Before you begin
To complete this guide, you’ll need:
- C1 Connector Administrator role or Super Administrator role
- A Google Cloud Platform account
- Ability to set up a service account in GCP
Estimated time: 30 minutes
Step 1: Integrate your GCP instance
Start by integrating your GCP instance with C1 by following the instructions in Google Workspace & Google Cloud Platform.
Once connected, C1 ingests all of the projects, resources, and entitlements for Google Cloud. This includes projects and roles. You can see all the resources and entitlements by navigating to Apps > Google Cloud Platform and clicking Entitlements.
Now that GCP is hooked up to C1, set GCP projects and roles as available for just-in-time access. To do this, we’ll configure entitlement management rules for each of the GCP projects.
Navigate to the Apps page, then click the Google Cloud application created in Step 1.
In the Entitlement management section, click Edit next to Default config rules.
In the configuration rules pane, click the toggle to Enable configuration rules.
Select the Project resource type.
In the Access profiles field, search for and select an access profile. For example, select Everyone to make the entitlements requestable by all users.
Finally, check the box at the bottom of the screen and click Apply.
Don’t worry,you can change who can request access, for how long, and the policy for approving access later.
Step 3: Request JIT access
Let’s go request GCP JIT access!
Click Requests and make sure that App catalog is selected.
Click Google Cloud Platform. A panel opens with the projects available for you to request.
Click on the project you want to request, then click Request.
Enter the justification and click Request.
Success!
The request policy routes the request through the approval process. The new access will be automatically provisioned by the GCP connector, and then automatically removed upon expiration.
