1

I have Google identity with a domain example.com and have created a group, say my-admins@example.com. I can create users a-user@example.com and say another-user@example.com and add them to group my-admins@example.com.

I have a Google Cloud organization example.com and have successfully added my-admins@example.com and assigned it the roles I want (e.g Organization Admins).

It's possible for me to add google accounts, e.g googleaccount123@gmail.com as principals to my organization and assign them roles, but I can't seem to add them to the my-admins@example.com group.

Are my Google identity groups always scoped to users with the same domain? If so how do I get to a place where I can manage a mixed group of example users and google accounts?

Wojtek_B
  • 4,245
  • 1
  • 7
  • 21
plasmadrive
  • 31
  • 2
  • What is the error? Yes, you can add external identities to a group. Check which group type you are modifying. – John Hanley Oct 11 '21 at 16:14
  • Please update your question with the details how you're trying to add a member to a group and what error message you're getting. When you go to group details can you add any members ? It's possible that there's an [organization policy that blocks adding external members](https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains). You can add screenshots if possible too. – Wojtek_B Oct 12 '21 at 09:49

1 Answers1

2

I've realized the issue is that there is a group attribute allowing/denying adding members from outside of the organization.

plasmadrive
  • 31
  • 2
  • 1
    Please update your solution with more details so other community members can benefit from that :) – Wojtek_B Oct 12 '21 at 12:22