See how Ramp uses ConductorOne
ConductorOne

ConductorOne Docs

Google Cloud Platform connector

Integrations with the applications from which ConductorOne pulls identity data are called connectors.

Overview

Google Cloud Platform is a popular cloud platform for enterprises. ConductorOne connects with your Google Cloud Platform instance to provide visibility and permission management on users, projects, and roles.

Availability

General availability. The Google Cloud Platform connector is available to all ConductorOne users.

Capabilities

  • Sync identities from Google Cloud Platform to ConductorOne
  • Entitlements supported:
    • Google Cloud Platform projects
    • Google Cloud Platform roles

Requirements

To connect your Google Cloud Platform environment, you will need:

  • Super Administrator role in ConductorOne
  • The permission to make a service account in Google Cloud Platform

Integrate your Google Cloud Platform instance

Step 1: Create a new project

  1. In Google Cloud Platform the toolbar, click the project select dropdown, then click NEW PROJECT.

  2. Create a new project for your organization:

    • Project Name: Choose a name such as “ConductorOne Integration”
    • Organization/Location: Choose any organization and location

After the project is created, make sure the correct project is selected in the dropdown at the top.

Step 2: Enable APIs

  1. In the navigation menu, navigate to > APIs & Services > Library.

  2. Search for and select the following APIs:

    • Identity and Access Management (IAM) API
    • Cloud Resource Manager API
    • Cloud Asset API
    • Admin SDK API
  3. Click Enable.

Step 3: Create a service account

  1. In the navigation menu, navigate to > APIs & Services > Credentials.

  2. Select CREATE CREDENTIALS > Service Account.

  3. Under Service account details, fill in the following:

    • Service account name: ConductorOne Integration
    • Service account description: for example, “Service account for ConductorOne Google Cloud Platform Integration”
    • Click CREATE AND CONTINUE
  4. Under Grant this service account access to a project, grant the appropriate permission level:

    • Viewer to run access reviews on your Google Cloud Platform users
    • Editor to provision access via ConductorOne and run access reviews
  5. Leave Grant users access to this service account blank.

  6. Click DONE.

Step 4: Grant your service account access to your organization

  1. Navigate to your organization by selecting your organization from the dropdown.

  2. Navigate to the IAM tab from the left nav and click ADD button located at the top of the page.

  3. For the principal, use the service accountId for the service account you created in Step 3.

  4. Select the appropriate roles:

    • Organization Viewer and Viewer to run access reviews on your Google Cloud Platform users
    • Organization Administrator and Editor to provision access via ConductorOne and run access reviews
  5. Click Save.

Step 5: Get credentials

  1. Navigate back to APIs & Services > Credentials and select the service account you just created.

  2. Click the service account’s email address.

  3. On the Service Account Details Page, click KEYS.

  4. Click ADD KEY > Create new key.

  1. Choose JSON and click CREATE.

  2. Keep the downloaded file safe, you’ll use it in the next step.

Step 6: Integrate ConductorOne to your Google Cloud Platform account

  • Return to ConductorOne » select Integrations » click Google Cloud Platform
  • Fill out the Credentials form field using The contents of the JSON file downloaded in Step 5:
  • Click Next to complete the process
  1. In ConductorOne, click Integrations > Google Cloud Platform.
  2. If this is your first GCP integration, the integration form opens automatically. Otherwise, click Add Connector.
  3. Select the JSON file you downloaded in Step 5 in the Credentials (JSON) field.
  4. Click Next.
  5. A new Google Cloud Platform page opens with your saved credentials.

That’s it! Your Google Cloud Platform instance is now integrated with ConductorOne.