Use Case A - You need to implement a central authorization mechanism for users of your App (say hosted on App engine)

Use Case B - You need to implement a central authorization mechanism for users of your Google Cloud Account.

The first calls for Identity Aware Proxy - to define and enforce application level policies

The second calls for regular GCP IAM - simply define a group of all IAM users and assign roles to the group