By default, admin email is considered as a user. It can also be a group. When we pass a group, it fails

resource "google_project_iam_binding" "iap_binding_users" {
project = var.project_id
role = "roles/iap.httpsResourceAccessor"
members = concat([ "user:${var.admin_email}" ], var.iap_users)
}