To manage devices in your organization you need to be an administrator with mobile device management privileges. Super administrators have these privileges by default. You can also assign limited administrator privileges to some users to help with your organization’s device management tasks.
What privileges can I delegate?
Users with mobile device management privileges can perform the following tasks in the organizational units that they have privileges for:
- Review devices and device details.
- Perform management tasks, such as approving, blocking, deleting, and wiping devices.
- Apply settings for mobile devices and endpoints.
Additionally, only administrators who have privileges for your top-level organization can:
- Access device reports and log events.
- Automate mobile management tasks with rules.
- Manage web and mobile apps.
- Distribute iOS apps with Apple Volume Purchase Program (VPP).
- Manage your organization's Apple push certificate.
Step 1: Create a custom device management role
-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
- In the Admin console, go to Menu AccountAdmin roles.
- Click Create new role.
- Enter a name and, optionally, a description for the role and click Continue.
- From the Privilege Name list, under ServicesMobile Device Management, check the Manage Devices and Settings box.
Tip: Use the Admin console privileges search box to find the privilege by name. - Click Continue.
- Click Create role.
Step 2: Assign the role to a user
- From the custom device management role page, click Assign members.
- Enter a user and press Enter or Return on your keyboard.
- (Optional) To restrict the user’s device management privileges to a specific organizational unit, next to the user, click the organizational unit.
- Select the organizational unit and click Done.
- Click Assign Role.