Integrate with GCP
STEP 1: Create a new service account
In your GCP Console > 'IAM & Admin' > 'Sevice Accounts', click on Create service account in the horizontal bar at the top of the page.
- Service account name: a custom name for your new account
- Service account ID: this will be autogenerated by the GCP Console
- Service account description: an optional description
Click on Create and continue.
STEP 2: Grant access to projects
Give the service account the following permissions:
- BigQuery Metadata Viewer
- Cloud Functions Admin
- Logging Admin
- Pub/Sub admin
- Service Account User
- Storage Admin
- Viewer
Click on the Done button to complete the account creation.
You can now view the new service account in the list of Service accounts.
STEP 3: Create key
Open the new service account from the list, and navigate to the Keys tab.
Click on Add key > Create new key > JSON > Create.
The new key was downloaded and saved on your machine.
Open it with a text editor, you will need to paste it in the SlashID Console in the next step.
STEP 4: SlashID Console configuration
Select whether you want SlashID to monitor a single GCP project or your entire GCP organization.
Fill in the connection details:
| SlashID Console field | Description |
|---|---|
| Name of the connection | Arbitrary name you give to this connection |
| Project ID [or Organization ID] | Your GCP project ID or GCP organization ID |
| Service account email The "Email" field from the service account details tab | |
| Authoritative status | Decide whether GCP identities are the primary (or secondary) source of truth when reconciling identities across providers |
| Service account key | The content of the key file you created in step 3 |
Click on the Connect button to complete the setup.