diff --git a/src/ServiceAccountCredentials.php b/src/ServiceAccountCredentials.php
index c0f73f8c53..eade18f745 100644
--- a/src/ServiceAccountCredentials.php
+++ b/src/ServiceAccountCredentials.php
@@ -140,4 +140,13 @@ public function updateMetadata($metadata,
     $jwtCreds = new ServiceAccountJwtAccessCredentials($credJson);
     return $jwtCreds->updateMetadata($metadata, $authUri, $client);
   }
+
+  /**
+   * @param string sub an email address account to impersonate, in situations when
+   *   the service account has been delegated domain wide access.
+   */
+  public function setSub($sub)
+  {
+    $this->auth->setSub($sub);
+  }
 }
diff --git a/tests/ServiceAccountCredentialsTest.php b/tests/ServiceAccountCredentialsTest.php
index ad55831563..cd9eefa57b 100644
--- a/tests/ServiceAccountCredentialsTest.php
+++ b/tests/ServiceAccountCredentialsTest.php
@@ -71,6 +71,24 @@ public function testShouldBeTheSameAsOAuth2WithTheSameScopeWithSub()
         $sa->getCacheKey()
     );
   }
+
+  public function testShouldBeTheSameAsOAuth2WithTheSameScopeWithSubAddedLater()
+  {
+    $testJson = createTestJson();
+    $scope = ['scope/1', 'scope/2'];
+    $sub = 'sub123';
+    $sa = new ServiceAccountCredentials(
+        $scope,
+        $testJson,
+        null);
+    $sa->setSub($sub);
+
+    $o = new OAuth2(['scope' => $scope]);
+    $this->assertSame(
+        $testJson['client_email'] . ':' . $o->getCacheKey() . ':' . $sub,
+        $sa->getCacheKey()
+    );
+  }
 }
 
 class SACConstructorTest extends \PHPUnit_Framework_TestCase