Skip to content

Summary

GCP Access Management: Adding a New User

This document explains how to grant Google Cloud Platform (GCP) access to a new team member at Appcircle.
Our access model is based on Microsoft Entra ID (Azure AD) group membership, which is synchronized to Google via SSO / directory sync, and then used to grant access in GCP.

When a new person joins the company:

  1. They must be added to the Entra ID group dedicated for GCP access.
  2. That group membership is synchronized to Google (SSO / directory sync).
  3. The user becomes available on the Google side and can be referenced in GCP as:

<username>@cloud.appcircle.io

If the user is not a member of the Entra ID GCP group, “Grant Access to Appcircle” cannot be performed.

Note

Appcircle currently uses Drata for SOC 2 compliance processes. Drata performs certain automated tests by integrating with GCP using a dedicated read-only service account. If our Drata portal integration is discontinued in the future (for example, if Drata is replaced with another SOC 2/compliance platform), this service account must be removed to prevent unnecessary third-party access.

dratareadonly@appcircle.iam.gserviceaccount.com