Migrate SOAR permissions to Google Cloud IAM

This document guides both Google Security Operations unified customers and SOAR standalone users who need to migrate their environment from existing SOAR permission groups to Google Cloud IAM for access control.

The Google Cloud console verification process automates the transition from SOAR permissions to Google Cloud IAM by doing the following key steps:

• Reads existing permissions configurations, including custom permission groups and user assignments.
• Generates custom IAM roles that replicate the existing permissions groups.
• Maps existing users and groups to newly created IAM roles to make sure all access privileges are retained.
• Creates IAM policies to bind users and groups to their assigned roles.

Before you begin

Before starting the migration, confirm the following requirements are met:

• ** IdP group mapping**: Verify that all users are mapped to Identity Provider (IdP) groups. For information on mapping see Map users in the platform.

• Permissions: Confirm you have the necessary permissions:

  • Chronicle API Admin
  • Chronicle Service Admin
  • Chronicle SOAR Admin

Migrate SOAR permissions

To migrate your SOAR permissions to Google Cloud IAM, follow these steps:

1. In the Google Cloud console, go to Google SecOps administration settings.
2. Go to the SOAR IAM Migration tab.
3. In the Migrate role bindings section, copy the Google Cloud CLI commands.
4. On the Google Cloud toolbar, click Activate Cloud Shell.
5. In the terminal window, paste the Google Cloud CLI commands and press Enter.
6. Click Confirm on the verification message that appears.
7. Click Verify and confirm the system returns response code 200.
8. Return to the Google Cloud console, and in the section titled Finished with this task, click Enable IAM*.