Hello everyone,

I'm building a service using GCP, profile using the same email I'm using for Google Workspace. I'm an admin in Google Workspace and decided to create a project in GCP to integrate a service I am developing with a Google Chat chatbot.

Unfortunately, it seems that whenever I deploy the (or any) cloud function (I am using a serverless cloud function based on this tutorial to run the demo for the chatbot: https://developers.google.com/workspace/chat/quickstart/gcf-app#python), I get the following error: "One or more users named in the policy do not belong to a permitted customer."

To try and remove any other variables, I have tried:

- to create services in both JS/Node and Python (same error)

- to create both a 1st gen and 2nd gen service (same error regardless of whether using Cloud Run or not)

- deliberately adding admin run invoker privileges to the two principals in the project, myself and the compute service (this didn't work either)

- temporarily enabling owner privileges for any service running on the project (didn't work)

This leads me to believe that the error has to be something to do with how Google Workspace and Google Cloud coordinate privileges. I'm just following the quickstart tutorial above, so it's probably something obvious, but in any of the GCP/Workspace settings I haven't found anything out of place. Between these prerequisites:

• A Google Workspace account with access to Google Chat in a Google Workspace organization that permits unauthenticated Google Cloud Function invocations.
• A Google Cloud project.
• Make sure that you turn on billing for your Cloud project. Learn how to verify the billing status of your projects.

I believe it is probably the first that I have misconfigured.

I greatly appreciate your help. All the best!