The Google Cloud Platform uses standard Google Accounts for authentication, which means you can add new users directly from their Gmail or G Suite account, rather than manually creating employee accounts like with AWS IAM.
Add a user
Google divides all GCP resources into “Projects”. Each project has its own set of permissions and its own set of users who can access it. One of the benefits of using Google for authentication is that users can be in several projects from several different owners at the same time, even having their own projects, all while using the same personal Google account. Of course, if you have a G Suite company, you should use it, but the principle works the same way.
Google makes the invitation process very simple, especially compared to AWS̵7;s IAM user system. To get started, all you need is a Google email address for the user. If you invite someone from their personal email, someone
@gmail.comemail works well. If you invite employees, make sure they have a company G Suite account.
From the Google Cloud Platform Console, find “IAM & Admin” in the sidebar and click “IAM.”
From here, click “Add” to display the invitation dialog.
Enter the user’s email. You can also choose to set a project-wide role if you need to give them full read or write permission.
There are many different role options – the browser, editor, owner and viewer all provide access to each individual resource. If this user does not need that level of access, you can always grant access to a specific resource (such as Compute Engine) or issue access on a resource basis using resource IAM policies. You can read more about it in our guide to authorization management in GCP.
Once you have added the user, they will receive an email invitation that they must accept. Ask them to check their email and click on the link.
They come to the GCP website and the project will be changed automatically. If it does not, you can always change the project from the drop-down menu in the upper main bar.
The project information should be displayed on the dashboard, confirming that you have access, and you should be able to access the resources that your role allows.