So now what happened is that I first used Json key to authenticate the Chronicle API instance, the test was successful, then I moved to workload identity again the test was successful, I removed the permissions for the workload identity service account then also the test was successful. Lastly I didn't provide any workload identity or Json still the test was successful. Please explain why is this happening.
Solved
Gooogle Chronocle API
+1- Bronze 1
Best answer by Eoved
Hello,
It sounds like the JSON key you are using was created at the GCP IAM project level and is associated with a service account that has Chronicle specific permissions.
If that’s the case, the authentication is handled directly via GCP IAM and the access is scoped to the project and roles assigned to that service account.
Because the permissions are granted explicitly at the project level and not via an external Identity Provider or workforce identity federation, this setup should not be impacted by other identity tools or IdP configurations. As long as the service account, its roles, and the key itself remain unchanged and valid, access to Chronicle should continue to work as expected.
+8- Bronze 2
- Answer
Hello,
It sounds like the JSON key you are using was created at the GCP IAM project level and is associated with a service account that has Chronicle specific permissions.
If that’s the case, the authentication is handled directly via GCP IAM and the access is scoped to the project and roles assigned to that service account.
Because the permissions are granted explicitly at the project level and not via an external Identity Provider or workforce identity federation, this setup should not be impacted by other identity tools or IdP configurations. As long as the service account, its roles, and the key itself remain unchanged and valid, access to Chronicle should continue to work as expected.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.