...
If you want to go with Zilla managed service account based authentication, please reach out to the Zilla support team to get the service account email, support@zillasecurity.com.
After getting the email, create a custom role for Zilla with the below command in Cloud shell.
Code Block gcloud iam roles create zilla_security_role --organization=<your-org-id> --permissions=resourcemanager.organizations.get,resourcemanager.organizations.getIamPolicy,iam.roles.get,iam.roles.list,resourcemanager.projects.get,resourcemanager.projects.getIamPolicy,resourcemanager.projects.list,iam.serviceAccounts.list
Assign this role to Zilla managed service account with the below command in Cloud shell.
Code Block gcloud organizations add-iam-policy-binding <your-org-id> --member serviceAccount:<zilla-managed-service-account-email> --role organizations/<your-org-id>/roles/zilla_security_role --condition=None
Private key and email of the service account will be set by the Zilla support team.
...
If you want to use your own service account to authenticate the integration, please create one under any of your projects and grant the permissions below.
Code Block resourcemanager.organizations.get resourcemanager.organizations.getIamPolicy iam.roles.get iam.roles.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list iam.serviceAccounts.list
Private key and emails of the service account will be used in a later step.
...