Google Groups

    In order to access a user’s group membership, we must use the Google Admin Directory API. We will setup a Google Cloud Platform (GCP) service account and grant it access to the Directory API.

    1. Enable the Admin SDK here .

      1. Navigate to the “IAM & Admin” –> Service accounts section.
      2. Click “Create Service Account.”
      3. Select “Furnish a new private key” and select the JSON format.
      4. Select “Enable G Suite Domain-wide Delegation.”
      5. Click “Create”, which should download the private key for your new service account (see figure below).
      6. Transfer this JSON file to a known location in your Spinnaker deployment.
      7. You should see your newly created service account in the list, along with “DwD” and an option to “View Client ID”. Click “View Client ID” (see figure below).
      8. Note the Client ID displayed. It will be used in the next step.

      View the client ID

    Configure with Halyard

    1. Make sure you’ve configured roles for accounts, as described here . Each role included in the command must match the name of a group in the organization.