An identity in GCP can be any one of the following. The most commonly used identities for HUMAN users are the first two - Google Accounts (e.g. your gmail account) and GSuite domain (your GSuite licensed account).

  • Google accounts: These represent someone who interacts with GCP, for example, an admin user.
  • G Suite Domain: This domain represents a group (domain) of Google accounts that have been created in G Suite.
  • Cloud Identity Domain: Similar to G Suite, this domain represents all of the Google accounts in an organization.
  • Google groups: These are named collections of Google accounts (and can include service accounts). Primarily used to assign policies to a whole set of users at one go. A Google Group can be used with IAM to grant access to roles. One important exception is that a group can only be assigned the owner role of a project if they are part of the same organization.
  • Service accounts: These are robo accounts - and typically represent and application (as opposed to a HUMAN user).

That's it in a nutshell. These are the different types of users (identities in GCP).

Need a hands-on, GCP Consultant?

Need help with your GCP journey?  Start the conversation today.