Map users in the Google SecOps platform using Cloud Identity
This document shows you how to authenticate and map users with secure identification to the Google Security Operations platform. This page illustrates the configuration process using Cloud Identity or Google Workspace.
Control user access
There are multiple ways to manage user access to different aspects of the platform:
- Permissions groups: set user access levels by assigning them to specific permission groups. These groups determine which modules and submodules users can view or edit. For example, a user might have access to Cases and Workdesk pages, but be restricted from Playbooks and Settings. For more information, see Work with permission groups.
- SOC roles: Define the role of a group of users. You can assign users to SOC roles to streamline task management. Instead of assigning cases, actions, or playbooks to individuals, they can be assigned to a SOC role. Users can see cases assigned to them, their role, or additional roles. For more information, see Work with roles.
- Environments or environment groups: Configure environments or environment groups to segment data across different networks or business units, commonly used by businesses and Managed Security Service Providers (MSSPs). Users can only access data within the environments or groups assigned to them. For more information, see Add a new environment.
Map email user groups
The combination of permission groups, SOC roles, and environments determines the Google SecOps user journey for each group in the Google SecOps platform.
There are various options for mapping. You need to map users with single or multiple permission groups, SOC roles and environments. This ensures that different users mapped to different groups inherit all the necessary permission levels.
By default, the Google SecOps platform includes a group of default administrators.
To map email groups, follow these steps:
- Go to Settings > SOAR Settings > Advanced > Group Mapping.
- Make sure you have the following available:
- Group Names: The name you assign to an email group, such as "T1 analysts".
- Group Members: The collection of the user emails that make up that group.
- Click Add and map the parameters for each group.
- Once you've finished, click Add. Each time a user signs in to the platform, they are automatically added to the User Management page, found under Settings > Organization.
When users attempt to sign in to the Google SecOps platform, but their email group hasn't been mapped, to prevent these users from being rejected, we recommend enabling the Default Access Settings and setting administrator permissions on this page. After the initial administrator setup is complete, we suggest adjusting the administrator permissions to a more minimal level of permissions.
For information about multiple permission in group mapping, see Map users with multiple control access parameters.
Map groups to access control parameters
This section describes how to map different email groups to one or more access control parameters within the Group Mapping page. This approach is beneficial for customers who want to onboard and provision user groups based on specific customizations, rather than adhering to the standardization of the Google SecOps platform. While mapping groups to parameters may require you to create more groups initially, once the mapping is set, new users can join Google SecOps without the need to create additional groups.
Use case: Assign unique permission fields to each email group
The following example illustrates how to use this feature to help onboard and provision users according to your company's needs.
Your company has three different personas:
- Security analysts (containing group members Sasha and Tal)
- SOC engineers (containing group members Quinn and Noam)
- NOC engineers (containing group members Kim and Kai)
Security analysts and SOC Engineers have the same Google SecOps Permission Groups (Analyst) and SOC Roles (Tier 1), but while the Security Analysts have permissions for the London environment, the SOC Engineers have permissions for the Manchester environment. Meanwhile, NOC Engineers have permissions for the London environment, but are assigned the Basic Permission Group and Tier 2 SOC Role.
See the following table:
| Group | Permission Group | SOC Role | Environment | Group Members |
|---|---|---|---|---|
| Security analysts | Analyst | Tier 1 | London | sasha@company.com, tal@company.com |
| SOC engineers | Analyst | Tier 1 | Manchester | quinn@company.com, noam@company.com |
| NOC engineers | Basic | Tier 2 | London | kim@company.com, kai@company.com |
To set up email groups in Google SecOps, do the following:
-
In Google SecOps, create the following email groups:
- Security analysts (containing Sasha and Tal)
- SOC engineers (containing Quinn and Noam)
- NOC engineers (containing Kim and Kai)
- In Google SecOps, go to Settings > SOAR Settings > Advanced > Group Mapping.
- Click Add Group.
- Fill out dialog as follows. Group = Security analysts. Permission Group = Analyst, SOC Role = Tier 1. Environment = leave blank. Group Members = sasha@company.com, tal@company.com.
- Fill out another dialog as follows. Group = SOC engineers. Permission Group = Analyst, SOC Role = Tier 1. Environment = leave blank. Group Members = quinn@company.com, noam@company.com.
- Fill out another dialog as follows: IdP Group = NOC engineers. Permission Group = Basic, SOC Role = Tier 2. Environment = leave blank. Group Members = kim@company.com, kai@company.com.
- Fill out another dialog as follows: IdP Group = London. Permission Group = leave blank. SOC Role = leave blank. Group Members = leave blank. Environment = London.
- Fill out another dialog as follows: IdP Group = Manchester. Permission Group = leave blank. SOC Role = leave blank. Group Members = leave blank. Environment = Manchester.
For customers who use the Case Federation feature, see Case Federation for Google SecOps.
Need more help? Get answers from Community members and Google SecOps professionals.