This release of JIT Groups introduces the following new features for managing policies:
- You can now configure groups to grant folder- or organizartion-level access.
- Access control lists now support the following additional principal identifiers:
domain:DOMAINto grant (or deny) access to all users of a specific Cloud Identity/Workspace accountclass:internalUsers: to grant (or deny) access to all users of your Cloud Identity/Workspace accountclass:externalUsers: to deny access to all external users, including consumer accounts
The release also improves the user interface:
- The user interface now includes links to view group details in the Cloud Console, Admin Console, or Google Groups, and a link to the group's audit log.
- When viewing a policy document, JIT Groups now returns the original document -- including its original formatting and comments.
- When validating a policy document, JIT Groups now lints your IAM conditions and verifies the names of predefined roles.
In addition, the release includes several stability improvements and fixes, including:
- Notification emails now render properly in classic Outlook
To deploy or upgrade JIT Groups in your environment, see Deploy JIT Groups and use the branch jitgroups/latest. To upgrade from an older version of JIT Access, see Upgrade from JIT Access.