Control creation of Google Cloud Platform projects

As an administrator, you can control:

  • Who can create Google Cloud Platform projects. By default, creation is on for your organization. When Google Cloud Platform is turned off, users can't create new projects but can access their existing projects.
  • Use of the OS Login API. For example, you can prevent users accessing VM instances outside of your organization. By default, the OS Login API settings are on.
  • User's access to Google Cloud Shell. By default, access is on.

Control who uses Google Cloud Platform in your organization

Before you begin: To turn a service on or off for certain users, put their accounts in an organizational unit (to control access by department) or add them to an access group (to allow access for users across or within departments).

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Apps > Additional Google services > Google Cloud Platform.
  3. (Optional) To turn a service on or off for an organizational unit:

    1. At the left, select the organizational unit.
    2. Select On or Off.
    3. Click Override to keep your setting if the service for the parent organizational unit is changed.
    4. If Overridden is already set for the organizational unit, choose an option:
      • Inherit—Reverts to the same setting as its parent.
      • Save—Saves your new setting (even if the parent setting changes).

    Learn more about organizational structure.

  4. (Optional) Turn on the service for a group of users.
    Use access groups to turn on a service for specific users within or across your organizational units. Learn more

Changes typically take effect in minutes, but can take up to 24 hours. For details, see How changes propagate to Google services.  

Choose settings for Google Cloud Platform

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Apps > Additional Google services > Google Cloud Platform. The settings apply regardless of whether users have Google Cloud Platform turned on or off.
  3. To set OS Login API policies, click OS Login API settings. Learn about Managing OS Login.
    To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
  4. To control access to Google Cloud Shell, click Cloud Shell settings. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
    • Check or uncheck Allow access to Cloud Shell.
Changes typically take effect in minutes, but can take up to 24 hours. For details, see How changes propagate to Google services.  
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue