Fortinet black logo

Online Help

Configure Service Account

Copy Link
Copy Doc ID f5cba41d-b79a-11ec-9fd1-fa163e15d75b:843983

Configure Service Account

For your service account, you may either use an existing or create a new service account. The service account needs to be created in the project that has OAuth Consent Screen created.

Follow the each section below to create and configure the service account.

  1. Create New Service Account or Use Existing Service Account
  2. Grant Service Account Owner and Organization Administrator Role

Create New Service Account

  1. Go to Google Cloud Platform and log in with your Google Workspace account.
  2. Click on the project drop-down menu > Select a project. Select an existing project you want to monitor or create a new project by selecting New Project.
  3. With the project selected, click the Navigation Menu , go to IAM & Admin > Service accounts.
  4. Click +Create service account button, then enter a Service account name of your preference and click CREATE AND CONTINUE. Skip the optional steps, and click Done.
  5. In Service Accounts page, click on the service account created to enter Service Account Details page, keep a record of the Service Account ID (Email).
  6. Expand SHOW DOMAIN-WIDE DELEGATION to enable Google Workspace Domain-wide Delegation, and click SAVE.
  7. Click the KEYS tab, then click ADD KEY drop down menu and select +Create new Key.
  8. Then select JSON key format and click CREATE. The JSON private key will be downloaded automatically.

Keep the Service Account ID and JSON key for later during Google Cloud authentication during installation.

Use Existing Service Account

  1. Select the project that contains the service account to be used.
  2. Click the navigation men , and select IAM & Admin > Service Accounts.
  3. Click on the service account to see the details, keep a record of the Service Account ID (Email).
  4. Click on SHOW DOMAIN-WIDE DELEGATION to see make sure Domain-wide delegation is enabled. If it is not enabled yet, enable it.
  5. If you don’t have a JSON private key yet, click the KEYS tab, then click ADD KEY drop down menu and select +Create new Key.
  6. Select JSON key format and click CREATE. The JSON private key will be downloaded automatically.

Keep the Service Account ID and JSON key for later during Google Cloud authentication during installation.

Grant Service Account Owner and Organization Administrator Role

The service account is created under a project of an organization in the Google Cloud account. Container Protection requires the service account to be granted with Owner and Organization Administrator roles in the scope of organization level to provide security monitoring across all projects under the organization.

  1. On Google Cloud Portal, first select the organization which the project is under.
  2. Click the Navigation Menu, select IAM & Admin > IAM.
  3. Click the ADD button on the top.
  4. In the New Principals field, enter the service account ID created earlier.
  5. In the Role field, select Project > Owner, then click + ADD ANOTHER ROLE, select Resource Manager > Organization Administrator.
  6. Click the SAVE button.

Configure Service Account

For your service account, you may either use an existing or create a new service account. The service account needs to be created in the project that has OAuth Consent Screen created.

Follow the each section below to create and configure the service account.

  1. Create New Service Account or Use Existing Service Account
  2. Grant Service Account Owner and Organization Administrator Role

Create New Service Account

  1. Go to Google Cloud Platform and log in with your Google Workspace account.
  2. Click on the project drop-down menu > Select a project. Select an existing project you want to monitor or create a new project by selecting New Project.
  3. With the project selected, click the Navigation Menu , go to IAM & Admin > Service accounts.
  4. Click +Create service account button, then enter a Service account name of your preference and click CREATE AND CONTINUE. Skip the optional steps, and click Done.
  5. In Service Accounts page, click on the service account created to enter Service Account Details page, keep a record of the Service Account ID (Email).
  6. Expand SHOW DOMAIN-WIDE DELEGATION to enable Google Workspace Domain-wide Delegation, and click SAVE.
  7. Click the KEYS tab, then click ADD KEY drop down menu and select +Create new Key.
  8. Then select JSON key format and click CREATE. The JSON private key will be downloaded automatically.

Keep the Service Account ID and JSON key for later during Google Cloud authentication during installation.

Use Existing Service Account

  1. Select the project that contains the service account to be used.
  2. Click the navigation men , and select IAM & Admin > Service Accounts.
  3. Click on the service account to see the details, keep a record of the Service Account ID (Email).
  4. Click on SHOW DOMAIN-WIDE DELEGATION to see make sure Domain-wide delegation is enabled. If it is not enabled yet, enable it.
  5. If you don’t have a JSON private key yet, click the KEYS tab, then click ADD KEY drop down menu and select +Create new Key.
  6. Select JSON key format and click CREATE. The JSON private key will be downloaded automatically.

Keep the Service Account ID and JSON key for later during Google Cloud authentication during installation.

Grant Service Account Owner and Organization Administrator Role

The service account is created under a project of an organization in the Google Cloud account. Container Protection requires the service account to be granted with Owner and Organization Administrator roles in the scope of organization level to provide security monitoring across all projects under the organization.

  1. On Google Cloud Portal, first select the organization which the project is under.
  2. Click the Navigation Menu, select IAM & Admin > IAM.
  3. Click the ADD button on the top.
  4. In the New Principals field, enter the service account ID created earlier.
  5. In the Role field, select Project > Owner, then click + ADD ANOTHER ROLE, select Resource Manager > Organization Administrator.
  6. Click the SAVE button.