GCP Additional Configuration

Miscellaneous GCP Configuration Options for InsightCloudSec

Depending on how your GCP environment is configured and/or the types of services you use, you may want to configure some additional things outside of the general InsightCloudSec onboarding process.

Review the sections below to determine what additional features or configurations may be applicable for your environment.

📘

Getting Support

If you have questions about any of these configurations, contact us through the Customer Support Portal.

GCP Directory Support

InsightCloudSec has expanded our support for GCP Directory to harvest and display expanded IAM data via GCP's Domain-wide Delegation functionality. While this capability is optional, we strongly encourage customers with GCP accounts to take advantage of this feature.

By enabling Domain-wide Delegation in the GCP Console and configuring the service account ID email within InsightCloudSec, you can gain access to additional data from GCP including MFA Status, Group associations, last login, etc., for the InsightCloudSec resource types: Cloud Domain Users and Cloud Domain Groups.

GCP Auto-Badging

InsightCloudSec includes auto-badging capabilities to create a 1:1 map of GCP project, folders, and organization tags and labels to Badges in InsightCloudSec. This capability allows any Clouds and Bots to be scoped to a badge that maps to the account tag.

GCP Recommended Actions

If properly configured, InsightCloudSec can harvest GCP Recommendations as a resource (found under Identity & Management on the Resources page). Supported Recommendation subtypes can be acted upon from within InsightCloudSec, with the results/resolution being propagated to GCP for easier principal management.