GCP Cloud Identity - 帐号/组

Question

I'm migrating projects that don't have an organization to a new organization. As I understand it, Cloud Identity is required when using an organization.

Will the existing users in in the projects with the same domain as the organization automatically be manageable in Cloud Identity?

How is the user group functionality in Cloud Identity different from user group functionality in the Cloud console IAM section? Would any groups created in IAM before or after the migration be visible in Cloud Identity?

Answer 1

Yes, Cloud Identity is required to use an Organization in Google Cloud.

Cloud identity is basically an identity provider (IdP) in which you create the user and group objects and manage parameters such as security factors (MFA) and application access. If you have a non organization project with existing users that have your domain, then it is likely they are regular 'Google' accounts, when you establish your Cloud Identity instance there is a process to consolidate them, they are called Unmanaged users .

Before adding users to your organization, use the Transfer tool for unmanaged users to see if you have any unmanaged personal Google accounts. The transfer tool enables you to see what unmanaged users exist, and then invite those unmanaged users to the domain.

You can also refer user groups in the cloud console IAM section, if you have a project and you have been managing groups within the IAM section, that would indicate that there is already a Cloud Identity instance behind and that the project is part of an organization. Which means, any groups created in the IAM section will be visible in Cloud Identity.

Refer Project migration for more information.