Enforce IDIR login for GCP usrs

[NickCorcoran]

Describe the Issue Since initial use, Google local accounts have been used for authentication for GCP. Policy requires IDIR integration for corporately supported cloud services, so integration is necessary.

Additional Context Add any other context, attachments or screenshots

Acceptance Criteria

• [x] Setup Entra ID app registration for GCP
• [x] Setup Google Workspace Entra ID IDP
• [x] Setup Google Workspace group to enforce Entra ID IDP for login
• [x] Test authentication for group

^ Done previously by Nick and Warren ^ v Done this sprint v

• [x] Send out notice to affected users - 9 Feb 2024
• [x] Batch user population into group
• [x] Monday batch completed - 20 ppl
• [x] Test with 2 users
• [x] Tuesday batch completed - 18 ppl
• [x] Wednesday batch completed - remaining

[NickCorcoran]

All IDIR users identified w/ Google Workspace accounts have been assigned to the IDIR enforcement group.

However, I think there may be some users directly granted resource access in projects. To be investigated.

Also, Google workspace admin accounts cannot be forced to login w/ alternative IDP. May have to adjust to ensure those admin accounts are used as break glass use (TBD).