Authorizing GCP

To authorize the API for Google Cloud Platform you will need to create a service account and give it the proper admin role as well as enabling the proper APIs in Google for access.

Steps

  1. Login to GCP and navigate to GCP admin console > More Products > IAM & Admin > Service Accounts to get to page where you can view or create your service accounts.


  2. On the Service Accounts page, click Create Service Account to create a new account can be used for the API authorization. You will be taken to the Create service account page where you can enter a name for the account (it will generate an account ID based on this name) and provide a description. Click Create and Continueat the bottom to move to the next step where you can assign a role.




  3. Assign a role to that created account. You will need to add both the Storage Admin role as well as Viewer role. Click the drop-down and in the left column select Cloud Storage and then select Storage Admin. Add another role and then in the left column, select Basic and then in the right column select Viewer. Click Continue when you are ready to move to the next step.






  4. Assign additional user access and admin access to the service account and then click Done.


  5. Now click into the service account that you just created and click on the Keys tab to create a key that you will upload to Forcepoint ONE SSE to use that account for API scanning. Click Add Key > > Create New Key and then select JSON and then click Create to download the .json file to your computer as you will need the file for uploading to Forcepoint ONE SSE.




  6. Now that the service account and key have been generated, you will need to enable the following APIs: Cloud SQL Admin API, Cloud Resource Manager API and Cloud Logging API.
  7. Navigate to GCP admin console > More Products > API & Services > Enable APIs & services to open APIs & Services page. On the APIs & Services page, click on Enable APIs and Services to open API Library page.






  8. On the API Library page, search for the following APIs and enable each one by clicking on it and then by clicking Enable on the API details page.
    • Cloud SQL Admin API
    • Cloud Resource Manager API
    • Cloud Logging API


  9. Once you have enabled both APIs, you can now move on to the next setup inside of the Forcepoint ONE SSE portal.