Configurer Cloud Identity en tant qu'administrateur Google Cloud

Cet article explique comment configurer Cloud Identity en tant qu'administrateur Google Cloud. La configuration de Cloud Identity est l'une des premières étapes à suivre pour créer une organisation Google Cloud.

Avant de commencer

Instructions for Google Cloud admins

If you're a Google Cloud administrator, use the instructions below to sign up for either Cloud Identity Free or Cloud Identity Premium. For details about the differences between these services, see Compare Cloud Identity features & editions.

Requirements

  • Cloud Identity Free—You need your company's domain name and the admin username and password to your domain registrar to get started.
  • Cloud Identity Premium—You need your company's domain name to get started, or you need to purchase a domain during sign-up.

Sign up for Cloud Identity Free

  1. Go to the following sign-up page:
    https://workspace.google.com/gcpidentity/signup?sku=identitybasic
  2. Follow the guided instructions.

For details about your next steps, see Create your Cloud Identity account and first admin user.

Sign up for Cloud Identity Premium

If you're a Google Workspace customer

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Billingand thenGet more services.
  3. Click Cloud Identity.
  4. Next to Cloud Identity Premium, click Start Free Trial.
  5. Follow the guided instructions.

If you're not a Google Workspace customer

  1. Go to the following sign-up page:
    https://workspace.google.com/gcpidentity/signup?sku=identitypremium
  2. Follow the guided instructions.

Créer votre premier utilisateur

Pour créer votre compte et votre premier compte d'administrateur dans Cloud Identity à l'aide de l'assistant de configuration : 

  1. Dans la section À propos de vous, accédez au champ Nom et saisissez votre prénom et votre nom.
  2. Dans le champ Adresse e-mail professionnelle actuelle, saisissez votre adresse e-mail.
    Cette adresse jouera le rôle d'adresse de récupération.Elle doit être différente de celle créée ci-dessous, que vous utiliserez au titre de compte d'administrateur pour Cloud Identity.
  3. Dans le champ À propos de votre entreprise, accédez au champ Nom de l'entreprise ou de l'organisation, puis saisissez le nom de votre société.
  4. Dans le champ Pays/territoire, choisissez le pays ou le territoire approprié dans la liste déroulante.
  5. Cliquez sur Suivant pour configurer votre domaine.
  6. Accédez à la fenêtre Votre domaine Cloud Identity et indiquez le domaine que vous venez d'acheter pour le compte de votre entreprise. Vous devrez confirmer que vous en êtes le propriétaire en créant un enregistrement CNAME spécifique ou en transférant un fichier html.
  7. Dans la fenêtre Créer un compte Cloud Identity, saisissez un nom d'utilisateur et un mot de passe. Ce compte correspond à votre compte d'administrateur Cloud Identity. Il doit être différent de l'adresse e-mail que vous avez indiquée à l'étape 2 ci-dessus. Nous vous recommandons donc de saisir le nom d'utilisateur au format suivant : admin@example.com.

Pour en savoir plus et obtenir des instructions concernant la validation de votre domaine, consultez Valider votre domaine pour utiliser Cloud Identity.

Félicitations ! Vous avez bien activé Cloud Identity et créé votre premier utilisateur.

Terminer la configuration

After you create your Cloud Identity account and verify your domain, you're returned to the Google Cloud console. Before you continue, you'll need to accept the Cloud Identity Agreement on behalf of your organization. You're then directed to the Identity page.
 
You now have a fully functioning Cloud Identity account. But you'll also have the option to complete a few more setup steps in the console as described below.
 
Note: Later, you may want to return to the Google Admin console to add more users and create groups. For instructions, see Manage users.

About your Cloud Identity organization

Your Cloud Identity organization is created after you finish your signup and setup steps for your Cloud Identity service. This maps a Cloud Identity account from the Admin console to Google Cloud, and is used to group all of your projects for billing and management purposes. For example, using your Cloud Identity organization you can restrict project access only to Cloud Identity users.
 
As the first super admin to access the Google Cloud console, you'll be assigned the role of Org Owner, and you'll be able to manage the organization settings and assign policies at the highest level. 

Migrate projects and billing accounts and set permissions

Important: 

  • Complete steps 1–2 below from your non-administrator Google Cloud account. This account is typically a personal Gmail account.
  • Complete steps 3–6 from your Cloud Identity administrator account.

To migrate content from a previous account, follow these steps:

Grant access to billing accounts

Use the steps below to migrate projects and billing accounts from accounts outside of your Cloud Identity organization to your new Cloud Identity organization. We recommend opening this page in a separate tab to use as reference while completing the steps.

  1. Sign in to the Google Cloud account that has the existing billing account you want to connect to.
  2. Grant your organization admin from Cloud Identity access to this billing account.
    1. Go to the left nav and open Billing.
    2. Navigate to the billing account you want to connect to.
    3. Add the Organization admin of your Cloud Identity as a Billing administrator.

Grant access to projects

You can grant access to projects one at a time, or via the bulk permissions UI. Step 1 below walks through the one-at-a-time method, while step 2 walks through the bulk method.

  1. Grant your organization admin Owner access to projects.
    Navigate to the IAM & Admin page for the projects you want to migrate, and add your organization admin's account as Owner.
  2. Set Bulk permissions (optional).
    Navigate to the IAM & Admin section and click Manage Resources or All projects from the left navigation. From the Manage Resources view, select all the projects you want to migrate and use the IAM panel to add your new account as Owner to these projects.

Sign in to your Cloud Identity account, and accept the project invitations

Sign in to your Cloud Identity account and check your email.

For the projects you're migrating, you must accept the project invitation sent via email to your new account. You must click the link in each email for each project that you're migrating.

Go to Google Cloud, sign in with your Cloud Identity account, and remove access

  1. Remove access to the billing account.
    Navigate to the billing account you connected from your old account, and remove access for any user accounts that are not within your company's domain, including your @gmail.com account.
  2. Remove access to projects.
    1. Navigate to the IAM & Admin page, and click Manage Resources.
    2. From the Manage Resources page, select No organization from the dropdown next to the filter control.
    3. The projects from your old account are displayed with a yellow warning icon. Select these projects and use the IAM panel to remove access for any accounts that are not within your company's domain, including your @gmail.com account.

Migrate projects

  1. Navigate to the IAM & Admin section, and click Manage Resources.
  2. From the Manage Resources page, click No organization from the dropdown list next to the filter control. The projects from your old account are displayed with a yellow warning icon.
  3. Select these projects from your old account, and click Migrate from the top bar, or click the icon for each project.

After the migration is finished, your projects will be moved to your company's organization. You must switch the No organization drop-down to your company's organization to view the projects.

Set permissions

  1. Navigate to the IAM & Admin section, and select your organization from the top bar dropdown. This will allow you to set IAM permissions that will affect all projects under your organization.
  2. From the IAM page, add your Admin users and grant them the appropriate roles.

For more details, see also Configuring permissions on Google Cloud.
 

Étapes suivantes