Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Include Page
API Header
API Header

Steps to get required configs

  • You will get your Google organization on the top bar of GCP dashboard as marked by the red arrow in the screenshot below. Users & Groups in this primary domain organization will be synced.

    Image Added
  • To authenticate the integration, you will need either Zilla managed service account’s credentials or your own service account’s credentials.

In the case of Zilla managed service account:

  • With Zilla managed service account, please reach out to the Zilla support team (at support@zillasecurity.com) to get the service account created.

  • After receiving the email associating with the service account, create a custom role at organization level for Zilla with the below command run in Cloud shell.

    Code Block
    gcloud iam roles create zilla_security_role --organization=<your-org-id> --permissions=resourcemanager.organizations.get,resourcemanager.organizations.getIamPolicy,iam.roles.get,iam.roles.list,resourcemanager.projects.get,resourcemanager.projects.getIamPolicy,resourcemanager.projects.list,iam.serviceAccounts.list,resourcemanager.folders.get,resourcemanager.folders.getIamPolicy
  • Assign this custom role to Zilla managed service account with the below command in Cloud shell. This is performing role assignment at the organization level.

    Code Block
    gcloud organizations add-iam-policy-binding <your-org-id> --member serviceAccount:<zilla-managed-service-account-email> --role organizations/<your-org-id>/roles/zilla_security_role --condition=None
  • Private key of the service account will be set by the Zilla support team as part of the app configuration in Zilla UI.

In the case of your own service account:

  • If you want to use your own service account to authenticate the integration, please create a service account under any of your projects within the organization and grant these permissions below at the organization level.

    Code Block
    resourcemanager.organizations.get
    resourcemanager.organizations.getIamPolicy
    iam.roles.get
    iam.roles.list
    resourcemanager.projects.get
    resourcemanager.projects.getIamPolicy
    resourcemanager.projects.list
    iam.serviceAccounts.list
    resourcemanager.folders.get
    resourcemanager.folders.getIamPolicy
  • Private key and emails of the service account will be used in a later step.

Info

Prerequisites to be completed before Google Cloud Platform V2 sync:

  • Sync Google Workspace application. This is required to capture the users and groups in the Google Workspace directory. For instructions to sync Google Workspace visit: Google Workspace.

Setup GCP V2 Application Integration on Zilla

  • Visit the Zilla application and login using your admin credentials and then click Add Applicationin the top right.

...

  • A window with a search bar appears, type in Google Cloud Platform V2 in the search bar. Google Cloud Platform V2 app entry will appear at the top of the list, click Add to Applications button to the right.

    image-20240424-070308.pngImage Added

  • Fill in the form with appropriate details and then click on Add to Applications button.

    image-20240424-070415.pngImage Added

  • You will see a detailed Google Cloud Platform V2 Application page. On the top right, click Sync now.

...

  • A dialog appears, enable API Integration.

...

  • Fill in Your google domain, Private key of the service account and Email of the service account from the earlier steps. In case of Zilla managed service account, private key and email of service account configs will be set by the Zilla support team.

  • To discover and sync GCP projects, set Yes in Auto discover GCP projects and Auto sync discovered GCP projects configs. You will need to specify GCP projects config to sync as child apps in the config if you have set Yes in the Auto discover GCP projects config. (You can sync the GCP without these GCP Project configs to get list of all project with their ID, labels and other metadata in the resource tab then you can use that to fill these configs). The structure of the GCP projects config to sync as child apps config is,

    Code Block
    languagejson
    {
       effect: "include/exclude",
       field: "projectId/labels/any field from the project metadata in camelCase",
       values: ["my-project-id", "array of the specified field values"]
    }
  • Click Sync Now.

...

  • Click Next.

...

  • You will see sync is in progress. Click Done.

...

  • On successful sync you will see the following summary. Click Close.

...

Note: Zilla’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Include Page
Integrations Footer
Integrations Footer