From 813d97affaffa66c9ede6490c2c0007a83d99d5e Mon Sep 17 00:00:00 2001
From: Yuxin Li <yuxinli@google.com>
Date: Tue, 5 Nov 2024 19:44:26 -0800
Subject: [PATCH] initial commit

---
 mmv1/products/accesscontextmanager/ServicePerimeter.yaml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mmv1/products/accesscontextmanager/ServicePerimeter.yaml b/mmv1/products/accesscontextmanager/ServicePerimeter.yaml
index be1850412e89..d0ed2296e328 100644
--- a/mmv1/products/accesscontextmanager/ServicePerimeter.yaml
+++ b/mmv1/products/accesscontextmanager/ServicePerimeter.yaml
@@ -259,9 +259,12 @@ properties:
                 - name: 'identities'
                   type: Array
                   description: |
-                    A list of identities that are allowed access through this ingress policy.
-                    Should be in the format of email address. The email address should represent
-                    individual user or service account only.
+                    A list of identities that are allowed access through [IngressPolicy].
+                    Identities can be an individual user, service account, Google group,
+                    or third-party identity. For third-party identity, only single identities
+                    are supported and other identity types are not supported.The v1 identities
+                    that have the prefix user, group, serviceAccount, and principal in
+                    https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
                   is_set: true
                   item_type:
                     type: String