Citrix Secure Private Access™

Admin roles and privileges

October 27, 2025

Contributed by:

To onboard customers to Chrome Enterprise Premium (CEP) and enable Google Chrome integration, you must assign the appropriate roles and privileges in the Google Admin console.

Types of admin roles

Two types of roles are available in the Google Admin console:

System Role: These are default roles provided by Google. They typically do not include all the necessary privileges required for Google Chrome integration.
Custom Role: These are roles you create, allowing you to include all necessary privileges specifically for Chrome integration. We recommended to create a custom admin role with all the required privileges for Google Chrome integration.

Note: Super admin roles cannot be assigned to service accounts.

Create and assign roles and privileges

Perform the following steps to create a custom admin role and assign privileges:

In the Google Admin console, go to Accounts > Admin roles.
Click Create new role and enter a name and description for the role.
Add all the privileges required for Google Chrome integration to this custom role. For the list of required privileges, see Required privileges for Google Chrome integration.

For more information related to roles and privileges, see the Google documentation.
Save the custom role.
After creating the custom role, open the role and click Assign members.
Select the users who need these permissions.

Required privileges for Google Chrome integration

The following privileges must be enabled in the admin role that is assigned to the service account.

Admin Console privileges:
- Manage Application Settings (Services > Chrome Management > Settings > Manage User Settings > Manage Application Settings)
Admin API Privileges:
- Manage Customer > Read customer
  - Read customer branding settings
  - Read customer onboard settings
  - Read customer profile settings
  - Read customer support settings
  - Read customer timezone settings
- Manage Customer > Update customer
  - Update customer branding settings
  - Update customer onboard settings
  - Update customer profile settings
  - Update customer support settings
  - Update customer timezone settings
Billing Management > Billing Read
Domain Management
Groups > Read
Organization Units > Read
Domain Allowlist Management > Domain Allowlist Read

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Admin roles and privileges

October 27, 2025

Contributed by:

October 27, 2025

Contributed by:

Admin roles and privileges

Types of admin roles

Create and assign roles and privileges

Required privileges for Google Chrome integration

In this article