Skip to main content

Connect your Google Cloud Organization

To take full advantage of the functionalities available to you within the DoiT Platform, we request an extra set of permissions. These permissions allow us to access the Google API and obtain information for monitoring or alerts, and help you take action on recommendations if applicable.

To grant these permissions, you need to create a Google Cloud service account, set up a Google Cloud IAM Role at the organization level, and upload the key to the DoiT Platform.

Note

Required Permissions: Manage Settings

Create Google service account

From the top menu, select the gear icon (Settings) in the upper-right corner, then select Google Cloud under Cloud settings:

A screenshot showing the Google Cloud settings menu item

This will take you to the Google Cloud settings screen:

A screenshot showing the Google Cloud settings screen

To create a new service account:

  1. Select the plus icon (+) in the upper-right corner in the Configured accounts widget.

  2. Select the features to enable on your account.

  3. Select the expand icon to review the permissions required by each feature.

  4. Select Create service account.

    A slide-out will appear on the right-hand side of the screen containing the Google SDK (gcloud) commands you will need to run in order to create the service account and set it up with the correct role.

    Note

    Before executing the gcloud commands, ensure that:

    • You have selected an appropriate Google Cloud project to create your service account.

      • The project must belong to the organization.

      • The project must be connected to a Google Cloud Billing account.

      • You plan to keep the project for the long term and make it accessible only to trusted people.

    • Your Google Cloud user account has the Organization Role Administrator role to create and attach custom role to the service account under the organization.

  5. Copy the commands generated above and run them sequentially in your terminal or Google Cloud Shell.

    Note

    The gcloud commands vary according to the boxes of the features you checked.

    Tip

    The gcloud commands achieve the following:

    • Creates the service account in one of the projects in your organization.
    • Grants the permissions for the service account on the organization level.
  6. Once you finished running the gcloud commands, download the key in the JSON file for your new service account.

A screenshot showing the location of the Download File menu item

Now you have created a new doit_cmp_role linked to the DoiT Service Account, under your organization.

A screenshot of a list of organization roles

Upload the service account key

Whether you've generated your service account key, your next step is to upload the JSON file to the DoiT Platform by clicking on "Upload File".

If configured successfully, you should see a Healthy or Partial value appear under the Status column in the Configured accounts widget.

The Partial status will only appear next to your configured service account if you didn't grant permissions for all of the available features. It's important to examine the Features widget and verify that all of the features you selected have a Healthy status.

If there is something wrong with the JSON file you uploaded, you will see an Unhealthy value under the Status column.

A screenshot showing the Google Cloud settings screen

Update your service account

If, after initially connecting your Google Cloud Organization, you decide that you want to grant permissions for an additional feature or remove permissions you can do that from the same page.

First, check or uncheck the feature(s) you'd like to add or remove. Then select the Update role button.

A slide-out will appear containing the gcloud commands you need to run to update your service account's role.

Add multiple service accounts

In case you have multiple Google Cloud Organizations, you can upload multiple service account keys to regulate which Organizations get access to which features.

To add a new service account, select the plus icon (+) in the upper-right corner in the Configured accounts widget on the left-hand side of the screen.

Once clicked, all of the Features will revert back to "Not Configured" because you are setting up a new service account.

As you did with your initial service account, select the features you'd like to grant permissions for this service account, and run the gcloud commands provided.

Watch a demo