Google Cloud Platform
SailPoint Entro’s GCP integration connects your Google Cloud Platform (GCP) organization to SailPoint Entro for continuous secret discovery, IAM monitoring, and compliance validation.
Depending on your environment, permissions, and deployment strategy, several onboarding paths are available. This page explains each option and when to use it.
-
GCP Console Onboarding (Recommended)
Use this option if you can create or manage Service Accounts in the GCP Console.
This setup uses either a Service Account JSON key or Workload Identity Federation (WIF) for authentication.
Best for: - GCP administrators with console access - Teams comfortable managing IAM roles and APIs manually - Single-organization onboarding - Single-project onboarding
-
GCP Terraform Onboarding (Infrastructure as Code)
Automated onboarding using Terraform modules provided by SailPoint Entro. This method provisions the required service account, roles, and API configurations in one step.
Best for: - DevOps or SecOps teams managing IaC environments - Enterprises with policy-driven deployment pipelines
-
Pre-Onboarding Check
Run this step before onboarding to validate permissions and logging configuration.
The provided bash script checks that:
-
Your user can access all relevant projects
-
Required APIs (e.g. Logging, Secret Manager) are enabled
-
IAM roles are properly assigned
A
report.txtfile will summarize all findings for validation. -
-
Permissions Reference
Centralized list of IAM roles and API scopes required for SailPoint Entro to function.
-
Troubleshooting & Validation
After onboarding, verify that SailPoint Entro displays a Verified connection and data synchronization is working.
Includes curl validation examples, API checks, and troubleshooting scenarios for permissions or API enablement issues.
Summary of Methods
| Method | Authentication | Automation | Recommended For |
|---|---|---|---|
| Console | Service Account or WIF | Manual | Admins managing via GCP UI |
| Terraform | Service Account or WIF | Automated | DevOps & SecOps Teams |