I'm looking for some guidance and have had a hard time finding a straight answer via Google.
I am building a web app using Google Cloud Platform and Firebase and would like to grant users access to only their own subdomain. So for example, if user 1 is part of the organization Lakers, I would like the domain they use to be lakers.myapp.com. If user 2 is part of Bucks, their app would be hosted at bucks.myapp.com. When somebody who is not authorized visits one of these domains, they should not be able to view anything since they are not authorized under that subdomain (just like any normal web app). I have the login all set up and can redirect the user to their subdomain, but what is the process of checking that the user is authorized to view that subdomain?
If the answer has many parts, I would be happy to receive some links to resources on how to do this; I wanna be sure it's done right.
Organization policies can use this constraint to limit resource sharing to a specified set of one or more Google Workspace domains, and exceptions can be granted on a per-folder or per-project basis. For more information about adding exceptions, see Override the organization policy for a project.
In the security rules you can access both the email address and whether it is verified, which makes some great use-cases possible. With these rules for example only an authenticated, verified gmail user can write their profile, please see the Stackoverflow Link for more details.