In the Google Cloud console, when I tried to add a principal with a domain outside the organization (a domain not allowed by organization policy) to IAM for a project linked to an organization, an error occurred due to the following constraint:
constraints/iam.allowedPolicyMemberDomains
The project in question inherits the organization's policy, and we understand that organization-level permissions are required to edit it.
Therefore, I tried to operate it with an account with administrator privileges for the organization, but the "Manage Policies" button was disabled and I was unable to edit the constraint.
In this regard, I would appreciate it if you could advise me on the following points.
- How to change the constraints/iam.allowedPolicyMemberDomains setting to allow specific external domains
- Why is the "Manage Policies" button disabled, and how to enable it
