Getting Started on PingSafe
      Back to home
      1. PingSafe Knowledge Base
      2. Getting Started on PingSafe

      Connect your Google Cloud Organization with PingSafe

      This article explains how you can connect your Google Cloud Organization account with PingSafe for detecting security vulnerabilities continuously

      Prerequisites to Onboard GCP organization:

      • User should have either GCP managed both "Owner & Organization Administrator" roles OR below permissions attached to existing user role:
        iam.roles.create
        iam.roles.get
        iam.serviceAccounts.create
        iam.serviceAccounts.setIamPolicy
        resourcemanager.organizations.getIamPolicy
        resourcemanager.organizations.setIamPolicy
        resourcemanager.projects.getIamPolicy
        resourcemanager.projects.setIamPolicy
      1. Click on the Settings ⚙️ button in the top right corner.
      2. From the left navigation panel click on "Cloud Configuration" button.
      3. Click on the "Add account" button in the top right corner.
      4. Click on the “Connect” button present under “Google Cloud Platform”.
      5. From the GCP console, make a note of your "ProjectID" & "OrganizationID".po-1
      6. Select “Organization” from the “Onboard” option, fill in the “ProjectID”, “OrganizationID” and select the “Scan” Mode.
        1. Detect Mode: PingSafe has read-only access to the resources in your Google Cloud account.
        2. Detect & Auto remediate: PingSafe have read/write access to the resources. You will have to enable/disable this feature for each plugin that supports auto remediation.
        3. Enabling GCP Log Event integration during project/ organization onboarding. If you already have an existing Pub/Sub topic flowing gcp audit logs, you can enter that in the text box and click on "Next". We recommend leaving it empty (In this case PingSafe will create a new topic for
      7. Click on the “Next” button.
      8. Download the Terraform script and navigate to the Google Cloud Shell.
      9. Please remove any existing terraform (*.tf) or terraform state files (*.tfstate), as conflicts may arise once we upload PingSafe's terraform scripts.
        rm *.tf*
      10. Upload the “Terraform” file which was downloaded above.
      11. Execute the below command in the same directory where the terraform file has been uploaded.
        terraform init && terraform apply
      12. Enter “Yes” when prompted for confirmation.
      13. Wait for the command to get executed successfully.
      14. After the terraform code is successfully executed, observe that the “Service Account Key (JSON)” file has been created.
      15. Upload the downloaded file in PingSafe, review the credentials and click on the “Next” button.
      16. Delete the terraform script(.tf) and state(.tfstate) file from the gcp cloudshell.

         

      17. Select the “Projects'' to be linked to PingSafe. You can change it in PingSafe settings anytime.
      18. Click Next.
      19. Now enabled all the APIs required for PingSafe to communicate with GCP projects.
        Download the “Terraform” scripts and navigate to the Google Cloud Shell.
      20. Upload the “Terraform” script to the cloudshell and execute the below command.
        terraform init && terraform apply

         

      21. Select the “I verify that the script has been executed successfully” tickbox and Click on the “Next” button.
      22. Select the “Compliance (optional)” and click on the “Finish” button.
      23. Note the GCP organization has been successfully onboarded to the PingSafe.