diff --git a/cloud/services/container/clusters/reconcile.go b/cloud/services/container/clusters/reconcile.go
index cb0074d98..22a14dd8d 100644
--- a/cloud/services/container/clusters/reconcile.go
+++ b/cloud/services/container/clusters/reconcile.go
@@ -259,6 +259,9 @@ func (s *Service) createCluster(ctx context.Context, log *logr.Logger) error {
 		Autopilot: &containerpb.Autopilot{
 			Enabled: s.scope.GCPManagedControlPlane.Spec.EnableAutopilot,
 		},
+		IdentityServiceConfig: &containerpb.IdentityServiceConfig{
+			Enabled: s.scope.GCPManagedControlPlane.Spec.EnableIdentityService,
+		},
 		ReleaseChannel: &containerpb.ReleaseChannel{
 			Channel: convertToSdkReleaseChannel(s.scope.GCPManagedControlPlane.Spec.ReleaseChannel),
 		},
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedcontrolplanes.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedcontrolplanes.yaml
index 0fce7f960..2c00db076 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedcontrolplanes.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedcontrolplanes.yaml
@@ -141,6 +141,10 @@ spec:
                 description: EnableAutopilot indicates whether to enable autopilot
                   for this GKE cluster.
                 type: boolean
+              enableIdentityService:
+                description: EnableIdentityService indicates whether to enable Identity
+                  Service component for this GKE cluster.
+                type: boolean
               endpoint:
                 description: Endpoint represents the endpoint used to communicate
                   with the control plane.
diff --git a/exp/api/v1beta1/gcpmanagedcontrolplane_types.go b/exp/api/v1beta1/gcpmanagedcontrolplane_types.go
index b7b1699cf..0d2e68cfe 100644
--- a/exp/api/v1beta1/gcpmanagedcontrolplane_types.go
+++ b/exp/api/v1beta1/gcpmanagedcontrolplane_types.go
@@ -133,6 +133,9 @@ type GCPManagedControlPlaneSpec struct {
 	// EnableAutopilot indicates whether to enable autopilot for this GKE cluster.
 	// +optional
 	EnableAutopilot bool `json:"enableAutopilot"`
+	// EnableIdentityService indicates whether to enable Identity Service component for this GKE cluster.
+	// +optional
+	EnableIdentityService bool `json:"enableIdentityService"`
 	// ReleaseChannel represents the release channel of the GKE cluster.
 	// +optional
 	ReleaseChannel *ReleaseChannel `json:"releaseChannel,omitempty"`