Managing GCP Entitlements
To display your Google Cloud Platform entitlement data, you must mark supported entitlements as cloud enabled.
Supported Entitlement Types
You can use the following GCP entitlements:
Group
iamResourcePermission
Marking GCP Cloud-Enabled Entitlement Types
When entitlements are pulled from your GCP cloud environment, you must mark the Group and Role entitlement types as Cloud Enabled in the G Suite source configuration. This will allow certification campaign reviewers to view the access users have to your GCP cloud infrastructure.
- Go to Admin > Connections > Sources.
- Select or edit the Google Workspace SaaS or va-based connector you enabled to manage cloud resources.
- In the Entitlement Management section, select Entitlement Types.
- Edit and select the Cloud Enabled checkbox for the
Group
andiamResourcePermission
entitlement types. - Select Update.
You can now view an identity's cloud access granted through entitlements and add cloud-based entitlement types to certification campaigns to allow certifiers to view the effective access an identity has to your GCP resources.
Viewing Effective Access to GCP Resources
After marking your entitlement types, you can include cloud-enabled entitlements in certification campaigns to allow your certifiers to view cloud access details like the last level of access and type of action taken on the resource.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.