Cannot assign group for Chronicle access using IAM

abaz · 09-10-2024 11:11 PM

Hello, I got an Unauthorized error like the image below "There was a problem. An error occurred during authentication. Please try again, and if the problem continues, contact support."
that's the error response.

I use SSO configuration using Google Cloud Identity.

I have added the role of the email group in IAM: Chronicle API Admin, Chronicle Service Admin, Chronicle SOAR Admin.

But after trying to access from one of the members in the email group, I get an error like the image.

Is there something missing from my configuration?

Thanks

dnehoda

Hello,

Please take a look at this article from a colleague of mine regarding Cloud Identity and it's configuration. Seems you may potentially have missed a step.

https://medium.com/@thatsiemguy/native-google-authentication-in-google-cloud-secops-f997f242dd03

abird141

I used this exact link link great resource! If you are using Okta groups for IAM which isn't specifically mentioned in the blog about applying the Workforce Federation and the IAM permissions for each group but it would be after the step of creating the Workforce Federation-> principalSet://iam.googleapis.com/locations/global/workforcePools/<WorkforcePoolNameRecentlyCreated>/group/<Admin Group name that is in Okta>

and you do have to be exact cause you'll copy and paste it into the IAM Principal.

and setting up the Chronicle API (permission) associated with the group permissions it would need i.e Chronicle Admin would need Chronicle API Admin in GCP.

abaz

yup that's cool article!

I'm using google workspace groups @abird141

abaz

Hi @dnehoda thank you for your response!

The steps I took were all according to the instructions, and I also double checked everything and there was nothing different.

Webinar May 29th: Log Ingestion: Bindplane + Google SecOps

Cannot assign group for Chronicle access using IAM