Is there a way to isolate outside user who does not have account in GCP,(i am talking about the feature like STS credetials in AWS, which can be created by roles and policy
