Getting Started on PingSafe
  1. PingSafe Knowledge Base
  2. Getting Started on PingSafe

Connect your Google Cloud Organization with PingSafe

This article explains how you can connect your Google Cloud Organization account with PingSafe for detecting security vulnerabilities continuously

Prerequisites to Onboard GCP organization:

  • User should have either GCP managed both "Owner & Organization Administrator" roles OR below permissions attached to existing user role:
    iam.roles.create
    iam.roles.get
    iam.serviceAccounts.create
    iam.serviceAccounts.setIamPolicy
    resourcemanager.organizations.getIamPolicy
    resourcemanager.organizations.setIamPolicy
    resourcemanager.projects.getIamPolicy
    resourcemanager.projects.setIamPolicy
  1. From the left navigation panel, Click on the “Add an Account” button present under the “Cloud Security”.
  2. Click on the “Connect” button present under “Google Cloud Platform”.
  3. From the GCP console, make a note of your "ProjectID" & "OrganizationID".po-1
  4. Select “Organization” from the “Onboard” option, fill in the “ProjectID”, “OrganizationID” and select the “Scan” Mode.
    1. Detect Mode: PingSafe has read-only access to the resources in your Google Cloud account.
    2. Detect & Auto remediate: PingSafe have read/write access to the resources. You will have to enable/disable this feature for each plugin that supports auto remediation.
  5. Click on the “Next” button.
  6. Download the Terraform script and navigate to the Google Cloud Shell.
  7. Upload the “Terraform” file which was downloaded above.
  8. Execute the below command in the same directory where the terraform file has been uploaded.
    terraform init && terraform apply
  9. Enter “Yes” when prompted for confirmation.
  10. Wait for the command to get executed successfully.
  11. After the terraform code is successfully executed, observe that the “Service Account Key (JSON)” file has been created.
  12. Upload the downloaded file in PingSafe, review the credentials and click on the “Next” button.
  13. Delete the terraform script(.tf) and state(.tfstate) file from the gcp cloudshell.

     

  14. Select the “Projects'' to be linked to PingSafe. You can change it in PingSafe settings anytime.
  15. Click Next.
  16. Now enabled all the APIs required for PingSafe to communicate with GCP projects.
    Download the “Terraform” scripts and navigate to the Google Cloud Shell.
  17. Upload the “Terraform” script to the cloudshell and execute the below command.
    terraform init && terraform apply

     

  18. Select the “I verify that the script has been executed successfully” tickbox and Click on the “Next” button.
  19. Select the “Compliance (optional)” and click on the “Finish” button.
  20. Note the GCP organization has been successfully onboarded to the PingSafe.