Hmm audit compliance? Google gives you a log of who logged in where, doesn't it?
And with "proper RBAC" you mean that you can put somebody into the "Developer" role, hence he gets AWS, GCP, Datadog, right?
I don't know how extensive Google's logging is - heck, didn't even know they offered Enterprise SSO until a few days ago (every organization I know uses either Okta or M365/AD) :)
Proper RBAC is as granular as necessary, but no more
Proper RBAC also links everything needed by a certain role together
Merely knowing who logged-in where and when, though, is not enough - you also need to know what they did while there (and that they did not do anything they were not supposed to be able to do (which links back to proper RBAC'ing))
CIS, HIPAA, FISMA, SOX, STIG and all the other alphabet soup compliance rules, frameworks, etc are a lot more extensive than just "who logged in where" :)
Proper RBAC is as granular as necessary, but no more
Proper RBAC also links everything needed by a certain role together
Merely knowing who logged-in where and when, though, is not enough - you also need to know what they did while there (and that they did not do anything they were not supposed to be able to do (which links back to proper RBAC'ing))
CIS, HIPAA, FISMA, SOX, STIG and all the other alphabet soup compliance rules, frameworks, etc are a lot more extensive than just "who logged in where" :)
--------
See NIST's page on RBAC for some of this: https://csrc.nist.gov/Projects/Role-Based-Access-Control