Announcing Identity Lifecycle Management

ConductorOne docs

Set up a Google BigQuery connector

ConductorOne provides identity governance and just-in-time provisioning for Google BigQuery. Integrate your Google BigQuery instance with ConductorOne to run user access reviews (UARs), enable just-in-time access requests, and automatically provision and deprovision access.

Capabilities

  • Sync user identities from Google BigQuery to ConductorOne

  • Resources supported:

    • Service accounts
    • Roles
    • Datasets

Add a new Google BigQuery connector

This task requires either the Connector Administrator or Super Administrator role in ConductorOne.

  1. In ConductorOne, click Connectors > Add connector.

  2. Search for Google BigQuery and click Add.

  3. Choose how to set up the new Google BigQuery connector:

    • Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren’t yet managed with ConductorOne)

    • Add the connector to a managed app (select from the list of existing managed apps)

    • Create a new managed app

    Do you SSO into Google BigQuery using your identity, SSO, or federation provider? If so, make sure to add the connector to the unmanaged Google BigQuery app that was created automatically when you integrated your provider with ConductorOne, rather than creating a new managed app.

  1. Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of ConductorOne users. Setting multiple owners is allowed.

    A Google BigQuery connector owner must have the following permissions:

    • Connector Administrator or Super Administrator role in ConductorOne
    • The permission to make a service account in Google Cloud
  1. Click Next.

Next steps

  • If you are the connector owner, proceed to Configure your Google BigQuery connector for instructions on integrating Google BigQuery with ConductorOne.

  • If someone else is the connector owner, ConductorOne will notify them by email that their help is needed to complete the setup process.

Configure your Google BigQuery connector

A user with the Connector Administrator or Super Administrator role in ConductorOne and the permission to make a service account in Google Cloud must perform this task.

Step 1: Create a service account

  1. In the Google Cloud console, navigate to the Create service account page.

  2. Select your project.

  3. Choose a name for the service account and enter it in the Service account name field.

    Google Cloud automatically sets the service account ID based on the name you choose.

  4. Enter a description for the service account in the Service account description field.

  5. Click Create and continue.

  6. From the Select a role list, grant the service account either the Viewer or BigQuery Data Viewer role.

  7. Click Continue.

  8. Click Done to create the service account.

Step 2: Create a service account key

  1. Still in the Google Cloud console, click the email address of the service account you created in Step 1.

  2. Click Keys.

  3. Click Add key > Create new key.

  4. Click Create. A JSON file containing the account key is created and downloaded. Keep the downloaded file safe, you’ll use it in the next step.

  5. Click Close.

Step 3: Add your Google BigQuery credentials to ConductorOne

  1. In ConductorOne, navigate to the Google BigQuery connector by either:

    • Clicking the Set up connector link in the email you received about configuring the connector.

    • Navigate to Connectors > Google BigQuery (if there is more than one Google BigQuery listed, click the one with your name listed as owner and the status Not connected).

  2. Find the Settings area of the page and click Edit.

  3. Select the JSON file you downloaded in Step 2 in the Credentials (JSON) field.

  4. Click Save.

  5. The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.

That’s it! Your Google BigQuery connector is now pulling access data into ConductorOne.