Google Cloud
2 article
Set up Google Cloud
Last Updated: October 1, 2021App Creation in SecurEnds Tool In the Admin Console, go to Applications. Click the Add button next to it to begin configuration. Setup Application Select Data Ingestion method as Connector. Enter application Name. Enter the Application Owner email information. Search Connector in Featured Integrations and select Google Cloud. Agent is software that needs to be installed on your on premise environment to pull data from applications such as Active Directory, Database and Custom Applications which are not cloud based. Select remote if you already have the Agent Software installed The server where the agent is currently installed needs to have connectivity to the on-premises application or database. If a new agent is required, contact your implementation consultant or submit a ticket via the SecurEnds Help Desk using the Report Issue link in the upper right corner of the SecurEnds application. SecurEnds will need to provide files and instructions. Select local if the application is cloud based. No agent install is required. You will need to whitelist the SecurEnds IP’s. Your Implementation Consultant can provide these. Select Match By logic as Default(Email or FirstName and LastName) or Employee Id If we select Default(Email or FirstName and LastName) the system will match the user with Email or First Name and Last Name while syncing If we select Employee Id the system will only match the Employee ID while syncing Select Include Inactive Users to fetch all users while sync If we select Yes all the Active status users along with Disabled status users will be added in the Matched users for Google Cloud. If we select No then only Active user will be added to the Matched users for Google Cloud. Include Entitlements Enabled as Yes to load the entitlements on application while syncing. Configure Application Enter the below information gathered from Configuration Details. Provide serviceAccountId generated in Step 20 Provide serviceAccountUser which is the Google Cloud admin user credentials for your domain Provide applicationName given in Step 8 Provide domain used in Step 9 Provide customerId given in Step 26 Provide defaultPassword Ticketing System Configuration For more information on Ticketing System Configuration, Click here. Click Save once finished to add the connector.
Configuration Details
Last Updated: September 1, 2021Create Project Step 1: Click on below link https://console.developers.google.com/iam-admin/serviceaccounts Step 2 Click “Create Project” and enter details, click on “CREATE”. Project name = custom project name Organization = choose the domain for your organization Location = choose the parent organization or folder Enable Admin SDK Step 3 Click on “APIs & Services” -> “Library” Step 4 Search “Admin SDK” and click on “Admin SDK’ in results Step 5 Click on “Enable” Configure OAuth Consent Screen Step 6 Click on “APIs & Services” -> ”OAuth consent screen” Step 7 Select “Internal” and click on “CREATE” Step 8 Enter a custom “Application name” (This Application name will be used in the SecurEnds application when configuring the Google Cloud Connector) As an example: applicationName = Securends Store/copy down the application name you created for later use. This application name is case sensitive Step 9 Enter “Authorized domains” domain used during Step 2 when creating the project and click on save (This domain will be used in the SecurEnds application when configuring the Google Cloud Connector) Example chosen during Step 2: domain = securends99.com Store/copy down the domain for later use. Create Service Account Step 10 Click on “Credentials” from left menu Step 11 Click “CREATE CREDENTIALS” -> then “Service account” Step 12 Enter custom service account details and click on “CREATE” As an example: Service account name = securendsService Step 13 Click on “Continue” for Service account permissions (Step 2). Step 14 Click on “Create Key” and select “P12” and click on “CREATE” Step 15 A p12 file will be downloaded and make a note and save private key password, then click on “CLOSE” The downloaded p12 file has to be placed in /var/ssl in AWS Cloud instance Provide the path has below in env_file GSUITE_PKFILE_PATH=/var/ssl/XXXXX.p12 Upload the generated certificate to /opt/docker/XXXX/ssl Restart the SecurEnds CEM application Step 16 Click on “Done” Domain Wide Delegation Step 17 Select the service account created and click on “edit” Step 18 Click on “SHOW DOMAIN WIDE DELEGATION” Step 19 Select the checkbox “Enable Google Cloud Domain wide Delegation” and click on “Save” Step 20 Please make a copy of the email and unique id and click on “Save”. (This unique id will be used in the SecurEnds application when configuring the Google Cloud Connector) As an example: serviceAccountId = securends0912@securendsuar-278414.iam.gserviceaccount.com Store/copy down the serviceAccountId for later use. Enable Scopes for Service Account Step 21 Now click on https://admin.google.com/ and login with admin credentials. Step 22 Click on “Security” settings Step 23 Click on “API Controls” by scrolling down. Step 24 Click on “Manage Domain-Wide delegation” by scrolling down. Step 25 Click on “Add New” behind the API Clients. Enter the unique ID (From step 20) under client ID and below OAuth scopes under API scopes with comma(,) delimited, then click on “Authorise”. https://www.googleapis.com/auth/admin.directory.domain https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.rolemanagement https://www.googleapis.com/auth/admin.directory.user Step 26 When utilizing the service account set up steps above, Google can recognize the current customer when my_customer is used as the customerId (customerId = my_customer or Google Cloud Customer ID) As an example: customerId = my_customer
