Skip to content

Managing GCP Entitlements

To display your Google Cloud Platform entitlement data, you must mark supported entitlements as cloud enabled.

Supported Entitlement Types

You can use the following GCP entitlements:

  • Group
  • iamResourcePermission

Marking GCP Cloud-Enabled Entitlement Types

When entitlements are pulled from your GCP cloud environment, you must mark the Group and Role entitlement types as Cloud Enabled in the G Suite source configuration. This will allow certification campaign reviewers to view the access users have to your GCP cloud infrastructure.

  1. Go to Admin > Connections > Sources.
  2. Select the G Suite identity governance connector you enabled to manage cloud resources.
  3. Select the Import Data tab and choose Entitlement Types.
  4. Edit and select the Cloud Enabled checkbox for the Group and iamResourcePermission entitlement types.
  5. Select Update.

You can now view an identity's cloud access granted through entitlements and add cloud-based entitlement types to certification campaigns to allow certifiers to view the effective access an identity has to your GCP resources.

Viewing Effective Access to GCP Resources

After marking your entitlement types, you can include cloud-enabled entitlements in certification campaigns to allow your certifiers to view cloud access details like the last level of access and type of action taken on the resource.