Not being able to add a user to my project in Goog...

SDA · 04-01-2024 03:18 AM

I'm trying to Adding a user to my project in Google Cloud Console but keep on getting this message:

IAM policy update failed
A domain restriction organization policy is in place. Only principals in allowed domains can be added as principals in the policy. Correct the principal emails and try again.

Is there some where I could solve this? Should I get a new account?

Thanks

acarino

Hi @SDA ,

Welcome to Google Cloud Community!

You are getting the error because there is an organization policy constraints “constraints/iam.allowedPolicyMemberDomains'’ that is enabled on your organization that restrict the set of identities which are not in the allowedpolicymembersdomains. However, you can resolve this issue by allowing the domains of the member in the Organization policy constraints “constraints/iam.allowedPolicyMemberDomains'’. Please note that constraints take the value of the Customer ID. The Customer ID can be retrieved using the gcloud command or API. Please add the Customer ID to your constraints/iam.allowedPolicyMemberDomains policy.

Possible Workarounds:

Disable the Organization Policy constraint iam.allowedPolicyMemberDomains temporarily till the IAM policy binding is applied.
If you have some policy members that aren't part of the whitelisted Customer ID(s), you can add them to a Google Group and then use the Group for the IAM Policy binding as described here.

I hope this information is helpful.

If you need further assistance, you can always file a ticket on our support team.

Not being able to add a user to my project in Google Cloud Console