Use case - Only allow users from specific domains into GCP

Organization Policy : Allow only allowed Domains into GCP

As a GCP Admin, this is a policy you will get to use often. To add legitimate, allowed domains (vendors, 3rd parties etc.) onto your GCP Platform (as IAM members).

What about Admin.google groups?

Before Cloud Identity, there were admin.google groups where users could be added and brought over (automatically) to your GCP platform.

This option still exists. The actual domains that these users belong to, DO NOT need to be part of the authorized domains at the top Org Level.