Users and groups are created in Cloud Identity, which is managed from the admin.google.com page rather than the GCP console. The users and groups that you create receive Google identities that can be consumed by Cloud IAM for role/permission management from the GCP console.It’s recommended to use Google Cloud Directory Sync (GCDS) to provision users.

In Google Cloud, the super administrator role can be a super admin in Cloud Identity, and the super admin is granted the GCP organization admin role by default. Organization admins have the ability to define IAM policies, grant other users IAM roles, determine the structure of the resource hierarchy, and delegate key cloud responsibilities to other users via roles.

Grant access to a user created in Cloud Identity: