As a Cloud Identity administrator, you manage groups for application teams in Google Cloud. These groups control user permissions, and application teams can self-manage their group members via the Google Cloud console. How do you configure the groups to restrict application teams to only adding users from within your organization?

Exam-Like

Change the configuration of the relevant groups in the Google Workspace Admin console to prevent external users from being added to the group.

Set an Identity and Access Management (IAM) policy that includes a condition that restricts group membership to user principals that belong to your organization.

Define an Identity and Access Management (IAM) deny policy that denies the assignment of principals that are outside your organization to the groups in scope.

Export the Cloud Identity logs to BigQuery. Configure an alert for external members added to groups. Have the alert trigger a Cloud Function instance that removes the external members from the group.

Google Professional Cloud Security Engineer

Get started today

Comments