Control creation of Google Cloud Platform projects

As a G Suite administrator, you can control:

  • Who can create Google Cloud Platform projects. By default, creation is on for your organization. When Google Cloud Platform is turned off, users can't create new projects but can access their existing projects.
  • Use of the OS Login API. For example, you can prevent users accessing VM instances outside of your organization. By default, the OS Login API settings are on.
  • User's access to Google Cloud Shell. By default, access is on.

Control who uses Google Cloud Platform in your organization

Before you begin: To turn the service on or off for certain users: Put their accounts in an organizational unit (to control access by department) or put them in an access group (to control access for users across or within departments).

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Apps > Additional Google services > Google Cloud Platform.
  3. To turn on or off a service only for users in an organizational unit:

    1. At the left, select the organizational unit.
    2. Select On or Off.
    3. To keep the service turned on or off even when the service is turned on or off for the parent organizational unit, click Override.
    4. If the organization's status is already Overridden, choose an option:
      • Inherit—Reverts to the same setting as its parent.
      • Save—Saves your new setting (even if the parent setting changes).

    Learn more about organizational structure.

  4. (Optional) Turn on the service for a group of users.
    Use access groups to turn on a service for specific users within or across your organizational units. Learn more

Changes typically take effect in minutes, but can take up to 24 hours. For details, see How changes propagate to Google services.  

Choose settings for Google Cloud Platform

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Apps > Additional Google services > Google Cloud Platform. The settings apply regardless of whether users have Google Cloud Platform turned on or off.
  3. To set OS Login API policies, click OS Login API settings. Learn about Managing OS Login.
    To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
  4. To control access to Google Cloud Shell, click Cloud Shell settings. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
    • Check or uncheck Allow users to access.
Changes typically take effect in minutes, but can take up to 24 hours. For details, see How changes propagate to Google services.  
Was this helpful?
How can we improve it?