Is there some simple way to use google cloud IAM for PAM on a non GCP computer so I can log in to a computer using GCP single sign-on?
Sounds like you want something like oslogin but it only works on GCP. if you look through the source you can see it interrogates the metadata server which is only available in GCP (maybe on-prem via Anthos? not sure)
Maybe you could authenticate to workspaces with ldap
You can use their LDAP bridge and configure PAM as if it was a standard OpenLDAP instance