PingOne Privilege

Configuring GCP GKE access

This topic describes the required configurations within your Google Cloud Platform (GCP) project to allow PingOne Privilege to discover and manage your Google Kubernetes Engine (GKE) clusters. The process involves verifying service account permissions, configuring Role-Based Access Control (RBAC) on the GKE cluster, and then onboarding the cluster in PingOne Privilege.

Step 1: Verify service account permissions

First, ensure the service account used to onboard your GCP project to PingOne Privilege has the necessary permissions to manage Kubernetes resources.

  1. In the Google Cloud console, go to IAM & Admin > IAM.

  2. Find the service account associated with your PingOne Privilege integration.

  3. Verify that the service account has the Kubernetes Engine Admin role.

    This role allows PingOne Privilege to discover and interact with your GKE clusters. If it doesn’t, edit the principal’s permissions and add this role.

Step 2: Onboard the cluster in PingOne Privilege

After completing the configuration in the GCP console, rescan your account in PingOne Privilege to discover and manage the cluster.

  1. In the PingOne Privilege admin console, go to Clouds.

  2. Find your GCP cloud account, and click More Info.

  3. Go to the Resources tab and click Rescan.

Validation

After the rescan is complete, the GKE cluster will be available to manage.

  1. In the PingOne Privilege admin console, go to Targets.

  2. Find the newly discovered cluster, click More Info, and enable the Manage toggle to onboard it.

The GKE cluster is now managed by PingOne Privilege.