Turn Google Cloud Platform on or off for users

Important update: Starting November 10, 2021, the Google Cloud Platform service control will further restrict access to Google Cloud Platform services when set to off. Previously, setting the Google Cloud Platform service control to off disabled new project creation. After this date, the Google Cloud Platform service control will begin disabling access to all Google Cloud Platform services. The current Google Cloud Platform setting will be migrated to a new setting for project creation.

As an administrator, you manage who in your organization can access Google Cloud Platform services. You can turn on the Google Cloud Platform service for everyone in your organization, specific organizational units, or specific groups. Users who have it on can use their account to access Google Cloud projects and services that they have been granted access to, and create Cloud Billing accounts for projects and services. Users who have the service off are restricted from accessing Google Cloud Platform projects and services using their organization account.

The Google Cloud Platform service only limits access for users within your organization. The service does not restrict access to service accounts, and does not restrict anonymous use of Google Cloud services and resources that are publicly accessible.

You can control:

  • Who can create projects. By default, project creation is on for users in your organization. When Google Cloud Platform is turned off, users can't create new projects and are restricted from managing project ownership invitations.
  • Use of the OS Login API. By default, the OS Login API settings are on for your organization. For example, you can prevent users from configuring access to VM instances outside of your organization. When Google Cloud Platform is turned off, users can't access the OS Login API.
  • Access to Google Cloud Shell. By default, access is on for your organization. When Google Cloud Platform is turned off, users can't access Google Cloud Shell.

Control who uses Google Cloud Platform in your organization

Note: Starting November 10, 2021, setting the Google Cloud Platform service control to off will further restrict access by disabling new project creation and disabling access to all Google Cloud Platform services. The Google Cloud Platform service control will also include an additional setting for restricting new project creation.

Before you begin: To turn a service on or off for certain users, put their accounts in an organizational unit (to control access by department) or add them to an access group (to allow access for users across or within departments).

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenAdditional Google servicesand thenGoogle Cloud Platform.
  3. (Optional) To turn a service on or off for an organizational unit:
    1. At the left, select the organizational unit.
    2. To change the Service status, select On or Off.
    3. Choose one:
      • If the Service status is set to Inherited and you want to keep the updated setting, even if the parent setting changes, click Override.
      • If the Service status is set to Overridden, either click Inherit to revert to the same setting as its parent, or click Save to keep the new setting, even if the parent setting changes.
        Note: Learn more about organizational structure.
  4. (Optional) Turn on the service for a group of users.
    Use access groups to turn on a service for specific users within or across your organizational units. Learn more

Changes typically take effect in minutes, but can take up to 24 hours. For details, go to How changes propagate to Google services.  

Choose user settings for Google Cloud Platform

To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenAdditional Google servicesand thenGoogle Cloud Platform
  3. To control access to creating Google Cloud projects, click Cloud Resource Manager API settings.
    Note: This control restricts project creation, and restricts users from managing project ownership invitations. Learn about Cloud Resource Manager
    1. Next to Project Creation Settings, check or uncheck Allow users to create GCP projectsand thenclick Save.
    2. Next to Cloud Resource Manager API settings, click the Up arrow"".
  4. To control access to the OS Login API, click OS Login API Settings.
    Note: Learn about Managing OS Login.
    1. Click POSIX Account Settingsand thencheck or uncheck Generate default POSIX information and Include the domain suffix in usernames generated by the OS Login APIand thenclick Save
    2. Click SSH Public Key Settingsand thencheck or uncheck Users can manage their SSH public keysand thenclick Save.
    3. Click External User Settingsand thencheck or uncheck  Access VM instances outside of your organizationand thenclick Save.
    4. Next to OS Login API settings click the Up arrow""
  5. To control access to Google Cloud Shell, click Cloud Shell settings. 
    • Check or uncheck Allow access to Cloud Shell and thenclick Save.
    • Next to Cloud Shell settings click the Up arrow""
Changes typically take effect in minutes, but can take up to 24 hours. For details, go to How changes propagate to Google services.  
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
73010
false