The service account is created under a project of a organization in the Google Cloud account. FortiCWP requires the service account to be granted with the following roles in the scope of organization level to provide security monitoring across all projects under the organization:
- Organization Administrator or Organization Viewer
- Owner or Viewer
- In Google Cloud Portal, first select the organization which the project is under.
- Click the Navigation Menu, select IAM & admin > IAM.
- Click the ADD button on the top.
- In the New Principals field, enter the service account ID created earlier.
- In the Role field, select Project > Owner or Viewer.
- Then click + ADD ANOTHER ROLE, select Resource Manager > Organization Administrator or Organization Viewer.
- Click the SAVE button to finish.