Overview
This document provides instructions on how to connect to an API to import data from this application into your instance of Zilla.
In this guide, you will:
Launch your application from inside Zilla
Set up an API configuration
Send your data securely to Zilla
Step-by-Step Instructions
Steps to get required configs
You will get your Google organization on the top bar of GCP dashboard as marked by the red arrow in the screenshot below. Users & Groups in this primary domain
organization
will be synced.To authenticate the integration, you will need either Zilla managed service account’s credentials or your own service account’s credentials.
In the case of Zilla managed service account:
If you want to go with Zilla managed service account based authentication, please reach out to the Zilla support team to get the service account email, support@zillasecurity.com.
After getting the email, create a custom role for Zilla with the below command in Cloud shell.
gcloud iam roles create zilla_security_role --organization=<your-org-id> --permissions=resourcemanager.organizations.get,resourcemanager.organizations.getIamPolicy,iam.roles.get,iam.roles.list,resourcemanager.projects.get,resourcemanager.projects.getIamPolicy,resourcemanager.projects.list,iam.serviceAccounts.list,resourcemanager.folders.get,resourcemanager.folders.getIamPolicy
Assign this role to Zilla managed service account with the below command in Cloud shell.
gcloud organizations add-iam-policy-binding <your-org-id> --member serviceAccount:<zilla-managed-service-account-email> --role organizations/<your-org-id>/roles/zilla_security_role --condition=None
Private key and email of the service account will be set by the Zilla support team.
In the case of your own service account:
If you want to use your own service account to authenticate the integration, please create one under any of your projects and grant the permissions below.
resourcemanager.organizations.get resourcemanager.organizations.getIamPolicy iam.roles.get iam.roles.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list iam.serviceAccounts.list resourcemanager.folders.get resourcemanager.folders.getIamPolicy
Private key and emails of the service account will be used in a later step.
Prerequisites to be completed before Google Cloud Platform V2 sync:
Sync Google Workspace application. This is required to capture the users and groups in the Google Workspace directory. For instructions to sync Google Workspace visit: Google Workspace.
Setup GCP V2 Application Integration on Zilla
Visit the Zilla application and login using your admin credentials and then click
Add Application
in the top right.
A window with a search bar appears, type in
Google Cloud Platform V2
in the search bar.Google Cloud Platform V2
app entry will appear at the top of the list, clickAdd to Applications
button to the right.Fill in the form with appropriate details and then click on
Add to Applications
button.You will see a detailed
Google Cloud Platform V2
Application page. On the top right, clickSync now
.
A dialog appears, enable API Integration.
Fill in Your google domain, Private key of the service account and Email of the service account from the earlier steps. In case of Zilla managed service account, private key and email of service account configs will be set by the Zilla support team.
To discover and sync GCP projects, set
Yes
in Auto discover GCP projects and Auto sync discovered GCP projects configs. You will need to specifyGCP projects config to sync as child apps
in the config if you have setYes
in the Auto discover GCP projects config. (You can sync the GCP without these GCP Project configs to get list of all project with their ID, labels and other metadata in the resource tab then you can use that to fill these configs). The structure of theGCP projects config to sync as child apps
config is,{ effect: "include/exclude", field: "projectId/labels/any field from the project metadata in camelCase", values: ["my-project-id", "array of the specified field values"] }
Click
Sync Now
.
Click
Next
.
You will see sync is in progress. Click
Done
.
On successful sync you will see the following summary. Click
Close
.
Note: Zilla’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
When you have finished with all the steps above, review the information in Zilla that was synced.
Having trouble? Try our Troubleshooting articles or contact support@zillasecurity.com.