Google Cloud Platform (GCP)

Google Cloud Platform (GCP) support has been deprecated. Please use Google Cloud Platform V2 (GCP) instead.

Steps to get required configs

You will get your Google organization on the top bar of GCP dashboard as marked by the red arrow in the screenshot below. Users & Groups in this primary domain organization will be synced.
To authenticate the integration, you will need either Zilla managed service account’s credentials or your own service account’s credentials.

In the case of Zilla managed service account:

If you want to go with Zilla managed service account based authentication, please reach out to the Zilla support team to get the service account email, support@zillasecurity.com.
After getting the email, create a custom role for Zilla with the below command in Cloud shell.
gcloud iam roles create zilla_security_role --organization=<your-org-id> --permissions=resourcemanager.organizations.get,resourcemanager.organizations.getIamPolicy,iam.roles.get,iam.roles.list,resourcemanager.projects.get,resourcemanager.projects.getIamPolicy,resourcemanager.projects.list,iam.serviceAccounts.list
Assign this role to Zilla managed service account with the below command in Cloud shell.
gcloud organizations add-iam-policy-binding <your-org-id> --member serviceAccount:<zilla-managed-service-account-email> --role organizations/<your-org-id>/roles/zilla_security_role --condition=None
Private key and email of the service account will be set by the Zilla support team.

In the case of your own service account:

If you want to use your own service account to authenticate the integration, please create one under any of your projects and grant the permissions below.
resourcemanager.organizations.get resourcemanager.organizations.getIamPolicy iam.roles.get iam.roles.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list iam.serviceAccounts.list
Private key and emails of the service account will be used in a later step.

Prerequisites to be completed before GCP sync:

Sync Google Workspace application. This is required to capture the users and groups in the Google Workspace directory. For instructions to sync Google Workspace visit: Google Workspace.

Setup GCP Application Integration on Zilla

Login to Zilla with your admin credentials.

You will see your Zilla Applications tab (if not, click Applications in the left menu bar), click Add Application button in the top right top corner.

A window with a search bar appears, type in GCP in the search bar. Google Cloud Platform app entry will appear at the top of the list, click Add to Applications button to the right.

Fill in the form with appropriate details and then click on Add to Applications button.
The GCP instance will get added to your Applications. Click on the Google Cloud Platform app instance name you just added.

You will see a detailed GCP Application page. On the top right, click Sync now.

A dialog appears, enable API Integration.

Fill in Your google domain, Private key of the service account and Email of the service account from the earlier steps. In case of Zilla managed service account, private key and email of service account configs will be set by the Zilla support team.
Set Use service account based authentication to Yes.
Optional: Comma separated list of project ID prefixes to skip projects (e.g. sys, sandbox): projects can be excluded from the sync by specifying the project ID prefix or entire project ID.
Click Sync Now.

Click Next.

Note: Zilla’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

You will see sync is in progress. Click Done.

After sync completion, check the Sync summary. Click Close.

You are done, now you can visit various tabs of the Application Details page for Google Cloud Platform app instance on Zilla, to see what application data is brought in by sync. e.g. Accounts tab will have details of user accounts that are brought in.