Google Cloud Platform Onboarding Guide

Updated 6 months ago by admin

This feature is in Early Access preview.

This guide provides the steps you need to follow in order to onboard Google Cloud Platform accounts onto the Posture Management service.

This article will guide you through the following steps:

  • Create and configure a Google Cloud Project for Posture Management and Service Account
  • Assign read-only permissions for Posture Management
  • Add the Google Cloud Platform application to the Posture Management service
You will need to be an Administrator of the Google Cloud account, or have sufficient admin privileges, to perform these steps
  1. Log in to the GCP Console
  2. Click the Select Project drop down
  1. Click New Project and enter a suitable name
  1. Select the new project
  2. Enable the required API's in the new project by navigating to API's & Services
  1. Enable the following API's one by one
  • Cloud Resource Manager API
  • Identity and Access Management (IAM) API
  • Service Usage API
  • Identity Toolkit API
  • Admin SDK API
  • Cloud Functions API
  • Essential Contacts API
  1. Next, navigate to IAM & Admin -> Service Accounts -> + Create Service Account
  1. Enter the Service account name and click Create and Continue
  2. Click Done
  1. Copy the Email for the new service account
  2. Navigate back to IAM & Admin -> IAM and click Grant Access
  3. Paste in the email address from Step 9
  1. Use the Select a role dropdown to assign the following permissions:
  • Access Approval Viewer
  • BigQuery Metadata Viewer
  • Browser
  • Organization Policy Viewer
  • Security Reviewer
  • Basic > Viewer
  1. Navigate back to IAM & Admin -> Service Accounts -> Posture Management email -> Keys and click Add Key -> Create New Key
  1. Select the JSON option and click Create
  2. A JSON file will be downloaded which is required in the next step
  3. To enable monitoring of MFA configuration for users, open Google Workspace Admin and navigate to Account -> Admin Roles
  1. Select the User Management Admin role and click Assign Role
  2. Select Assign Members
  1. Paste in the Posture Management email address from Step 9 and click Assign Role
  2. Now we can configure the Posture Management service with your new Azure application. Log in to the USS Dashboard and navigate to Products -> Posture Management.
  3. The Posture Management dashboard will open in a new tab. From the top ribbon, select Service Integration and then +
  1. Click Google Cloud Platform
  1. Click Browse ands elect the JSON file that you downloaded in Step 15
  2. Click Add
  3. Click Scan Now to begin scanning the application immediately, or wait for it to automatically scan on a daily basis
  4. One the first scan has finished you will be able to view the results in the Charts and Activity report tabs

How did we do?