IAM on GCP allows administrators to create and manage policies that determine who has access to what resources, and what level of access they have. This can include granting access to specific GCP services, such as Google Compute Engine or Google Cloud Storage, as well as granting access to specific resources, such as virtual machines or storage buckets. Additionally, IAM on GCP can be used to authenticate and authorize users through various means, such as Google Accounts, service accounts, and Cloud Identity-Aware Proxy (Cloud IAP).