Additional Steps to Change Google Cloud IAP Policy

Kayla M.

Updated

Complete the steps covered in this guide if you receive the IAM policy update failed error code.


In this article:


Step 1. Add another role

  • Make sure that you are open to the "IAM" tab:

Screenshots_for_Google_Console_–_Figma.png

  • Open the dropdown menu in the top-left corner:

Screenshots_for_Google_Console_–_Figma.png

  • Select your organization (Your organization will have a building icon next to it):

Screenshots_for_Google_Console_–_Figma.png

  • If you organization does not show up to be selected, then you must add it first.
    • Click Cancel.
    • Open the Organizations tab from the left sidebar.
    • Click Select next to your organization to add it to your project:

Google organizations.png

  • Be sure your organization is now selected in the drop down and that you are in the IAM tab located in the left menu.

 

  • Then, click the pencil icon next to your email account:

Screenshots_for_Google_Console_–_Figma.png

  • Click add another role:

Screenshots_for_Google_Console_–_Figma.png

  • Search for the organization policy administrator role:

Screenshots_for_Google_Console_–_Figma.png

  • Click Save to keep and apply your changes:

Screenshots_for_Google_Console_–_Figma.png


Step 2. Update the organizational policy

  • Open the Organization Policies tab from the left sidebar:

Screenshots_for_Google_Console_–_Figma.png

  • In the "Organization Policies" page, search for Domain Restricted Sharing from the list of constraints, then click Domain Restricted Sharing:

Screenshots_for_Google_Console_–_Figma.png

  • Click Manage Policy:

Screenshots_for_Google_Console_–_Figma.png

  • Then, select the Override Parent's Policy option:

Screenshots_for_Google_Console_–_Figma.png

  • Click the Replace option, then click on the rule below and change the drop down to Allow All.
  • Then, click Done:

Screenshots_for_Google_Console_–_Figma.png

  • Click Set Policy to save all changes:

Screenshots_for_Google_Console_–_Figma.png

  • Now, return to the Organizational Policies tab to open the Organization Policies page.
  • Search Disable service account creation from the list of constraints.
  • Click Disable service account creation:

Screenshots_for_Google_Console_–_Figma.png

  • Click Manage Policy:

Screenshots_for_Google_Console_–_Figma.png

  • Change the "Policy Source" to Override Parent's Policy, then click on the Enforced rule.
  • Change the Enforced rule to Off.
  • Then, click Done:

Screenshots_for_Google_Console_–_Figma.png

  • Click Set Policy to save your changes:

Screenshots_for_Google_Console_–_Figma.png


Step 3. Disable Service Account Key Creation

With this additional step, you are providing access to the BMA team to create the API key that is essential in building your branded mobile app.

  • Return to the Organizational Policies tab to open the Organization Policies page.

  • Search “Disable service account key creation” from the list of constraints.



  • Click Disable service account key creation:



  • Click Manage Policy



  • Change the "Policy Source" to Override Parent's Policy, then click on the Enforced rule.
  • Change the Enforced rule to Off.
  • Then, click Done:


  • Click Set Policy to save your changes:




Step 4. Return to your project

After saving your new role, return to your project:

  • Open the dropdown menu in the top-left corner:

Screenshots_for_Google_Console_–_Figma.png

  • Switch back to the project you created (your app name):

Screenshots_for_Google_Console_–_Figma.png


Step 5. Return to the previous article

Go back to How to Add Kajabi as an Admin to Your Google Play Console and Project Owner on Google Cloud Console and complete Steps 3 and 4.


And that's how you can complete the additional steps if you encounter the Google Cloud IAP Policy error! Please vote below and let us know if you found this article helpful. We value your feedback. Thanks for being the best part of Kajabi!

Did you find this article helpful?

Need more help?

Contact Us