The majority of this guardrail will be managed with existing Government of Canada identity provider (IdP). For Granting, changing, and revoking access to resources you can leverage Identity and Access Management (IAM) and details can be found here Managing Roles and Permissions.
Google Cloud security best practices Security Best Pratices