Google Cloud Workforce Identity Federation & Demo
ฝัง
- เผยแพร่เมื่อ 5 ก.ย. 2024
- Workforce identity federation lets you use an external identity provider (IdP) to authenticate and authorize a workforce-a group of users, such as employees, partners, and contractors-using IAM, so that the users can access Google Cloud services.
With workforce identity federation you don't need to synchronize user identities from your existing IdP to Google Cloud identities.
![POLYCAT - ข้อความรูปยิ้ม [Music Video]](http://i.ytimg.com/vi/lBhIgPGCgbI/mqdefault.jpg)
Wonderfully explained the concept.. appreciate the efforts and time that goes behind making this demo.
Excellent Demo Sandeep!
awesome sandeeo . Too good
Another question please, were you able to access the console using the okta app from the okta user dashboard, if yes how? I am getting a 400 error when I click the app.
Secondly, how can a principal or principalset have access to multiple projects?
1) You need to enable IdP initiated flow to achieve this. I did not enable this in my demo.
2) You can achieve this in many ways in GCP IAM - e.g. by granting roles to principalset individually to multiple projects, or at a folder or at an org level.
Thank you so much for your time@@agarsand
Thanks for this video. I am currently working on a project to integrate Okta to GCP.
Quick question, how did you obtain the Issuer URL for okta?
I used the URL of the custom domain of my Okta tenant.
Thanks@@agarsand
Another question please, were you able to access the gcp project console from the okta app dashboard, if yes how did you do that? When I tried to access the console from my okta app it returned a 400 error, but it works well with the url.
Secondly, do you have any idea how I can add I single user or users (principal or principalset) to different gcp projects
1) You need to enable IdP initiated flow to achieve this. I did not enable this in my demo.
2) You can achieve this in many ways in GCP IAM - e.g. by granting roles to principalset individually to multiple projects, or at a folder or at an org level.
Hello
Just have this query, is the workforce pool bound to only domain or can we sign in for all domains?
I can only really speak for Azure and SAML, and even then I'm struggling to get this working with Azure groups.... but you should be able to use any domain that is valid within your external IDP, as long as your IAM policy reflects the expected domain when specifying the user/entity