> For the complete documentation index, see [llms.txt](https://docs.forestall.io/fsprotect/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.forestall.io/fsprotect/settings/gcp-configurations.md).
# GCP Configurations
{% content-ref url="/pages/vssxMMlRnoWFhJPcB3RP" %}
[Configuration With Google CLI](/fsprotect/settings/gcp-configurations/configuration-with-google-cli.md)
{% endcontent-ref %}
{% content-ref url="/pages/aLzgBgmWGijjlYcp6WZ4" %}
[Configuration With Google Cloud Platform](/fsprotect/settings/gcp-configurations/configuration-with-google-cloud-platform.md)
{% endcontent-ref %}
Once you have finished the configurations above, proceed to the Forestall GCP Configuration page. You will need to complete several required fields on this page before initiating a scan.
GCP Configuration Page
### 1. Upload the Service Account Key
The most critical part of this page is the `.json` file you generated earlier.
* Locate your file: Find the `forestall-scanner-sa-key.json` file on your computer (the one you downloaded from Cloud Shell).
* Action: Drag and drop this file into the box labeled "Drag & drop or click to select your service account key file."
* Purpose: This allows the application to authenticate as the Service Account and perform the scanning tasks defined by the roles you granted.
GCP Configuration With Uploaded Service Account Key and Admin Email
### 2. Enter Admin Email
* Field: Admin Email
* Action: Enter the email address of a Super Administrator for your Google Workspace/Cloud Identity account.
* Why? The "Required Permissions" listed on the right (like `AdminDirectoryUserReadonly`) often require Domain-Wide Delegation. The app uses this email address to "impersonate" an admin to read your user and group directories.
### 3. Organization & Customer Details
GCP Configuration After Tested
* Organization Display Name: Enter a friendly name for your company (e.g., "My Enterprise Org"). This is for internal labeling only.
* Customer ID: \* This is a unique identifier for your Google Workspace account (usually starts with `C`).
* How to find it: Go to the [Google Admin Console](https://admin.google.com/) > Account > Account Settings. Look for the "Customer ID" field.
### 4. Verify "Required Permissions"
The list on the right shows specific API scopes the app needs:
* `AdminDirectoryUserReadonly`: To see user accounts.
* `AdminDirectoryGroupReadonly`: To see group memberships.
* `AdminDirectoryCustomerReadonly`: To see organization-level settings.
* `CloudIdentityDevicesReadonly`: To see managed devices.
> If these items have orange question marks or red icons, it means you may still need to enable the Admin SDK API in your Google Cloud Project or set up Domain-Wide Delegation in the Google Admin Console for your Service Account's Client ID.
***
### 5. Test and Save
1. Click "Test": Before saving, click the blue Test button. This triggers a dry-run connection using the key and the Admin Email you provided.
2. Success Check: Look for a green success message. If it fails, double-check that the `admin.googleapis.com` and `cloudidentity.googleapis.com` APIs are enabled in your GCP project.
3. Click "Save": Once the test passes, click Save to finalize the configuration.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.forestall.io/fsprotect/settings/gcp-configurations.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.