Restrict Firebase and GCP console access behind Organisation SSO

[Rohith Shriram]

We have a goole cloud project and a Firebase project in our organisation. We want to restrict access to the Firebase and GCP console behind our Organisation's SSO authentication.

Basically, when users try to open https://console.firebase.google.com/u/0/project/abc123/overview,  they need to be redirected to xyzorg.com. Once they are authenticated using our organisation's creds they will be redirected back to https://console.firebase.google.com/u/0/project/abc123/overview. Is this possible?

Please note: Firebase Authentication is not applicable here as we are not looking for an SSO solution for one of our web pages, but we want to restrict user to the Firebase and GCP Console itself. 

We have thought of below solution:

1. Migrate our project's Firebase and GCP Console to our domain, so that it is available only internally

2. Read that Google Workspace has option for SSO Integration and it is user based for SSO

Please suggest if there are better ways/workarounds for this.