No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Actually cloud identity is the best option, you can use for free until 50 users, basically you will need to create and organization on GCP in order to do that(just need a  valid domain). If you use other identify provider like AD or Okta you could just sync it with Google Cloud Identity. Cloud Identity will made you able to manage the groups too. Just a reminder that Google have a clear separation between Authentication and Authorization. Authentication is handled by Google Cloud Identity and Authorization by IAM. So probably you will need to use two packages: cloudidentity and  the iam methods that are present at resources, project, folders and organization level. For example :<https://www.pulumi.com/registry/packages/gcp/api-docs/projects/iammember/>