diff --git a/public/docs-static/img/integrations/identity-providers/self-hosted/google-assign-role.png b/public/docs-static/img/integrations/identity-providers/self-hosted/google-assign-role.png
new file mode 100644
index 00000000..53cb9574
Binary files /dev/null and b/public/docs-static/img/integrations/identity-providers/self-hosted/google-assign-role.png differ
diff --git a/public/docs-static/img/integrations/identity-providers/self-hosted/google-domain-delegation-added.png b/public/docs-static/img/integrations/identity-providers/self-hosted/google-domain-delegation-added.png
deleted file mode 100644
index 3c1925b4..00000000
Binary files a/public/docs-static/img/integrations/identity-providers/self-hosted/google-domain-delegation-added.png and /dev/null differ
diff --git a/public/docs-static/img/integrations/identity-providers/self-hosted/google-new-domain-delegation.png b/public/docs-static/img/integrations/identity-providers/self-hosted/google-new-domain-delegation.png
deleted file mode 100644
index d7000012..00000000
Binary files a/public/docs-static/img/integrations/identity-providers/self-hosted/google-new-domain-delegation.png and /dev/null differ
diff --git a/public/docs-static/img/integrations/identity-providers/self-hosted/google-new-role-info.png b/public/docs-static/img/integrations/identity-providers/self-hosted/google-new-role-info.png
new file mode 100644
index 00000000..c11797aa
Binary files /dev/null and b/public/docs-static/img/integrations/identity-providers/self-hosted/google-new-role-info.png differ
diff --git a/public/docs-static/img/integrations/identity-providers/self-hosted/google-privileges-review.png b/public/docs-static/img/integrations/identity-providers/self-hosted/google-privileges-review.png
new file mode 100644
index 00000000..9197ee7b
Binary files /dev/null and b/public/docs-static/img/integrations/identity-providers/self-hosted/google-privileges-review.png differ
diff --git a/public/docs-static/img/integrations/identity-providers/self-hosted/google-service-account-privileges.png b/public/docs-static/img/integrations/identity-providers/self-hosted/google-service-account-privileges.png
new file mode 100644
index 00000000..c18c011b
Binary files /dev/null and b/public/docs-static/img/integrations/identity-providers/self-hosted/google-service-account-privileges.png differ
diff --git a/src/pages/selfhosted/identity-providers.mdx b/src/pages/selfhosted/identity-providers.mdx
index 54ff476e..8671b47d 100644
--- a/src/pages/selfhosted/identity-providers.mdx
+++ b/src/pages/selfhosted/identity-providers.mdx
@@ -923,19 +923,32 @@ Read how to manage and secure your service keys [here](https://cloud.google.com/
 
 - Open downloaded json file and take note of `client_id` will be used later as `Service Account Client ID`
 
-#### Step 5: Granting service account access to organization data
+#### Step 5: Grant user management admin role to service account
 - Navigate to [Admin Console](https://admin.google.com/ac/home) page
-- Select `Security` > `Access and data control` > `API controls` and then click `MANAGE DOMAIN WIDE DELEGATION`
-- Click `Add new`
-- Fill in the form with the following values
-    - Client ID: `<Service Account Client ID>`
-    - OAuth scopes: `https://www.googleapis.com/auth/admin.directory.user.readonly`
+- Select `Account` on the left menu and then click `Admin Roles`
+- Click `Create new role`
+- Fill in the form with the following values and click `CREATE`
+    - name: `User Management ReadOnly`
+    - description: `User Management ReadOnly`
+- Click `CONTINUE`
 <p>
-    <img src="/docs-static/img/integrations/identity-providers/self-hosted/google-new-domain-delegation.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/google-new-role-info.png" alt="high-level-dia" class="imagewrapper"/>
 </p>
-- Click `AUTHORIZE`
+
+- Scroll down to `Admin API privileges` and add the following privileges
+    - Users: `Read`
+- Click `CONTINUE`
 <p>
-    <img src="/docs-static/img/integrations/identity-providers/self-hosted/google-domain-delegation-added.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/google-privileges-review.png" alt="high-level-dia" class="imagewrapper"/>
+</p>
+- Verify preview of assigned Admin API privileges to ensure that everything is properly configured, and then click `CREATE ROLE`
+- Click `Assign service accounts`, add service account email address and then click `ADD`
+<p>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/google-assign-role.png" alt="high-level-dia" class="imagewrapper"/>
+</p>
+- Click `ASSIGN ROLE` to assign service account to `User Management ReadOnly` role
+<p>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/google-service-account-privileges.png" alt="high-level-dia" class="imagewrapper"/>
 </p>
 
 - Navigate to [Account Settings](https://admin.google.com/ac/accountsettings/profile?hl=en_US) page and take note of `Customer ID`