of domain verification (which can take up to 72 hours). Tryresetting the administrator password. Then, we'll send an email to the secondary email you provided when you signed up, with details on how to access the account.
  • You're using the domain with another Cloud Identity account you own. If so,remove the domain from the other account.

"This domain name doesn't exist yet."

You're getting this error message because the domain hasn't yet been registered with a domain host.

If you already registered your domain name with a domain host, check that the spelling of the domain name you entered matches the registered name. Keep in mind that it can take up to 72 hours forWhois directories to be updated with your new domain ownership.

"Cloud Identity does not currently support this domain name."

The domain that you're trying to sign up with isn't supported by Cloud Identity policies. Sign up with another domain name.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.