We believe in the principle of least privilege, so we suggest creating a new custom admin role which only has the Admin API permission for "Users: Read" and no others.
To do so, follow these steps:
1. Login as an administrator to G Suite.
2. From the dashboard, choose "Admin roles."
3. On the upper left, click "Create a new role", name the role, and click "Create."
4. Scroll down to the "Admin API Privileges" section of the page, expand the "Users" section, and check the box for "Read."
5. Click "Save" in the lower right corner of the page.
6. Near the top of the page, click on "Admins" and then "Assign admins." Two sections will show in a modal. In the first section ("Administrators"), type in the email address of the G Suite user account you'd like to add. In the second ("Admin rights on:"), choose the domain(s) you'd like to give the user permissions on.
7. Click "Confirm assignment."
8. Test logging into Fleetsmith with the new admin account.
For more information, see the following Google support documents: