If you are a developer then you can always signup to GCP using your google account. But this doesn’t allow you to create organization and is not suitable if you want to onboard your company to GCP.
For organizations to onboard developers to GCP, they first need to create an organization in GCP. This is done by creating either a cloud identity account or google workspace account.
Step 1: Create Organization
Choose Between Google Workspace or Cloud Identity:
Google Workspace: If you need email services, calendar, and collaboration tools like Google Drive, Docs, and Meet.
Google Cloud Identity: If you only need identity and access management (IAM) without the additional collaboration services. Cloud Identity is free and suitable for managing users and groups within an organization. (ref: Google Cloud Identity page.)
As part of creating identity you need to provide your domain name and create super admin credentials based on your domain (e.g., acme.com, admin@acme.com)
Step 2: Create users
Login to admin.google.com to create users and groups in your organization. Use the account credentials used to setup and create an organization
Create a new user testuser@acme.com
Step 3: Create Projects
Sign into GCP using your admin credentials
Create Projects in your organization
Create and link billing accounts to your projects
Add permissions to users/groups created in step 2. For example, you can add users to some projects and give them owner/viewer permissions.
You can also add users to your organization with owner/editor permissions which allows them to create new projects in your organization.
Permissions can be added in IAM console to principals/users and selecting appropriate IAM roles and conditions.
Imagine the two users:
admin@acme.com (super admin)
testuser@acme.com (developer)
Login as admin@acme.com and run the below command to give permission to testuser@acme.com with storage bucket create permission. Below command can be executed in the cloud shell within the GCP UI. This operation can also done using IAM UI.
gcloud projects add-iam-policy-binding <project-id>
--member="user:<useremail>" --role="roles/storage.admin"
Login to GCP Console as testuser@acme.com.
//check IAM permissions granted
gcloud projects get-iam-policy <project-id> --filter="bindings.members:user:<useremail>"
//create storage bucket
gsutil mb gs://test-bucketReferences: