A few months ago, I adopted Google Cloud as my IaaS provider, because I was really fed up with AWS, its inconsistencies and the poor documentation they have, and of having ten services to do the same or that need to work together. Azure was also considered, but since I already have an account with their Azure for Students plan, I didn't want to have another one for personal stuff or having to deal with Domain stuff.

Up until now, I was using Google Cloud from my personal google account (using an @gmail.com address), but I didn't want to sign in to GCP with my main account on places I can't trust will be totally secure: my computer at school, my phone, a laptop I use sometimes when I'm out of town... Which meant needing to find a way to use another account.

Unfortunately, Google Cloud uses google accounts (whether their "public" option or a Workspace account with a custom domain) as principals, instead of AWS' username/password system, which is easier to handle unless you need SSO or similar systems. Which meant I'd either have to sign up to Workspace (6€ a month, approx.) or creating a new Google account which would be a mess regarding email or having them both signed in on my browser.

So, I got around asking and investigating and found out Cloud Identity (not to be confused with Identity Platform), with a free tier of up to 50 users, you can connect your domain and create Workspace-like accounts with no access to the paid services (Gmail, Drive, Meet) but with access to Google Cloud, organizations and other platforms that allow sign up with Google.

So, I got around to setting it up: from an incognito browser with no account logged in (not to mix it with my personal account) I signed up at Cloud Identity, which uses the same domains and stuff as Workspace. I verified by domain (costas.dev) with the DNS TXT record and got it all up and running. I now have a "[something]@costas.dev" google account WITHOUT GMAIL or anything other than Cloud Platform.

After that, I went to GCP, added a new billing account tied to my new GCP organization COSTAS.DEV, and got it all ready. I migrated every project I had on my personal account there (provision resources again, new service account credentials...) and got over with it.

So, now, I use GCP from a custom account tied to my "organization" (it's nothing legally, just me as an individual) but can log in to Google Cloud without needing to use my actual Google Account with accounts tied to Gmail, payment accounts and other valuable stuff that needs to really be protected.

If you're an individual using Google Cloud and have a domain (which you should anyway), consider switching to this option, since giving access to others will be easier: just create them a Cloud Identity user at the Google Admin console with a password, and they'll be able to sign in with that account (user@example.com) without it mixing up with their personal stuff.