Allow super administrators to recover their password

As your organization's administrator, you can choose how to let super administrators get back in to their account if they forget their password:

  • Account self-recovery on: Super admins who have added recovery options to their accounts can recover their own account by clicking the Forgot password? link on the sign-in page. They’ll get a verification code via text, phone, or email, and can follow instructions to reset their own passwords.
  • Account self-recovery off: Super admins who have forgotten their passwords must contact another super admin, or Google Support, to reset their password.

Note: For most current and all new customers, super admin account recovery is off by default. If you’re an existing customer with fewer than three super admins or 500 users, the setting is on by default, to match previous behavior. Account recovery can be enabled at the domain, OU, or group level.

Turn super admin account self-recovery on or off

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. Go to Security and then Account recovery.
  3. Click Super admin account recovery.
  4. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
  5. Check or uncheck Allow super admins to recover their accounts.
  6. Click Save.
  7. Make sure that super admins have set up a recovery phone number or email address where they can receive password recovery instructions (via voice, text message, or email).
Prevent unauthorized access to a super admin’s account

If you turn super admin password recovery on, immediately remove a super admin’s recovery information if...

  • The super admin is terminated or leaves your organization. That way they can’t recover their password to access their old account.
  • You suspect the account has been hijacked and the super admin’s recovery information is no longer legitimate.

To remove a super admin’s recovery information or check if it’s been hacked, sign in to the account as the admin. Then follow steps at Set up a recovery phone number or email address.

When super admin account recovery is turned off

If a super admin clicks Forgot password? on the sign-in page, and you haven't turned on super admin password recovery, they see a message to contact their administrator. Make sure you've provided a way for super admins to contact another super admin if they can't sign in to their account.

Was this helpful?
How can we improve it?