Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GCP Console Bootstrap & Console only Access

lionelrl
New Contributor III
New Contributor III

‎06/15/2023 06:21 AM - edited ‎06/21/2023 06:06 AM

We have followed the below document to set the required permission for the service account that is used for the GCP connection.

Prerequisites to Manage the GCP Platform (saviyntcloud.com)

Configuring PAM for Google Cloud Platform (saviyntcloud.com)

While performing the import we can see all the projects and services accounts coming in from GCP, but the IAM accounts are not, we see the import job is failing with error. However, when I login to admin.google.com, the account has all the required permissions.

 

Labels:
Preview file
1292 KB
0 Kudos
3 REPLIES 3

NageshK
Saviynt Employee
Saviynt Employee

‎06/20/2023 01:00 PM

@lionelrl Thanks for posting your question. Domain_list value should reflect your organization name. Please see the below article where an example is given and it says to provide the domain names from where the accounts are supposed to be pulled from. 

 

https://docs.saviyntcloud.com/bundle/GCP-v23x/page/Content/Creating-a-Connection-using-the-Service-A...https://docs.saviyntcloud.com/bundle/GCP-v23x/page/Content/Creating-a-Connection-using-the-Service-A... 

Thanks,

Nagesh K

0 Kudos

lionelrl
New Contributor III
New Contributor III

‎06/21/2023 06:15 AM - edited ‎06/22/2023 07:35 AM

Hi Nagesh,

 

Thank you for the solution , the accounts got imported. But there is an error brining in some data, not sure if it is just a warning which we can ignore.

 


Data truncation: Data too long for column 'CUSTOMPROPERTY1' at row 1

 

[Update] : The accounts are imported and while we try to bootstrap the accounts, it is failing. From the error logs I see that the account is inactive, but it is active in the endpoint. Please guide us, attaching the logs.

 

 

 

Thanks,

Lionel

Preview file
384 KB
0 Kudos

NageshK
Saviynt Employee
Saviynt Employee

‎06/26/2023 06:48 AM

@lionelrl The error says the process has failed at the creation of change password task for the account. Please verify the following in your env:

  1. security system should have "policy rule for service account" populated with a password policy that has regex define
  2. Endpoint should have the property "Service Account Type" populated with the values "ServiceAccount, FIREFIGHTERID"

Then change password task for the account will get created successfully. 

Thanks,

Nagesh K

0 Kudos
Copyright © 2024 Khoros, LLC