File tree 1 file changed +4
-8
lines changed
1 file changed +4
-8
lines changed Original file line number Diff line number Diff line change @@ -263,18 +263,14 @@ To setup this account, you'll need to take the following steps:
263263
264264 Please refer to the GSuite documentation, as the exact process for doing
265265 this may have changed.
266- 2. Create an IAM Binding for the "robot" user in your GCP project to the
267- " Service Account User" (`roles/iam.serviceAccountUser`) role. The exact
268- project to use will depend on your environment but the only requirement is
269- that it can house the service account that we use for access.
270- 3. Create a GCP service account in the same project used in step 2. Enable the "G
271- Suite Domain-wide Delegation" check box and note the Client ID.
272- 4. Using the "security" component in the "admin.google.com" console, use the
266+ 2. Create a GCP service account in the GCP project where you're interested in using the GSuite "robot" account. Enable [G
267+ Suite Domain-wide Delegation](https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority) and note the Client ID.
268+ 3. Using the "security" component in the "admin.google.com" console, use the
273269 Client ID for the service account and add the following scopes, which are
274270 the same as those from step 1 :
275271 - https://www.googleapis.com/auth/admin.directory.group.member.readonly
276272 - https://www.googleapis.com/auth/admin.directory.group.readonly
277- 5 . Generate the service account credentials. Make sure to save the generated
273+ 4 . Generate the service account credentials. Make sure to save the generated
278274 JSON file somewhere safe.
279275
280276Once we have the account setup we can modify the deployment to allow `rbacsync`
You can’t perform that action at this time.
0 commit comments