Google Cloud Platform Integration Setup

Getting Started

BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts.

Requirements:

• key

• delegated

• domain

• project

Who performs this task

1. An identity administrator responsible for assigning role-based access to individuals or groups within your organisation. This individual needs to be a Super Administrator for Cloud Identity or Workspace.

2. A domain administrator with access to the company's domain host, to see and edit domain settings such as DNS configurations.

Getting access permissions

You will be required to perform the below steps:

1. Enable required APIs

2. Create a custom role and assign permissions

3. Create a service account

4. Add domain delegation scopes to the service account

1. Enabling required APIs

2. Search and enable the following APIs

   • Compute Engine API

   • Identity and Access Management (IAM) API

   • Cloud Resource Manager API

   • Admin SDK API

   • Cloud Functions API

   • Cloud SQL Admin API

   • App Engine Admin API

   • Cloud Asset API

2. Creating a custom role and assigning permissions

2. Click on + CREATE ROLE to proceed with creating a custom role.
3. Fill in the required fields for creating the role.
4. Click on Add Permissions to add new permissions to the role.
5. Search for the following permissions and add them

   • appengine.applications.get

   • bigquery.datasets.get

   • cloudasset.assets.listResource

   • cloudasset.assets.searchAllIamPolicies

   • cloudsql.instances.list

   • compute.instances.list

   • iam.roles.get

   • iam.roles.list

   • iam.serviceAccounts.get

   • resourcemanager.projects.get

6. Click on CREATE to create the role.

3. Creating a service account

2. Click on Create service account button on the top to proceed.
4. Click on the service account you just created and select the KEYS tab from the top.
5. Click on ADD KEY → Create new key.
6. Select JSON and click on the CREATE button, the wizard will create a JSON file to download with the necessary key for later use.

4. Add domain delegation scopes to the service account

1. You need to add domain delegation scopes to the service account, first get the OAuth2 client ID from the Service account.

4. Find the domain-wide delegation section and click on MANAGE.
5. Enter the copied client ID and add the following OAuth scopes.

Configuring Google Cloud Platform in your BalkanID tenant

1. Login to the BalkanID application and switch to the tenant you would like to add your integration to.

2. Head to Integrations > Third Party Applications and click Add Integration, select Google Cloud Platform. Set up the Primary Application owner and the Description, if any.
3. Now Google Cloud will be added to the list of applications. Click on the Configure and Integrate button beside the integration name, and configure the fields with the values that were noted prior.

4. Use the KEY JSON downloaded in the 3rd stage to fill in the key. Add an user’s email with access to domain-wide delegation in the delegated field. Fill in the domain name and the project’s name as well.
5. Once you filled in the information, click Save changes. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the Integrations page. Integrations are synced daily. When data is available, the integration Status column will read Connected and the integration Message will read Data available.