To adjust the organization policy in Firebase to allow users from all domains to accept project invitations, the owner or organization admin needs to configure identity and domain restrictions in the Google Cloud console rather than directly in Firebase. Here’s how to modify or disable domain restrictions:
Log into Google Cloud Console:
Go to Google Cloud Console.
Use an account with Owner or Organization Admin permissions for the organization.
Navigate to Organization Policies:
In the Cloud Console, click on IAM & Admin > Organization policies.
Locate the “Domain Restricted Sharing” Policy:
Find the policy called "Domain Restricted Sharing" (searching for it directly can help).
This policy controls access restrictions based on email domains for sharing Google Cloud resources, including Firebase.
Modify the Domain Restriction:
Click on the “Domain Restricted Sharing” policy to open its settings.
Select Edit to make changes.
Disable the restriction (remove all specific domains if you want to allow all domains) or add more domains that should be allowed to accept project invitations.
Save Changes:
Once you've made the desired modifications, click Save to apply the policy changes.
Verify in Firebase:
Go back to Firebase and have the user try to accept the invitation again to ensure the changes took effect.
Important Notes
Propagation Time: Changes to organization policies might take a few minutes to propagate.
Permissions Required: Only users with Organization Admin or similar high-level permissions can edit organization policies.
Security Considerations: Removing domain restrictions allows users from any domain to access shared resources, so consider this before disabling the restriction entirely.
This should allow users from additional domains or all domains to accept Firebase project invitations without encountering the restriction.