Have you ever used your work email to sign up for YouTube, Google Photos, or even a free Docs account? That likely created Google unmanaged users tied to your business domain. It looks harmless, but it’s actually a sneaky little Google cybersecurity gap that puts your first-party data goodies at risk.
This article breaks down why unmanaged users are a problem, how to fix them using Google’s built-in tools, and how you can take advantage of 50 free Cloud Identity licenses, a sweet workaround Google’s push for Workspace.
TL;DR (For the Treat-Seekers in a Hurry)
Unmanaged users = personal Google accounts created with your company email. Your organization can’t secure, audit, or offboard them.
Fix them fast: Use Google’s Transfer tool for unmanaged users and Conflicting accounts management settings. Users either transfer into your domain or are forced to rename their personal account.
Prevent future mess: Provision accounts for all employees and block Google’s sign-up verification emails to your domain.
Bonus tip: Not ready for Workspace? Use Google Cloud Identity Free, 50 licenses by default, with more available on request.
What Are Unmanaged Users?
An unmanaged (consumer) Google account is a personal account someone created using your company email address (e.g., alex@yourcompany.com). It’s not administered by your IT team, so you can’t enforce policies, recover data, or cleanly offboard it. When you later try to manage that domain in Workspace, these are called conflicting accounts (aka sugar-coated headaches).
Why They’re Risky for Google Cloud Security (And Your First-Party Data)
Unmanaged users create avoidable holes in your google cloud security candy jar. Left unresolved, they open blind spots in your broader google cloud cybersecurity posture.
- Data exfiltration & loss: Employees can store company files in a personal Google Drive you don’t control. If they leave, so does the data.
- Shadow IT: People connect unsanctioned apps with zero visibility.
- Weak security enforcement: You can’t require 2-step verification or password policies on personal accounts.
- Messy offboarding: Disabling their SSO account does not touch the unmanaged Google account.
- Access control bypass: Personal accounts can sneak around SSO/conditional access rules for third-party apps.
Reminder: Unmanaged accounts can tap into your most valuable first-party data stash across GA4, Ads, Search Console, YouTube, GBP, Tag Manager, Merchant Center, Looker Studio, and more.
Google’s “Fix” (And a Free Workaround)
Google wants all these users pulled into Workspace (cha-ching for Google) or at least into Cloud Identity, a move they pitch as a way to harden google cloud platform security. Luckily, you get 50 Cloud Identity Free licenses right out of the wrapper, and you can request more at no cost. That’s enough to cover most small teams without buying Workspace seats.
Clean Out Those Sticky Accounts
- Run the Transfer tool (screenshots below): users either move their accounts into your domain or rename them.
- Set policies in “Conflicting accounts management” so unmanaged users are auto invited or replaced.
- Prevent new ones: provision every employee, block Google’s verification emails, and restrict sign-ins to your domain.
Transferring Unmanaged Users
STEP 1: Sign in with an administrator account to your Google Workspace Admin Console.
STEP 2: On the main console page, you’ll see your dashboard. We recommend pinning your most-used access points for quicker navigation.
STEP 3: Under Billing, click Subscriptions. If it’s empty, choose Add or Upgrade a subscription.
STEP 4: On the next screen, under Cloud Identity, you’ll see both Free and Premium options. Click Cloud Identity Free to get started.
Tasty tip: You can also reach this screen anytime by clicking Buy or Upgrade under the Billing tab.
STEP 5: Return to the Subscriptions tab and you’ll now see your active Cloud Identity subscription listed.
STEP 6: In the Directory tab, click Users. At the top of the user table, open the More options menu and select Transfer tool for unmanaged users.
STEP 7: You’ll now see any unmanaged users in your domain. For each, go to the Actions column on the right and click Email transfer request.
Transferring the Account (User Action Required)
STEP 1: The employee will receive an email invitation (they may need to check their spam folder). Inside, they’ll click Transfer account.
STEP 2: On the next page, they’ll follow the prompt to Upgrade my account. This converts their unmanaged account into a managed one, and they’ll see confirmation that Google Workspace is now managed by your administrator.
Checking Status (Administrator View)
Admins can check license counts, user transfers, and layer on additional google cloud security tools to monitor adoption.
CHECK 1: In the Users tab, check the list of all active managed users.
CHECK 2: Under the Subscriptions tab, confirm the number of Cloud Identity licenses available. The first 50 are free; after that, upgrading to Premium is required.
CHECK 3: Return to the Transfer tool for unmanaged users (Step 6 in Transferring Unmanaged Users) to view the status of unmanaged accounts and whether each invitation has been accepted.
Wrapping It Up
Unmanaged users may start small, but the risks stack up fast. Addressing the issue now keeps your data jar tidy and builds a stronger, sweeter foundation for your security, and aligns with the kind of best practices you’d expect from top google cloud security services.
If the process feels a little sticky or you’d like a second opinion, cyberlicious® is ready to help with audits, strategy, and ongoing support. Think of us as your google professional cloud security engineer, here to ensure your accounts are managed, your data stays secure, and your business can grow without surprises.
