Access a Google SecOps instance
This document describes what Google Security Operations administrators need to do to ensure that users can access the newly provisioned Google SecOps instance.
After the Google SecOps instance has been set up, an administrator can log in to the instance provided that the administrator's IdP group or email is assigned the Chronicle API Admin role within Google Cloud IAM.
Following a successful login, the administrator must complete the necessary steps to fulfil all the following requirements to ensure that the users can access the instance:
- Users are configured as part of the authentication setup (Cloud Identity or Workforce Identity Federation).
- Users are assigned to the specific predefined or custom roles in IAM using feature RBAC according to their feature access requirements.
- Users are mapped to the required SOAR environments, SOAR permission groups (before migration of SOAR permission groups to Google Cloud IAM), and SOAR SOC roles in the Group Mapping page.
The Default Access Settings toggle on the Group Mapping page is turned on by default. Consequently, any users and groups not explicitly defined in the Group Mapping table are granted the Administrator SOC role and access to All Environments. After you configure the required records (rows) in the Group Mappings table, we recommend that you turn off the Default Access Settings toggle.
Need more help? Get answers from Community members and Google SecOps professionals.