As an administrator, you can control:
- Who can create Google Cloud Platform projects. By default, creation is on for your organization. When Google Cloud Platform is turned off, users can't create new projects but can access their existing projects.
- Use of the OS Login API. For example, you can prevent users accessing VM instances outside of your organization. By default, the OS Login API settings are on.
- User's access to Google Cloud Shell. By default, access is on.
Control who uses Google Cloud Platform in your organization
Before you begin: To turn a service on or off for certain users, put their accounts in an organizational unit (to control access by department) or add them to an access group (to allow access for users across or within departments).
- From the Admin console Home page, go to Apps > Additional Google services > Google Cloud Platform.
(Optional) To turn a service on or off for an organizational unit:
- At the left, select the organizational unit.
- Select On or Off.
- Click Override to keep your setting if the service for the parent organizational unit is changed.
- If Overridden is already set for the organizational unit, choose an option:
- Inherit—Reverts to the same setting as its parent.
- Save—Saves your new setting (even if the parent setting changes).
Learn more about organizational structure.
(Optional) Turn on the service for a group of users.
Use access groups to turn on a service for specific users within or across your organizational units. Learn more
Changes typically take effect in minutes, but can take up to 24 hours. For details, go to How changes propagate to Google services.
Choose user settings for Google Cloud Platform
- From the Admin console Home page, go to Apps > Additional Google services > Google Cloud Platform. The settings apply regardless of whether users have Google Cloud Platform turned on or off.
- Click OS Login API settings and turn on or off setting for users. Learn about Managing OS Login.
To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
- To control access to Google Cloud Shell, click Cloud Shell settings. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
- Check or uncheck Allow access to Cloud Shell.