Summary¶
GCP Access Management: Adding a New User¶
This document explains how to grant Google Cloud Platform (GCP) access to a new team member at Appcircle.
Our access model is based on Microsoft Entra ID (Azure AD) group membership, which is synchronized to Google via SSO / directory sync, and then used to grant access in GCP.
When a new person joins the company:
- They must be added to the Entra ID group dedicated for GCP access.
- That group membership is synchronized to Google (SSO / directory sync).
- The user becomes available on the Google side and can be referenced in GCP as:
<username>@cloud.appcircle.io
If the user is not a member of the Entra ID GCP group, “Grant Access to Appcircle” cannot be performed.
Note
Appcircle currently uses Drata for SOC 2 compliance processes. Drata performs certain automated tests by integrating with GCP using a dedicated read-only service account. If our Drata portal integration is discontinued in the future (for example, if Drata is replaced with another SOC 2/compliance platform), this service account must be removed to prevent unnecessary third-party access.
dratareadonly@appcircle.iam.gserviceaccount.com