In addition to what @somethingsomething said, in cases like this, instead of assigning access to individual users, the domain acts as a principal in IAM. Meaning anyone with an email address from that domain example.com will be granted the specified permissions when accessing the GCP project.

Google Cloud IAM allows granular access control with roles: you can choose a specific IAM role to assign to the domain and define the level of access the users from that domain will have within the project (e.g., "Viewer" for read-only access, "Editor" for read-write access).