Connect to Google Cloud Platform
This guide provides step-by-step instructions for setting up the Google Cloud Platform (GCP) Connector in EmpowerID. It begins by explaining the key configuration attributes, then walks through creating an account store to connect to GCP, and finally outlines the verification steps needed to establish an integration between the platforms.
Understand Key Configuration
Before you start creating the account store, please familiarize yourself with the key configurations you must provide input when connecting to GCP.
Please ensure that you have the necessary information regarding the configuration values by consulting with the deployment team or EmpowerID. This will streamline the process of creating and connecting the account store to GCP. If you want detailed information about the attributes and how they are acquired, you need to understand the deployment technical details provided in the Deployment of the GCP Connector Environment.
Attributes | Description |
---|---|
App Service Base URL | The "App Service Base URL" is the URL to which the microservices for GCP are deployed on the Google Cloud Platform |
OAUTH2 Token Target Audience | The Audience parameter for the Google Auth Token in the Google Cloud Platform. |
Certificate Name | The certificate name created or uploaded for the IAP Service Account. |
Service Account Email | The Service account, also known as the IAP Service Account, used for OAuth2 authentication between EID and the microservice. |
Step 1: Create a GCP Account Store
To connect your Google Cloud Platform with EmpowerID, you need to use connectors and create an account store through Account Stores. This connection will enable the tenant's user and group information to be imported into EmpowerID, where it can be effortlessly managed and synchronized with data in any back-end user directories that are connected. Please follow the instructions below to create an account store for your organization's Google Cloud Platform in EmpowerID.
Log in to the EmpowerID portal.
Expand Admin → Applications and Directories on the navbar and click Account Stores and Systems.
Select the Account Stores tab and click on the Create Account Store link.
To proceed, please search and select the Google Cloud Platform SCIM from the System Types menu. Once you have made the selection, click on the Submit button. By choosing this option, you will be using the out-of-the-box SCIM connector to connect EmopowerID with GCP.
Please provide the following information related to the account store and click on Submit to create the account store.
Account Store Name: Provide a unique and descriptive name for the account store.
App Service Base URL: The microservices for GCP are deployed on the Google Cloud platform and have a specific URL, which should be provided as the app service base URL. The URL starts with the protocol HTTPS and ends with a leading slash (/).
OAUTH2 Token Target Audience: Provide the Audience parameter for the Google Auth Token that you created earlier in the Google Cloud Platform.
Certificate Name: Select the name of the certificate that you configured for SA2 or the IAP Service Account. As described earlier, you might have to generate a certificate in EID and upload it to Google or generate keys in Google and upload them to EID.
Service Account Email: Provide the SA2 Service account, also known as the IAP Service Account, which is responsible for OAuth2 authentication between EID and the microservice.
You have successfully created an account store for the Google Cloud Platform.
Step 2: Verify Resource System Parameters
Once you create an Account Store, the following resource system parameters are configured with default values. Please verify that these settings are correct and adjust them as needed to meet your specific requirements.
Navigate to Admin > Applications and Directories > Account Stores and Systems and select the Account Stores tab.
Search for the GCP Account Store you created and click the Account Store link.
On the Account Store and Resource System page that appears, select the Resource System tab and expand the Configuration Parameters accordion.
Please ensure that the parameters in the list are set up correctly. The list and description are provided below. To edit or change the value of a parameter, click the Edit button for the parameter you want to modify. Enter the new value in the Value field and click Save.
Step 3: Verify that the GCP Account Store is Working
After setting up your account store and confirming that inventory is running smoothly, verifying the Google Cloud Platform (GCP) connector in EmpowerID is essential. Follow these steps to ensure your GCP account store is operational. While various methods exist to verify this, we'll focus on one approach: checking if users and groups have been properly inventoried into EmpowerID.
Expand Admin → Applications and Directories on the navbar and click Account Stores and Systems.
Select the Account Stores tab, search for the Account Store you just created, and click on the Account Store Name Link.
Click on the User Accounts tab to check if the user accounts have been added. Please note that this will only show results after completing the inventory job.