Onboarding a Google Cloud Platform (GCP) Project and Google Workspace

Prerequisites

• You must have Owner permissions for the GCP Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube. project.

• To connect Google Workspace to CloudGuard, you must have Owner permissions for the Google Workspace.

To onboard a GCP project to CloudGuard:

1. In GCP, open the project that you want to onboard to CloudGuard. Keep the GCP project open throughout this procedure.

2. In the CloudGuard UI, from the left menu, expand Assets and click Environments.

3. In the toolbar above the table, in the top left, click Add and then click GCP Project.

   The GCP Onboarding wizard opens.

4. In the Welcome step of the wizard:

   1. Copy the Project ID from GCP.

   2. Paste the Project ID into CloudGuard.

   3. In CloudGuard, click Next.

5. In the Configurations step of the wizard:

   1. Optional - For Environment Display Name, enter a name for the integration to appear in the CloudGuard UI. By default, the Display Name is the Project ID.

   2. Select an Organizational Unit to associate with the integration.
      

      Note - An integration of GCP with CloudGuard CNAPP Cloud-Native Application Protection Platform - a cloud-native security model that encompasses Cloud Security Posture Management (CSPM), Cloud Service Network Security (CSNS), and Cloud Workload Protection Platform (CWPP) in a single holistic platform. always includes the CSPM feature in CloudGuard CNAPP. The CSPM slider is on by default, and cannot be turned off.

   3. Optional - To onboard GCP to CloudGuard without onboarding Google Workspace, move the Workspace slider to "off".

      Note - It is also possible to connect Google Workspace to CloudGuard after you finish the GCP onboarding.

   4. Click Next.

6. In the Connect step of the wizard:

   1. Click Onboarding Script to review the GCP onboarding script that CloudGuard generates automatically.

   2. Copy the command from CloudGuard.

   3. Paste the command into the CLI of the GCP project.

      The CLI of the GCP project generates a JSON JavaScript Object Notation. A lightweight data interchange format. that contains GCP credentials.

   4. In the CLI of the GCP project, copy the JSON (including the opening and closing brackets).

   5. In CloudGuard, paste the JSON into the Credentials JSON field.

   6. Click Next.

7. In the Workspace step of the wizard, do one of these:

   • If you are onboarding a Google Workspace:

     1. Follow the instructions shown in the CloudGuard UI to configure Google Workspace.

     2. Click Next.

   • If you are not onboarding a Google Workspace, click Skip.