It's possible that some of your employees are using unmanaged accounts that access Google services. Unmanaged accounts are users who independently created a Google account using one of your organization's domains. It's common for this to happen, but not ideal for managing your users and keeping their work data secure.
As a Google Workspace super administrator, the Transfer tool for unmanaged users enables you to see what unmanaged user accounts exist, and then migrate those unmanaged users to the domain.
Additionally, some unmanaged accounts result in conflicting account names. Attempting to create a managed account with the same name as an unmanaged account triggers such a conflict. You can use the transfer tool to resolve the conflict by migrating the unmanaged account.
Note: If you don't have any unmanaged accounts, see Options for adding users.
Transfer unmanaged user accounts
To add users to your domain, you can transfer your organization's unmanaged users to your Admin Console to start managing them. See the sections below for more information about unmanaged user accounts and conflicting account names.
For instructions about migrating your unmanaged users, see the following articles:
- Before using the transfer tool
- Use the transfer tool to migrate unmanaged users
- Use CSV to migrate unmanaged users
Note: You can't transfer consumer (unmanaged) users to a managed Google Workspace account if those users are members of a family group.
Managed & unmanaged accounts & conflicting account names
Managed user account
A managed user account is an account belonging to a domain-verified customer. A managed user account is under the full control of a Google Workspace or Cloud Identity administrator, and it can be managed in the Google Admin console.
Unmanaged user account
An unmanaged user account is fully owned and managed by the individual who created it. Unmanaged user accounts don’t belong to domain-verified customers, and they’re not controlled by Google Workspace or Cloud Identity administrators. Your organization has no control over the configuration, security, and lifecycle of these accounts.
Unmanaged accounts are sometimes referred to as personal accounts, or consumer accounts, because the individual signed up for Google consumer services using their company domain in their email address.
If an admin creates a managed Google Account using the same account name as an existing unmanaged user account, this results in a conflicting account. If there’s a conflict like this, super administrators can resolve such conflicting accounts by using the Transfer tool for unmanaged users.
Why you need to transfer unmanaged accounts
If your employees use unmanaged accounts, then the premise of having a single place to manage user identities is compromised. Unmanaged accounts aren't managed by Google Workspace or Cloud Identity. Therefore, you can use the transfer tool to identify unmanaged user accounts that you want to convert to managed accounts, and migrate the unmanaged users to managed accounts.
An unmanaged account that’s used for business purposes and that uses a corporate email address can pose multiple risks to your business, including the following:
- You can’t control the lifecycle of an unmanaged user account. An employee who leaves the company might continue to use the unmanaged account to access corporate resources or to generate corporate expenses.
- Even if you revoke access to all resources, the unmanaged account might still pose a social engineering risk. Because the user account uses a seemingly trustworthy identity with your company’s domain name, the former employee might be able to convince current employees or business partners to grant access to resources again—for example, a sensitive Drive file.
- A former employee with an unmanaged account might use the user account to perform activities that aren't in line with your organization's policies, which could put your company's reputation at risk.
- You can’t enforce security policies like 2-step verification or password complexity rules.
- You can’t restrict which geographic location Docs and Drive data is stored in, which might be a compliance risk.
- You can’t restrict which Google services can be accessed by an unmanaged user account.