Skip to content

Google Cloud Platform

SailPoint Entro’s GCP integration connects your Google Cloud Platform (GCP) organization to SailPoint Entro for continuous secret discovery, IAM monitoring, and compliance validation.

Depending on your environment, permissions, and deployment strategy, several onboarding paths are available. This page explains each option and when to use it.

  1. GCP Console Onboarding (Recommended)

    Use this option if you can create or manage Service Accounts in the GCP Console.

    This setup uses either a Service Account JSON key or Workload Identity Federation (WIF) for authentication.

    Best for: - GCP administrators with console access - Teams comfortable managing IAM roles and APIs manually - Single-organization onboarding - Single-project onboarding

  2. GCP Terraform Onboarding (Infrastructure as Code)

    Automated onboarding using Terraform modules provided by SailPoint Entro. This method provisions the required service account, roles, and API configurations in one step.

    Best for: - DevOps or SecOps teams managing IaC environments - Enterprises with policy-driven deployment pipelines

  3. Pre-Onboarding Check

    Run this step before onboarding to validate permissions and logging configuration.

    The provided bash script checks that:

    • Your user can access all relevant projects

    • Required APIs (e.g. Logging, Secret Manager) are enabled

    • IAM roles are properly assigned

    A report.txt file will summarize all findings for validation.

  4. Permissions Reference

    Centralized list of IAM roles and API scopes required for SailPoint Entro to function.

  5. Troubleshooting & Validation

    After onboarding, verify that SailPoint Entro displays a Verified connection and data synchronization is working.

    Includes curl validation examples, API checks, and troubleshooting scenarios for permissions or API enablement issues.

Summary of Methods

Method Authentication Automation Recommended For
Console Service Account or WIF Manual Admins managing via GCP UI
Terraform Service Account or WIF Automated DevOps & SecOps Teams