Complete the steps covered in this guide if you receive the IAM policy update failed error code.
In this article:
Step 1. Add another role
Make sure that you are logged in with your Organization Administrator account.
Open the "IAM" tab in the left menu:
Open the dropdown menu in the top-left corner:
Select your organization (Your organization will have a building icon next to it):
If you organization does not show up to be selected, then you must add it first.
Click Cancel.
Open the Organizations tab OR the Identity & Organization tab (Google can display this step in either) from the left sidebar.
Click Select next to your organization domain to add it to your project:
Be sure your organization is now selected in the drop down and that you are in the IAM tab located in the left menu.
Then, click the pencil icon next to your email account:
Click add another role:
Search for the organization policy administrator role (you can search for it by typing it in. If you cannot find it, you are likely not logged in with your Organization's Administrator account):
Click Save to keep and apply your changes:
Step 2. Update the organizational policy
Open the Organization Policies tab from the left sidebar:
In the "Organization Policies" page, search for Domain Restricted Sharing from the list of constraints, then click Domain Restricted Sharing:
Click Manage Policy:
Then, select the Override Parent's Policy option:
Click the Replace option, then click on the rule below and change the drop down to Allow All.
Then, click Done:
Click Set Policy to save all changes:
Now, return to the Organizational Policies tab to open the Organization Policies page.
Search Disable service account creation from the list of constraints.
Click Disable service account creation:
You will want to follow these next steps for both links
Click Manage Policy:
Change the "Policy Source" to Override Parent's Policy, then click on the Enforced rule.
Change the Enforced rule to Off.
Then, click Done:
Click Set Policy to save your changes:
Make sure to repeat these steps for the second “Disable service account creation” link
Step 3. Disable Service Account Key Creation
With this additional step, you are providing access to the BMA team to create the API key that is essential in building your branded mobile app.
Return to the Organizational Policies tab to open the Organization Policies page.
Search “Disable service account key creation” from the list of constraints.
Click Disable service account key creation:
You will want to follow these next steps for both links
Click Manage Policy
Change the "Policy Source" to Override Parent's Policy, then click on the Enforced rule.
Change the Enforced rule to Off.
Then, click Done:
Click Set Policy to save your changes:
Make sure to repeat these steps for the second “Disable service account key creation” link
Step 4. Return to your project
After saving your new role, return to your project:
Open the dropdown menu in the top-left corner:
Switch back to the project you created (your app name):
Step 5. Return to the previous article
Go back to How to Add Kajabi as an Admin to Your Google Play Console and Project Owner on Google Cloud Console and complete Steps 3 and 4.
And that's how you can complete the additional steps if you encounter the Google Cloud IAP Policy error! Please vote below and let us know if you found this article helpful. We value your feedback. Thanks for being the best part of Kajabi!