Note:
...
Before doing sync with GCP you should have done the sync of G Suite, Otherwise, you will miss on the users which get access through G Suite groups. How to sync your organization G Suite checkout link G Suite Application Configuration with Zilla
To do this operation you need to be an admin with Zilla ( Specifically
SuperAdminrole ) & admin access with your organization's Google Cloud Platform - GCP ( Specifically,Access Approval Approverequivalent or more privileged role than that ) application.
...
| Include Page | ||||
|---|---|---|---|---|
|
| Note |
|---|
Google Cloud Platform (GCP) support has been deprecated. Please use Google Cloud Platform V2 (GCP) instead. |
Steps to get required configs
You will get your Google organization on the top bar of GCP dashboard as marked by the red arrow in the screenshot below. Users & Groups in this primary domain
organizationwill be synced.
To authenticate the integration, you will need either Zilla managed service account’s credentials or your own service account’s credentials.
In the case of Zilla managed service account:
If you want to go with Zilla managed service account based authentication, please reach out to the Zilla support team to get the service account email, support@zillasecurity.com.
After getting the email, create a custom role for Zilla with the below command in Cloud shell.
Code Block gcloud iam roles create zilla_security_role --organization=<your-org-id> --permissions=resourcemanager.organizations.get,resourcemanager.organizations.getIamPolicy,iam.roles.get,iam.roles.list,resourcemanager.projects.get,resourcemanager.projects.getIamPolicy,resourcemanager.projects.list,iam.serviceAccounts.listAssign this role to Zilla managed service account with the below command in Cloud shell.
Code Block gcloud organizations add-iam-policy-binding <your-org-id> --member serviceAccount:<zilla-managed-service-account-email> --role organizations/<your-org-id>/roles/zilla_security_role --condition=NonePrivate key and email of the service account will be set by the Zilla support team.
In the case of your own service account:
If you want to use your own service account to authenticate the integration, please create one under any of your projects and grant the permissions below.
Code Block resourcemanager.organizations.get resourcemanager.organizations.getIamPolicy iam.roles.get iam.roles.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list iam.serviceAccounts.listPrivate key and emails of the service account will be used in a later step.
| Info |
|---|
Prerequisites to be completed before GCP sync:
|
Setup GCP Application Integration on Zilla
Login to Zilla with your admin credentials,.
...
You will see your Zilla applications
Applicationstab , Locate (if not, clickApplicationsin the left menu bar), clickAdd Applicationbutton at in the top right top , click it,corner.
...
You will see
Add Applicationscreen withSearch Librarytab where you may seeGCPentry at the top or you may need to typegcpas search text, You will see an entry forGoogle Cloud Platformwith A window with a search bar appears, type inGCPin the search bar.Google Cloud Platformapp entry will appear at the top of the list, clickAdd to Applicationsbutton on to the right side, click it, .
...
A dialog appears, add the required field
Instance Name& you can choose to fill in optional fields for Owner & criticality. Click Fill in the form with appropriate details and then click onAdd to Applicationsbutton.
The
GCPinstance will get added to yourApplications, You can see it appear there. Click on theGoogle Cloud Platformapp instance name ,you just added.
...
You will see a detailed
GCPApplication page. On the top right top, you will see clickSync nowbutton click it, .
...
A dialog appears, Enable enable API Integration.
...
Upon enabling the
API Integrationa configuration option appear,
...
Your google domainenters the name of your google primary domain. e.g. If your Gmail isjohn.doe@example.comenterexample.comas your domain here. Most likely it will appear on the top bar ofGCPdashboard as marked by the red arrow in the below screenshot,
...
Upon filling in the
Your google domaininformation, Click theNextbutton.
...
Next, you will see a small dialog
In the next step, you may be asked to log in to Google Cloud Platform - 1, and then sync will start automatically.ClickNextYou will be redirected to Google to do OAuth consent for following permission, Click
Allow
...
...
Fill in Your google domain, Private key of the service account and Email of the service account from the earlier steps. In case of Zilla managed service account, private key and email of service account configs will be set by the Zilla support team.
Set Use service account based authentication to
Yes.Optional: Comma separated list of project ID prefixes to skip projects (e.g. sys, sandbox): projects can be excluded from the sync by specifying the project ID prefix or entire project ID.
Click
Sync Now.
...
Click
Next.
...
Note: Zilla’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
You will see sync is in progress,
...
On sync completion, a toast dialog appears
...
. Click
Done.
...
After sync completion, check the Sync summary. Click
Close.
...
You are done, now you can visit various tabs of the Application Details page for
Google Cloud Platformapp instance on Zilla, to see what application data is brought in by sync. e.g.Accountstab will have details of user accounts that are brought in.If you see some errors or need further assistance, please contact Zilla Support.
| Include Page | ||||
|---|---|---|---|---|
|