>

Onboarding as a Cloud SCC partner

This guide describes how to complete Cloud Security Command Center (Cloud SCC) partner onboarding by creating a GCP Marketplace solution and completing pre-setup steps. The guide covers the following use cases:

  • Onboarding using a customer's service account: your customer owns the service account and you write data for your customer.
  • Onboarding for self-service customers: your customer owns the service account and writes their own data using an app you provide.

Before you begin

Before you create a GCP Marketplace solution, you need to sign up for the technology partner program:

  • If you aren't already signed up as a partner, complete the Technology Partner Program Application with GCP Marketplace, and the corresponding business and service agreements.
  • If you're already signed up as a partner, email cloud-partner-onboarding@google.com to get started with a Cloud SCC listing. Your project is added to the access control list that lets you create a Managed Listing - Billed by Partner (also known as Standalone SaaS).

Onboarding using a customer's service account

This section describes how to complete onboarding in the following scenario:

  • You want to write Cloud SCC data on behalf of your customer;
  • You're using a service account key from the customer.

To set up the GCP Marketplace solution using the customer's service account, follow the steps below:

  1. Go to the GCP Console Partner Portal Solutions page.
    Go to the Solutions page
  2. To create a new solution, click Add Solution.
  3. In the New solution window that appears, complete the following:
    1. Add a Solution name and make note of the Solution ID. The solution name cannot be more than 32 characters.
    2. Under Solution type, select Managed service, then click Create.
  4. To view the solution details, click the Solution ID on the Solutions page.
  5. Next to Solution Metadata, click Edit.
  6. In the Edit solution metadata panel that appears, add the solution metadata.
    1. Under Search metadata, enter "Cloud SCC".
    2. If you want to test your solution before customers can access it, select the Hide solution from end users checkbox under Solution visibility. After you test your solution, you can clear the checkbox.
    3. Click Save.
  7. Next to Solution details, click Edit.
  8. In the Edit solution details panel that appears, add signup instructions for your customer:

    1. Under Signup URL, enter the signup URL in the following format:

      https://console.cloud.google.com/security/command-center/source-registration;partnerId=[PARTNER_ID];solutionId=[SOLUTION_ID]
      

      Where the variables correspond to the following:

      • [PARTNER_ID] is the ID assigned to you when you enrolled as a GCP Marketplace partner.
      • [SOLUTION_ID] is the ID assigned to the solution you created in the previous steps.
    2. In the Solution description box, add details about tasks that your customer should complete after they register. This section supports hyperlinks to external websites. You should include the following information:

      • How to generate a service account key for the service account by using the guide to creating and managing service account keys.
      • How to sign in to your website and provide you with the sourceId and service account key.
    3. On the Category ID drop-down list, select Security Command Center Services

    4. Click Save.

  9. After you've finished setting up your solution, contact cloud-partners@google.com to approve the solution.

  10. Use the Cloud SCC APIs to write data to Cloud SCC.

After your customer uses the signup URL to provide their sourceId and service account key, you can use them to write Cloud SCC data. When your customer adds your security tool as a new security source, your security findings will be displayed on the Cloud SCC dashboard.

Onboarding for self-service customers

This solution describes how to complete onboarding in the following scenario:

  • You do not want to write Cloud SCC data on behalf of a customer;
  • You want your customer to write Cloud SCC data on their own, using an app you provide;
  • Your customer will use their own service account.

To set up the GCP Marketplace solution for a self-service customer, follow the steps below:

  1. Go to the GCP Console Solutions page.
    Go to the Solutions page
  2. To create a new solution, click Add Solution.
  3. In the New solution window that appears, complete the following:
    1. Add a Solution name and make note of the Solution ID. The solution name cannot be more than 32 characters.
    2. Under Solution type, select Managed service, then click Create.
  4. To view the solution details, click the Solution ID on the Solutions page .
  5. Next to Solution Metadata, click Edit.
  6. In the Edit solution metadata panel, add the solution metadata.

    1. Under Search metadata, enter "Cloud SCC".
    2. If you want to test your solution before customers can access it, select the Hide solution from end users checkbox under Solution visibility. After you test your solution, you can clear the checkbox.
    3. Click Save.
  7. Next to Solution details, click Edit.

  8. In the Edit solution details panel that appears, add signup instructions for your customer:

    1. Under Signup URL, enter the signup URL in the following format:

      https://console.cloud.google.com/security/command-center/source-registration;partnerId=[PARTNER_ID];solutionId=[SOLUTION_ID]
      

      Where the variables correspond to the following:

      • [PARTNER_ID] is the ID assigned to you when you enrolled as a GCP Marketplace partner.
      • [SOLUTION_ID] is the ID assigned to the solution you created in the previous steps.
    2. In the Solution description box, add details about tasks that your customer should complete after they register. This section supports hyperlinks to external websites. You should include the following information:

      • Where to download your app to write Cloud SCC data.
      • How to set up, sign in and authenticate, and run your app.
      • Where to paste the sourceId.
      • How to use the Cloud SCC service account credentials in your app. For example, you might have the customer start a VM as the service account and run the app inside the VM.
    3. On the Category ID drop-down list, select Security Command Center Services

    4. Click Save.

  9. After you've finished setting up your solution, contact cloud-partners@google.com to approve the solution.

  10. Use the Cloud SCC APIs to enable your customers to write data to Cloud SCC using your app.

After your customer sets up the app, they'll be able to use your app to write their Cloud SCC data.

What's next

このページは役立ちましたか?評価をお願いいたします。

フィードバックを送信...

Cloud Security Command Center
ご不明な点がありましたら、Google のサポートページをご覧ください。