Is it possible with Workspace and GCP to restrict geographical where a user can access projects and resources from?
For example, all users in the Workspace should only be able to access GCP resources from Australia. User A decides to go on holiday to USA but will do some remote work. Their access should be blocked to select Workspace and GCP resources unless over ruled (ie. User A enabled access from USA).
This is something I've seen possible in Azure AD, does GCP/Workspace have a similar functionality?
Use Context-Aware Access to create granular access control policies for Google Workspace. Not all versions of Google Workspace enable this feature. This does not affect access to Google Cloud Platform.
If you are using Identity-Aware Proxy to control access to your resources in Google Cloud, then you can extend Identity-Aware Proxy with Context-Aware Proxy. However, this does not limit access to the Google Cloud GUI or other Google owned resources - only the ones you configure IAP authorization.
Setting up context-aware access with Identity-Aware Proxy
Context-Aware Access can also be integrated with VPC Service Control perimeter ingress rules to allow access based on network origin (IP and VPC).
Context-aware access with ingress rules
Summary:
Integrate Context-Aware Access with resources you create that support Identity-Aware Proxy.
Use VPC Service Controls to control access to Google Cloud resources that support VPCs (Cloud Storage, BigQuery, etc).
If your goal is to limit access to the Google Cloud Console GUI, I am not aware of one. Use Two-Step Verification to control user access from new locations.