Access a Google SecOps instance
This document describes what Google Security Operations administrators need to do to ensure that users can access the newly provisioned Google SecOps instance.
After the Google SecOps instance has been set up, an administrator can log in to the instance provided that the administrator's IdP group or email is assigned the Chronicle API Admin
role within Google Cloud IAM
.
Following a successful login, the administrator must complete the necessary steps to fulfil all the following requirements to ensure that the users can access the instance:
- Users are configured as part of the authentication setup ( Cloud Identity or Workforce Identity Federation ).
- Users are assigned to the specific predefined or custom roles in IAM using feature RBAC according to their feature access requirements.
- Users are mapped to the required SOAR environments, SOAR permission groups (before migration of SOAR permission groups to Google Cloud IAM ), and SOAR SOC roles in the Group Mappingpage .
The Default Access Settingstoggle on the Group Mappingpage is turned on by default. Consequently, any users and groups not explicitly defined in the Group Mappingtable are granted the AdministratorSOC role and access to All Environments. After you configure the required records (rows) in the Group Mappingstable, we recommend that you turn off the Default Access Settingstoggle.
Need more help? Get answers from Community members and Google SecOps professionals.
