Reseller limitations in a customer's Admin console

By default, when you sign up a customer for Google services, you can access that customer's Google Admin console.

To access a customer’s Admin console, you must be signed in from your primary domain. You can do most things that an administrator can do in their own Admin console, but there are a few limitations to protect a customer's security and privacy.

In a customer's Admin console, you cannot...

Additional limitations might exist

  • Change the backup verification codes.
  • Update the 2-Step Verification settings.
  • Download the customer’s user list as a CSV file.
  • Manage access settings for a group under Google Groups for Business.
  • Generate transfer tokens.
  • Access the alert center.
  • Set administrator email alerts.
  • Use Email Log Search to troubleshoot missing messages.
  • Enable the Inbox by Gmail service.
  • Set up Data Loss Prevention (DLP) rules.
  • Add Security Assertion Markup Language (SAML) or single sign-on (SSO) apps.
  • Turn on Android app management.
  • Bind an enterprise mobility management (EMM) provider.
  • Accept the Terms of Service (ToS) on behalf of the customer.
  • View the customer's billing information. (You can, however, view a customer's billing information in your Reseller console.)
  • Assign admin roles to users, other than the Super Admin role, if the customer has an email-verified account. (You can, however, assign any admin roles to users if the customer's account is domain-verified.)
Was this helpful?
How can we improve it?