...
In the case of Zilla managed service account:
If you want to go with With Zilla managed service account based authentication, please reach out to the Zilla support team (at support@zillasecurity.com) to get the service account email, support@zillasecuritycreated.com.
After getting receiving the email associating with the service account, create a custom role at organization level for Zilla with the below command run in Cloud shell.
Code Block gcloud iam roles create zilla_security_role --organization=<your-org-id> --permissions=resourcemanager.organizations.get,resourcemanager.organizations.getIamPolicy,iam.roles.get,iam.roles.list,resourcemanager.projects.get,resourcemanager.projects.getIamPolicy,resourcemanager.projects.list,iam.serviceAccounts.list,resourcemanager.folders.get,resourcemanager.folders.getIamPolicy
Assign this custom role to Zilla managed service account with the below command in Cloud shell. This is performing role assignment at the organization level.
Code Block gcloud organizations add-iam-policy-binding <your-org-id> --member serviceAccount:<zilla-managed-service-account-email> --role organizations/<your-org-id>/roles/zilla_security_role --condition=None
Private key and email of the service account will be set by the Zilla support team as part of the app configuration in Zilla UI.
In the case of your own service account:
If you want to use your own service account to authenticate the integration, please create one a service account under any of your projects within the organization and grant the these permissions below at the organization level.
Code Block resourcemanager.organizations.get resourcemanager.organizations.getIamPolicy iam.roles.get iam.roles.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list iam.serviceAccounts.list resourcemanager.folders.get resourcemanager.folders.getIamPolicy
Private key and emails of the service account will be used in a later step.
...