Authorizing GCP
To authorize the API for Google Cloud Platform, you will need to create a service account and give it the proper admin role as well as enabling the proper APIs in Google for access.
Steps
-
Login to GCP and navigate to GCP admin console > More Products > IAM & Admin > Service Accounts to get to page where you can view or create your service accounts.
-
On the Service Accounts page, click Create Service Account to create a new account can be used for the API authorization. You will be
taken to the Create service account page where you can enter a name for the account (it will generate an account ID based on this name) and provide a
description. Click Create and Continue at the bottom to move to the next step where you can assign a role.
-
Assign a role to that created account. You will need to add the Storage Admin role by clicking the Role drop-down and in the left
column scrolling down to Storage and then finding and selecting Storage Admin in the right column. Click
Continue when you are ready to move to the next step.
-
Assign additional user access and admin access to the service account and then click Done.
-
Now click into the service account that you just created and click on the Keys tab to create a key that you will upload to Forcepoint ONE SSE to use that account for API scanning. Click Add Key > Create New Key and then select JSON and then click Create to download the .json file to your computer as you will need the file for
uploading to Forcepoint ONE SSE.
- Now that the service account and key have been generated, you will need to enable the following APIs: Cloud Resource Manager API and Google Cloud Storage JSON API.
-
Navigate to GCP admin console > More Products > API & Services > Enable APIs & services to open APIs & Services page. On the APIs & Servicespage, click on Enable APIs and Services to open API Library
page.
-
On the API Library page, search for the following APIs and enable each one by clicking on it and then by clicking Enable on the API
details page.
- Cloud Resource Manager API.
- Google Cloud Storage JSON API.
- Once you have enabled both APIs, you can now move on to the next setup inside of the Forcepoint ONE SSE portal.