Google Cloud Platform uses regular Google accounts for authentication, which means you can add new users directly from their Gmail or G Suite account, rather than manually creating employee accounts like with AWS IAM.
Adding a User
Google splits all GCP resources into “Projects.” Each project has its own set of permissions, and its own set of users that can access it. One of the benefits of using Google for authentication is that users can be in multiple projects from multiple different owners all at the same time, even having personal projects of their own, all while using the same personal Google account. Of course, if you have a company G Suite, you should use that, but the principle works the same.
Google makes the invite process very easy, especially when compared to AWS’s IAM Users system. To get started, you’ll just need an Google email address for the user. If you’re inviting someone from their personal email, any
@gmail.com email will work fine. If you’re inviting employees, you’ll need to make sure they have a company G Suite account.
From the Google Cloud Platform Console, find “IAM & Admin” in the sidebar, and click on “IAM.”
From here, click “Add” to bring up the invite dialog.
Enter in the user’s email. You can also choose to set a project-wide role, if you need to give them full read or write permissions.
There are plenty of options for roles—Project browser, editor, owner, and viewer all give some level of access to every single resource. If this user doesn’t need that level of access, you can always give out access to a specific resource (like Compute Engine), or give out access on a per-resource basis using resource IAM policies. You can read more about that in our guide to permission management in GCP.
Once you add the user, they’ll be sent an invitation via email that they will need to accept. Tell them to check their email and click the link.
They’ll be brought to the GCP homepage, and the project should switch automatically. If it doesn’t, you can always change the project from the drop-down menu in the top header bar.
The project info should display on the dashboard, confirming you have access, and you should be able to access the resources your role allows.