Google Front End can detect when an attack is taking place and can drop or throttle traffic associated with that attack.

A single Google data center has many times the bandwidth of even a large DoS attack, enabling it to simply absorb the extra load.

Application-aware defense is not currently supported on Google Cloud, although support for this is planned in the very near future.

Cloud Identity can work with any domain name that is able to receive email.

Your organization must use Google Workspace services in order to use Cloud Identity.

You cannot use both Cloud Identity and Google Workspace services to manage your users across your domain.

A Google Workspace or Cloud Identity account can be associated with more than one Organization.

Help simplify provisioning and deprovisioning user accounts.

Completely replace an Active Directory or LDAP service.

Enable two-way data synchronization between Google Cloud and AD/LDAP accounts.

Enable SSO between Cloud Identity and GCP

Requiring 2-Step Verification (2SV) is only recommended for super-admin accounts.

You should have no more than three Organization admins.

Avoid managing permissions on an individual user basis where possible.

Organization Admins should never remove the default Organization-level permissions from users after account creation.

A policy is a collection of access statements attached to a resource.

An organization policy can only be applied to the organization node.

A less restrictive parent policy will not override a more restrictive child resource policy.

A Policy binding binds a list of members to a role.

You must use one of the 3 pre-configured “Google-managed profiles” to specify the level of compatibility appropriate for your application.

Google Cloud load balancers require, and will only accept, a Google-managed SSL Cert.

The Google-managed profile, COMPATIBLE, allows clients which support out-of-date SSL features.

If no SSL policy is set, the SSL policy is automatically set to the most constrained policy, which is RESTRICTED.

Org viewer, Project owner

Org viewer, Project viewer

Org admin, Project browser

Project owner, Network admin