Skip to content
Ricky's Tech Explorer Log

Cloud Identity and GCP Org Creation

Scenario

To create a GCP organization using the free version of Cloud Identity, you must have a personal domain.

Process and Description

  1. Create Cloud Identity
  2. Create GCP Organization
  • By default, it will provide a best practice approach for creation

Execution Steps

Apply for Cloud Identity

Go to the following URL and follow the instructions to apply and register

https://support.google.com/cloudidentity/answer/7389973?hl=zh-Hant

Cloud Identity application page

After registration, follow the instructions to set up Cloud Identity

Here you need to protect DNS

DNS protection setup page

Set up DNS

DNS configuration page

Notification that DNS configuration is required

DNS configuration prompt page

Follow the instructions to copy the TXT record to the DNS host configuration

TXT record copy page

After completion, click to protect the domain

Domain protection confirmation page

After successful verification, a protection success prompt will appear

Domain protection success prompt

Create Users

Create a Cloud Identity user, who is also the first administrator

Create admin user page

After creation, it will appear in the user panel

User panel display

View the subscription, you can see that the free version only has a quota of 50 people, meaning 50 people can manage and control GCP, and there are no other Google Workspace office features

Subscription information page

Additional confirmation can be performed

Additional confirmation page

Create GCP ORG

Confirm Organization Creation

Create an organization in GCP

GCP organization creation page

Once Cloud Identity is created, it means the organization is automatically created. Click to proceed to step 2

Organization creation confirmation page

Organization creation details page

As long as the verification is successful, a green checkmark will appear at the bottom

Verification success prompt

This will also prompt what domain and identity are being used to enter

Domain and identity confirmation page

Create Groups

If using the GCP ORG feature for the first time, there is now a wizard to assist in automatically creating related groups

Group creation wizard page

If you have no other ideas, you can create groups according to the official recommendations. These groups will be created in both Cloud Identity and GCP, and given appropriate GCP permissions

Official recommended group setup page

You can click to view which groups will be created and their descriptions

Group description page

After clicking create, Cloud Identity will also synchronize the creation

Cloud Identity synchronous group creation page

After creation is complete, click continue

Group creation completion page

Create administrator users, click continue

Admin user creation page

You can add members to groups according to your needs, or add them later

Group member addition page

If there is only one person in the group, it will also remind you

Single-person group reminder

After confirming that everything is fine, click continue to the next step

Group setup confirmation page

Grant Administrator Permissions

Next, click continue to the next step to start granting related permissions to groups

Administrator permission setup page

By default, corresponding permissions will be given to each group, you can use the default for now

Default permission setup page

Billing Setup

After completion, start setting up billing

Billing setup page

Click to start setting up billing functionality

Billing function setup page

Choose billing according to your actual situation

Billing selection page

Organization Structure Setup

You can set up the hierarchical structure of the organization, and official templates are also provided. This step can be skipped and manually created later if needed

Organization structure setup page

You can choose from these four types according to your needs

Organization structure type selection page

After selection, you can modify the folder name

Folder name modification page

You can also adjust project names and configure user groups

Project and user group configuration page

After completion, click next

Organization structure setup completion page

Some other initial projects will also be configured, click continue if everything is fine

Initial project configuration page

Confirm the complete resource structure, click continue if there are no issues

Resource structure confirmation page

Click confirm draft if everything is fine

Draft confirmation page

Network Configuration

Next, proceed with network configuration

Network configuration page

Click to start setting up the network

Network setup start page

A reference description page appears, click continue

Network setup description page

Click to configure

Network detailed setup page

Configure according to requirements

Network requirements setup page

Set up firewall rules

Firewall rule setup page

Ensure IP is normal and all other functional requirements are configured

IP and function confirmation page

Set up corresponding projects

Project mapping setup page

After configuration is complete, click confirm

Network setup confirmation page

Set Up Centralized Logging

Click continue

Centralized logging setup page

Click to start configuration

Logging setup start page

Set up the name

Logging name setup page

Confirm the draft

Logging setup draft confirmation page

Download Deployment Script

You can download Terraform

Terraform download page

Click to download in Terraform format

Terraform download selection page

You can download Terraform configurations according to your needs

Terraform configuration download page

After downloading, you can see various configuration files

Terraform configuration file list

Other Settings

You can set up monitoring according to your needs

Monitoring setup page

You can set up SCC according to your needs

SCC setup page

You can select and apply according to your needs

Settings application selection page

Support plans can be purchased according to your needs

Support plan purchase page

This completes the process of creating a GCP Organization from scratch