#Manage Google Cloud Service Account Profiles

Organizations with a working subscription to the Cloud Backup for IaaS +PaaS service can manage Google Cloud service account profiles.

To manage Google Cloud service account profiles, navigate to Management > Service account > Google Cloud service account. You can perform the following actions:

• Create – Click Create. Then, refer to Create a Google Cloud Service Account Profile for details.

• Edit – Select a service account profile and click Edit on the ribbon.

  When you edit a service account profile, you can enter a new value for Private key and click Validate. Once the new private key has been validated, the Project ID drop-down list will display IDs matched with this private key, and you can select one or more items from the Project ID drop-down list. For additional details about editing fields for a profile, refer to Create a Google Cloud Service Account Profile.

• Delete – Select one or more service account profiles and click Delete. A pop-up window appears asking for your confirmation. Click Confirm to confirm your deletion.

#Create a Google Cloud Service Account Profile

To create a Google Cloud service account profile, navigate to Management > Service account > Google Cloud service account, click Create under the Google Cloud service account tab, and then configure the following settings:

1. Profile name – Enter a name for the service account profile.

2. Select service – Select your desired services from the drop-down list.

3. Service account email – Enter the client email that is included in the JSON file downloaded from the Google Cloud Platform when you create keys for the service account.

4. Authentication method – Select an authentication method.

   • Service account impersonation – Select to authenticate by impersonating a service account with delegated access. To use this method, you must first configure your Google Cloud Platform organization policy. For details, refer to the Service Account Impersonation section.

   • Private key – Enter the private key that is included in the JSON file downloaded from the Google Cloud Platform when you create keys for the service account. Click the Validate button to validate the private key.

     For the Private key value, refer to the Private Key section.

5. Project ID – Once a private key has been validated, the Project ID drop-down list will display IDs matched with this private key, and you can select one or more items from the Project ID drop-down list.

6. Click Save.

#Service Account Impersonation

If you select Service account impersonation as the authentication method, you need to follow the instructions below to configure your Google Cloud Platform organization policy and grant access to the service account you want to impersonate.

1. Go to Google Cloud IAM.

2. Click Organization Policies.

3. Locate and click the policy with ID iam.allowedPolicyMemberDomains.

4. On the Policy details page, click Manage policy.

   

5. Under Applies to, select Override parent's policy.

6. Click Add a rule and complete the following configurations:

   • Policy values – Select custom.

   • Policy type – Select Allow.

   • Custom values – Enter the AvePoint’s Customer ID C028l9fyx.

7. Click Done.

8. To enforce the policy, click Set policy.

9. In the Google Cloud IAM, click Service Accounts and select the project where your service account has been created.

   

10. Click your service account, and then click the Principals with access tab.

11. Click Grant access.

    

12. In the Grant access panel, complete the following configurations:

    • Add principals - Enter the email address of the service account.

    • Assign role - Click Add another role, and then select Service Account Token Creator role.

13. Click Save.

#Private Key

For the Service account email and Private key values, refer to the instructions below to create the service account key and download the JSON file.

1. Go to Google Cloud IAM.

2. Click Service Accounts and select the project where your service account has been created.

   

3. Click your service account, and then click the Keys tab.

4. Click Add key, and then click Create new key from the drop-down menu.

   

5. Select the JSON key type and click Create.

6. Open the downloaded file. Find the Project key and Client email values.