Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In the case of Zilla managed service account:

  • If you want to go with With Zilla managed service account based authentication, please reach out to the Zilla support team (at support@zillasecurity.com) to get the service account email, support@zillasecuritycreated.com.

  • After getting receiving the email associating with the service account, create a custom role at organization level for Zilla with the below command run in Cloud shell.

    Code Block
    gcloud iam roles create zilla_security_role --organization=<your-org-id> --permissions=resourcemanager.organizations.get,resourcemanager.organizations.getIamPolicy,iam.roles.get,iam.roles.list,resourcemanager.projects.get,resourcemanager.projects.getIamPolicy,resourcemanager.projects.list,iam.serviceAccounts.list,resourcemanager.folders.get,resourcemanager.folders.getIamPolicy
  • Assign this custom role to Zilla managed service account with the below command in Cloud shell. This is performing role assignment at the organization level.

    Code Block
    gcloud organizations add-iam-policy-binding <your-org-id> --member serviceAccount:<zilla-managed-service-account-email> --role organizations/<your-org-id>/roles/zilla_security_role --condition=None
  • Private key and email of the service account will be set by the Zilla support team as part of the app configuration in Zilla UI.

In the case of your own service account:

  • If you want to use your own service account to authenticate the integration, please create one a service account under any of your projects within the organization and grant the these permissions below at the organization level.

    Code Block
    resourcemanager.organizations.get
    resourcemanager.organizations.getIamPolicy
    iam.roles.get
    iam.roles.list
    resourcemanager.projects.get
    resourcemanager.projects.getIamPolicy
    resourcemanager.projects.list
    iam.serviceAccounts.list
    resourcemanager.folders.get
    resourcemanager.folders.getIamPolicy
  • Private key and emails of the service account will be used in a later step.

...