☁️Google Cloud

Before you begin

• Choose at least one project in which to install P0.

• Make sure you have the ability to create roles and add IAM bindings; you can gain these abilities if you have both:

  • iam.roleAdmin

  • iam.securityAdmin

• To install P0 with additional security, you'll need the orgpolicy.policyAdmin role on your organization. This is not required to use P0 with Google Cloud, but recommended to ensure your P0 integration is as secure as possible.

Setting up Google Cloud

1. Navigate to "Integrations" on p0.app, then select "Google Cloud":

1. Copy and paste your organization ID into the UI, then click "Next". You'll now be able to install one or more P0 components:

1. Choose the component you want to install (for instance, to use P0 for just-in-time access, choose "IAM Write"). This will prompt you to enter the project IDs on which to install P0:

1. Enter one or more project IDs, then click "Get setup commands". This will display gcloud commands that you can use to configure P0 on your projects:

1. Running these commands will, for each project, create a custom "P0 IAM Admin" role, and grant that role to P0's service account. Run these commands now. You can run them either from a local command-line (with gcloud installed), or from the Google Cloud Shell.

2. Select "Go to next step". If you're installing either "Access Logs" or "IAM Read", this will complete your installation. If you're installing "IAM Write", you'll be prompted you to install domain-restricted sharing on the project:

1. Either run these commands now and click "Verify Policy", or click "Skip This Step" now. If you skip this step you can run the commands later by clicking "Add Domain Restriction" at any time.