Google Cloud Platform IAM Users
About
Google Identity and Access Management (Google IAM) provides central management of access and permissions in the Google Cloud Platform (GCP) Cloud. Google IAM allows you to create granular permissions on user attributes such as department, job function, or team name.
Why You Should Integrate
This integration will provide visibility into your GCP IAM users within Sevco.
How Does the Integration Work
This integration pulls all IAM users (principals and service accounts) within a given GCP organization or a specific GCP project.
This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.
Configuration
-
Choose a Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas
- OAuth2: Will retrieve user assets using OAuth2 authentication.
- Note: OAuth2 will require re-authentication every 90 days, requiring you to edit and re-activate the source.
- Google Cloud Platform Service Account JSON: Will retrieve user assets using static credentials of a specific GCP service account.
- OAuth2: Will retrieve user assets using OAuth2 authentication.
-
Configure plugin:
OAuth2
There is no configuration to be done for the OAuth2 schema
Google Cloud Platform Service Account JSON Schema
Field | Description | Example |
---|---|---|
Service Account JSON * | Contents of the Service Account JSON key file |
|
Project ID | Google Cloud Project ID. If empty the plugin will attempt to pull from all projects accessible by the service account. | example-project-id |
-
Configure Name: OPTIONAL: You can give the configuration a name to provide an identifiable attribute of the configuration to delineate other similar configurations.
-
Activate Config: To enable this configuration and begin pulling data select "Activate". If you wish to save the configuration to come back later to finish, select "Save Draft". This will save the configuration, but keep it disabled until Activated.
Source Documentation
Creating Credentials
OAuth2 Schema
No specific credentials are required to be generated for this schema. However, the user used to authenticate with GCP must have the permissions listed below.
Google Cloud Platform Service Account JSON Schema
You will be required to generate a JSON key for a given GCP service account. This is done in the Google Cloud Console's IAM & Admin → Service Accounts section. For Details refer to this documentation
Please contact Sevco Support for the full details on creating and configuring your GCP service account.
Required Permissions
Your IAM user should use a permission policy with at least the following permissions:
iam.serviceAccounts.get
iam.serviceAccounts.list
resourcemanager.folders.list
resourcemanager.projects.get
resourcemanager.projects.list
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, IAM
Updated about 1 year ago