I’ve got surprised with this feature of GCP.
You give roles to a group … but the group members are controlled outside GCP !!!! … in a general purpose tool (Double security management required).
In my learning GCP position and at first sight I’m thinking this is a weak feature. It seems that in GCP there is no single point where you have control about your users and how they are organized.
Am I wrong?
Thank you very much
From Google’s documentation:
In Cloud IAM, you grant access to members. Members can be of the following types:
G Suite domain
Cloud Identity domain
So when you say " but the group members are controlled outside GCP" they are not outside really. I encourage you to read https://cloud.google.com/iam/docs/overview and look at the picture there to get a good idea. Hope this helps. Thanks