This pageapplies toApigee andApigee hybrid.

View Apigee Edge documentation.

After you receive a confirmation that your Apigee organization has been provisioned, you can addmore user accounts to the Google Cloud project. You do this by using the IAM servicein the Google Cloud console.

This section describes how to add new user accounts to your Google Cloud project and manage their access.These user accounts might have specialized roles, such as someone who creates analytics reports orsomeone who is responsible for deploying and undeploying API proxies. For description of Apigeeroles, including API access details, see Manage users, roles, and permissions using the API.

1. In the Google Cloud console, go to theIAM & Admin> IAM page.

   Go to IAM

   The Console displays thePermissions view:

   

2. To add a new user, clickADD. The Console displays theAdd principals view:

   

3. In theNew principals field, enter the email address of the new user's account.

   The email address must be one of the following types:

   • AGoogle account (for example,fred@gmail.com). All Gmail accounts are Google accounts, but you can also register email addresses with different domains as Google accounts.
   • The name of a Google group. For example,my-group@googlegroups.com. If you add a Google group as a user, then all members of the group will have that role.
   • A service account. For example,my-service-account@example.gserviceaccount.com. (You do not need to add your service accounts here.)
   • A Google Workspace domain. For example,address@example-domain.com, where example.com is a domain that you used when you signed up for Google Cloud services.

   You can specify more than one email address in theNew principals field and assign the same role to all of them. To assign different roles to different email addresses, perform steps 4 and 5 for each new principal.

4. Assign at least one role to the new principals:
   1. Expand theSelect a role list.
   2. Select the role that you want to assign. To decide which roles to assign, see the descriptions inApigee roles.
   3. To assign an Apigee role, you can enterApigee as a filter so that the list displays only Apigee roles, as the following example shows:

      

   4. Repeat this process for each role you want to assign to the user.
   Note: To enable granular control over your resources, you can specify resource conditions for each role. To understand how to specify resource conditions, seeAdding resource conditions in IAM policies. If you don't specify any resource conditions for a role, the role will have blanket permissions on all the child resources.
5. ClickSave to add the new user to the Google Cloud project with the assigned roles.
6. Repeat this process for each user that you want to add.

Google Cloud allows the project's new users to access all environments in the organization with theassigned permissions. To limit a user's access to certain environments, use the hybrid UI's, asdescribed in Add user accounts in the UI.