Domain server

Google Cloud Platform journey: verifying your domain

In the previous two articles in this series, we started to learn about Google Cloud Platform (GCP) and looked at some comparisons with Microsoft Azure features. So far in this series, we’ve provisioned our GCP account and started establishing the organization, which requires creating the basic structure that will allow the business to grow in the cloud. This process includes creating the organization, which we did in the previous article. We will now continue by validating the domain on Google Cloud, creating core groups to enable role segmentation, and checking what these changes do behind the curtain as we go.

Step 1: Verify your first Google Cloud Platform domain

It’s worth mentioning that although everything in Google is in Smurf’s Land (blue bars at the top), we have to pay attention to the name on the left. When using Cloud Identity, we are in the Google administration, which means that to access this location, we must type https://admin.google.com.

The first page of the Google Cloud Platform Console is to verify the domain we defined in the series of questions we just completed. Click on To verify to verify the domain, and the next page will be a description of the process we are about to begin. Click on Continue.

Real estate and new user patience seems like a cheap resource these days, so the next page will be very similar to the information we just saw in the previous step (which makes this page useless), but with the data we need to use to prove our domain.

Long story short, we need to add a TXT record in our DNS to prove that we own this domain. When finished, click Verify my domain. Refresh is non-existent if anything goes south, you can wait five minutes before discovering a typo.

google cloud domain

If you don’t feel comfortable messing with your TXT records for some reason, you can choose other methods, such as CNAME record, META tag (on your website’s homepage ) or uploading an HTML file to your main website on that domain.

After verifying your domain name, we can start creating new users or go to the main page by clicking Configure GCP Cloud Console now (which is incorrect because this link sends you to the cloud admin and not the console).

google cloud domain

On the main Google Admin page, we have access to all identity-related elements, such as users and groups.

google cloud domain

Checking progress in the GCP Console

Going back to the GCP Console, same wizard and same step, the result will be similar to the page listed below. We created a new account as an administrator in Cloud Identity, and this account does not match the account we are currently logged into.

Click on Change account then select the administrator that we defined in the previous section. After authenticating and answering a few questions because you don’t have to do anything else, you will be prompted for a page refresh pop-up (Yes, that’s right).

The result will be a new organization listed. Click on Continuethen on Mark task as complete.

Alleluia!! We have completed the rather long stage! Let’s work on the remaining steps.

Step 2: Add users and groups to your organization

We return to the list of 10 commandments (sorry, I was thinking about the size of the description to go through them, but I meant steps!). We can now verify that the organization (item 1) is selected. Let’s click Open (Item 2) to add additional users and some groups to support the GCP environment in the future.

The process of creating your organization may involve multiple administrators, and the second step wizard allows you to create users. It can be easily executed by clicking on the Access the Google Admin console, which will open a new tab in your browser in the area for creating new users in Cloud Identity. You can complete the process with a single user. When finished, click Continue.

Second, we need to create groups to cover the main areas of your GCP administration: organization, network, and billing. Some additional groups are also suggested, such as DevOps, Developers, and Security.

To create them all based on Google’s suggestions, click Create and customize groups.

A new window will appear where the proposed names will be created in Cloud Identity. As shown in the image below, we can customize the suggested names by expanding them and entering the new names.

google cloud domain

After the group creation process is completed, a list with all existing groups and members will be populated automatically. We can even add members directly using the link next to each new group.

In this area, Google has been preparing an organization to support delegation since its inception. Azure requires in-depth knowledge of the platform to access management groups and start delegating accordingly using Azure AD groups.

Step 3: Set up admin access to your organization

In this step, we will configure appropriate access to the GCP-organization-admins group that we created in the previous step. A nice feature of GCP is that the helper provides information based on the current user’s context (item 1). Some of the roles that will be added are documented in point 2.

As part of the steps it asks to copy the group name and then there is a Grant access button. It was pretty cool! Click on To safeguard, and this step is complete! When we click on it we will have all the roles ready to apply, paste the name of the group and click on To safeguard.

Our Google Cloud journey still has miles to go!

We have just reached an important milestone in our GCP journey. We validated the Google Cloud Platform domain that our organization will use, created the primary groups that will enable role segmentation to increase our security posture, and defined the organization’s administrators.

In our next article, we will manage the hierarchical structure of the organization and organize our environment using GCP components.

Featured Image: Shutterstock


Post views:
396

Following Google Cloud Platform journey articles