39 lines
1.2 KiB
Markdown
39 lines
1.2 KiB
Markdown
# Configure OIDC login for GCP
|
|
|
|
This document outlines the steps to configure OpenID Connect (OIDC) login for Google Cloud Platform (GCP) using **Auth0 by Okta**.
|
|
|
|
## Prerequisites:
|
|
- Auth0 by Okta set up as an OIDC provider.
|
|
- GCP IAM access.
|
|
|
|
## Steps:
|
|
|
|
1. **Create a Workload Identity Pool**:
|
|
- Open the **Google Cloud Console**.
|
|
- Navigate to **IAM & Admin** > **Workload Identity Federation**.
|
|
- Create a new **Workload Identity Pool**.
|
|
|
|
2. **Configure OIDC Identity Provider**:
|
|
- Choose **OIDC** as the identity provider type.
|
|
- Enter the Auth0 **Issuer URL**: `https://your-tenant-name.us.auth0.com/`.
|
|
|
|
3. **Configure Service Account Binding**:
|
|
- Choose a service account that will be authenticated through OIDC.
|
|
- Bind the service account to the Workload Identity Pool.
|
|
- Grant necessary IAM roles (e.g., `roles/storage.admin` for GCS access).
|
|
|
|
4. **Trust Policy Configuration**:
|
|
- Configure the trust policy to allow Auth0 users to authenticate:
|
|
```json
|
|
{
|
|
"issuer": "https://your-tenant-name.us.auth0.com/",
|
|
"subject": "user_id",
|
|
"audiences": [
|
|
"your-client-id"
|
|
]
|
|
}
|
|
```
|
|
|
|
5. **Test Authentication**:
|
|
- Use OIDC tokens generated by Auth0 to authenticate and access GCP services.
|