Google IAM

How to configure Google IAM connection to gather permissions and access rights for trustees.

Create a Project in Google Cloud Console:
- Go to the Google Cloud Console
- Create a new project or select an existing project
Enable the Admin SDK:
- In the Google Cloud Console, navigate to the "APIs & Services" > "Library"
- Search for "Admin SDK" and click on it
- Click the "Enable" button to enable the Admin SDK API for your project
Create OAuth 2.0 Credentials:
- In the Google Cloud Console, go to APIs & Services > Credentials
- Click "Create credentials" and select "Service account"
- Enter a name in the Service account name field andclick CREATE CREDENTIALS
- Under "Grant this service account access to the project," select role as Owner and click DONE
- Select the newly created service account and click Keys > Add Key > Create new key
- Make sure the key type is set to json and click CREATE
- The new private key pair is generated and downloaded to the machine. Note the values of private_key, client_email and client_id

From your domain's Admin console, go to Main menu menu > Security > Access and data control > API controls

In the Client ID field, enter the client ID obtained from the service account creation steps above
In the OAuth Scopes field, enter a comma-delimited list of the scopes required for the application

Use the below scopes:
- https://www.googleapis.com/auth/admin.directory.user.readonly
- https://www.googleapis.com/auth/admin.directory.domain.readonly
- https://www.googleapis.com/auth/admin.directory.group.readonly
- https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
Click Authorize

Enter the details of the OAuth2 credemtials obtained previously
Save the configuration
Once the configuration is saved, click on the icon on the right and select Start trustee scan to begin scanning

Last updated 6 months ago

Was this helpful?