Configura Cloud Identity como administrador de Google Cloud
En este artículo, se muestra cómo configurar Cloud Identity como administrador de Google Cloud. Configurar Cloud Identity es uno de los primeros pasos que debes seguir cuando creas una nueva organización de Google Cloud.
Antes de comenzar
Si eres administrador de Google Cloud, sigue las instrucciones que se indican a continuación para registrarte en Cloud Identity Free o Cloud Identity Premium. Para obtener detalles sobre las diferencias entre estos servicios, consulta Comparación de las características de Cloud Identity y ediciones.
Requisitos
- Cloud Identity Free: Necesitas el nombre de dominio de tu empresa, además del nombre de usuario y la contraseña del administrador de tu registrador de dominios para comenzar.
- Cloud Identity Premium: Para comenzar, necesitas el nombre de dominio de tu empresa o debes comprar un dominio durante el registro.
Regístrate para obtener Cloud Identity gratis
- Ve a la siguiente página de registro:
https://workspace.google.com/gcpidentity/signup?sku=identitybasic - Sigue las instrucciones guiadas.
Para obtener detalles sobre los próximos pasos, consulta Crea tu cuenta de Cloud Identity y tu primer usuario administrador.
Registro en Cloud Identity Premium
Si eres cliente de Google Workspace
-
Accede a la Consola del administrador de Google.
Accede con tu cuenta de administrador (no termina en @gmail.com).
-
En la Consola del administrador, ve a Menú FacturaciónObtener más servicios.
- Haz clic en Cloud Identity.
- Junto a Cloud Identity Premium, haz clic en Iniciar prueba gratuita.
- Sigue las instrucciones guiadas.
Si no eres cliente de Google Workspace
- Ve a la siguiente página de registro:
https://workspace.google.com/gcpidentity/signup?sku=identitypremium - Sigue las instrucciones guiadas.
Crea tu primer usuario
Para crear tu cuenta de Cloud Identity y tu primer usuario administrador con el Asistente de configuración, sigue estos pasos:
- En la sección Acerca de ti, ingresa tu nombre y apellido en el campo Nombre.
- En el campo Dirección de correo electrónico actual que usas en el trabajo, ingresa tu dirección de correo electrónico.
Esta dirección de correo electrónico se usará como dirección de recuperación. Debe ser diferente de la dirección que crees a continuación y que usarás como cuenta de administrador de Cloud Identity. - En la sección Acerca de su empresa, ingrese el nombre de su empresa en el campo Nombre de la empresa u organización.
- En el campo País/región, elige el país o la región adecuados en la lista desplegable.
- Haz clic en Siguiente para configurar tu dominio.
- En la ventana Tu dominio de Cloud Identity, agregarás el dominio que ya compraste para tu empresa. Deberás verificar que es tuyo creando un registro CNAME específico o subiendo un archivo HTML.
- En la ventana Crea tu cuenta de Cloud Identity, ingresa un nombre de usuario y una contraseña. Esta es tu cuenta de administrador de Cloud Identity y debe ser diferente de la dirección de correo electrónico que ingresaste en el paso 2. Como práctica recomendada, te sugerimos que ingreses un nombre de usuario con el siguiente formato: admin@example.com.
Para obtener más detalles y las instrucciones para verificar tu dominio, consulta Cómo verificar tu dominio para Cloud Identity.
¡Felicitaciones! Habilitaste de forma adecuada Cloud Identity y creaste tu primer usuario.
Finaliza la configuración
After you create your Cloud Identity account and verify your domain, you're returned to the Google Cloud console. Before you continue, you'll need to accept the Cloud Identity Agreement on behalf of your organization. You're then directed to the Identity page.
You now have a fully functioning Cloud Identity account. But you'll also have the option to complete a few more setup steps in the console as described below.
Note: Later, you may want to return to the Google Admin console to add more users and create groups. For instructions, see Manage users.
About your Cloud Identity organization
Your Cloud Identity organization is created after you finish your signup and setup steps for your Cloud Identity service. This maps a Cloud Identity account from the Admin console to Google Cloud, and is used to group all of your projects for billing and management purposes. For example, using your Cloud Identity organization you can restrict project access only to Cloud Identity users.
As the first super admin to access the Google Cloud console, you'll be assigned the role of Org Owner, and you'll be able to manage the organization settings and assign policies at the highest level.
Migrate projects and billing accounts and set permissions
Important:
- Complete steps 1–2 below from your non-administrator Google Cloud account. This account is typically a personal Gmail account.
- Complete steps 3–6 from your Cloud Identity administrator account.
To migrate content from a previous account, follow these steps:
Grant access to billing accounts
Use the steps below to migrate projects and billing accounts from accounts outside of your Cloud Identity organization to your new Cloud Identity organization. We recommend opening this page in a separate tab to use as reference while completing the steps.
- Sign in to the Google Cloud account that has the existing billing account you want to connect to.
- Grant your organization admin from Cloud Identity access to this billing account.
- Go to the left nav and open Billing.
- Navigate to the billing account you want to connect to.
- Add the Organization admin of your Cloud Identity as a Billing administrator.
Grant access to projects
You can grant access to projects one at a time, or via the bulk permissions UI. Step 1 below walks through the one-at-a-time method, while step 2 walks through the bulk method.
- Grant your organization admin Owner access to projects.
Navigate to the IAM & Admin page for the projects you want to migrate, and add your organization admin's account as Owner. - Set Bulk permissions (optional).
Navigate to the IAM & Admin section and click Manage Resources or All projects from the left navigation. From the Manage Resources view, select all the projects you want to migrate and use the IAM panel to add your new account as Owner to these projects.
Sign in to your Cloud Identity account, and accept the project invitations
Sign in to your Cloud Identity account and check your email.
For the projects you're migrating, you must accept the project invitation sent via email to your new account. You must click the link in each email for each project that you're migrating.
Go to Google Cloud, sign in with your Cloud Identity account, and remove access
- Remove access to the billing account.
Navigate to the billing account you connected from your old account, and remove access for any user accounts that are not within your company's domain, including your @gmail.com account. - Remove access to projects.
- Navigate to the IAM & Admin page, and click Manage Resources.
- From the Manage Resources page, select No organization from the dropdown next to the filter control.
- The projects from your old account are displayed with a yellow warning icon. Select these projects and use the IAM panel to remove access for any accounts that are not within your company's domain, including your @gmail.com account.
Migrate projects
- Navigate to the IAM & Admin section, and click Manage Resources.
- From the Manage Resources page, click No organization from the dropdown list next to the filter control. The projects from your old account are displayed with a yellow warning icon.
- Select these projects from your old account, and click Migrate from the top bar, or click the icon for each project.
After the migration is finished, your projects will be moved to your company's organization. You must switch the No organization drop-down to your company's organization to view the projects.
Set permissions
- Navigate to the IAM & Admin section, and select your organization from the top bar dropdown. This will allow you to set IAM permissions that will affect all projects under your organization.
- From the IAM page, add your Admin users and grant them the appropriate roles.
For more details, see also Configuring permissions on Google Cloud.