Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

GCP Console Bootstrap & Console only Access

lionelrl
New Contributor III
New Contributor III

We have followed the below document to set the required permission for the service account that is used for the GCP connection.

Prerequisites to Manage the GCP Platform (saviyntcloud.com)

Configuring PAM for Google Cloud Platform (saviyntcloud.com)

While performing the import we can see all the projects and services accounts coming in from GCP, but the IAM accounts are not, we see the import job is failing with error. However, when I login to admin.google.com, the account has all the required permissions.

 

3 REPLIES 3

NageshK
Saviynt Employee
Saviynt Employee

@lionelrl Thanks for posting your question. Domain_list value should reflect your organization name. Please see the below article where an example is given and it says to provide the domain names from where the accounts are supposed to be pulled from. 

 

https://docs.saviyntcloud.com/bundle/GCP-v23x/page/Content/Creating-a-Connection-using-the-Service-A...https://docs.saviyntcloud.com/bundle/GCP-v23x/page/Content/Creating-a-Connection-using-the-Service-A... 

Thanks,

Nagesh K

lionelrl
New Contributor III
New Contributor III

Hi Nagesh,

 

Thank you for the solution , the accounts got imported. But there is an error brining in some data, not sure if it is just a warning which we can ignore.

 


Data truncation: Data too long for column 'CUSTOMPROPERTY1' at row 1

 

[Update] : The accounts are imported and while we try to bootstrap the accounts, it is failing. From the error logs I see that the account is inactive, but it is active in the endpoint. Please guide us, attaching the logs.

 

 

 

Thanks,

Lionel

NageshK
Saviynt Employee
Saviynt Employee

@lionelrl The error says the process has failed at the creation of change password task for the account. Please verify the following in your env:

  1. security system should have "policy rule for service account" populated with a password policy that has regex define
  2. Endpoint should have the property "Service Account Type" populated with the values "ServiceAccount, FIREFIGHTERID"

Then change password task for the account will get created successfully. 

Thanks,

Nagesh K