Finish non-IDIR cleanup (User with No Entra Id)

[bruce-wh-li]

Describe the Issue

• Non-Idir User has no Entra Id and can't be managed
• Still users in GCP that are not managed - reach out to POs to get fixed (have list). Azure External Identity can be managed through four approaches : External Identity if partner organization with Azure AD Tenant, External Identities with social media, direct id federation (SAML/WS Federation), External Identity OTP with Email
• GCP SSO needs user in either Google workspace or cloud identity account
• Draft comms re: Request Idir and turning off non-IDIR for product teams after Idir and GCP Cloud Access by Idir through Microsoft Entra is ready

Additional Context https://app.zenhub.com/workspaces/cloud-pathfinder---aws-5e4dbb426c3c6af8dcbf06a7/issues/gh/bcgov/cloud-pathfinder/2865

• [x] Discuss External Identity to determine if request IDIR Id is best fit.
• [x] Project team request Idir Id for Non Idir User
• [x] Check Entra Id existence
• [ ] Add Workspace Account for the new External Identity in Google Account Console
• [ ] Add Entra Id to the User Group in the EA for GCP Cloud Authentication in Azure
• [ ] Add Workspace Id to user group for legacy workload in Google Account Console
• [ ] Add workspace id to user of the GCP project
• [x] Check if Owner can grant all the necessary role for the project participant
• [ ] Remove corresponding Non-Idir user from GCP project after a determined time (say 1 month) or after user confirmation the access obtain through the SSO is as expected

Acceptance Criteria

Contact POs for products to remediate non-IDIR users Draft comms for GCP users to enforce IDIR only login (Just Google Cloud, not Google Workspace)

[bruce-wh-li]

Communication sent to Ministry Team to request IDIR account for the contractors.
IDIR to be created by Sept 6, PO to assign new IDIR project level access by Sept 30. Non-IDIR access removal starting Sept 30.