Opal + GCP Use Cases
Protect against breaches with least privilege
Grant just-in-time access to GCP resources that are auto-expiring and fully audited using Slack
Ensure that privileged roles have the appropriate identity governance and approval configurations, such as multi-stage approvals, max duration, custom fields, and more
Accelerate employee access on paved roads
Enable resource owners with the most context to approve access requests and provision access automatically via Slack
Accelerate employee onboarding by enabling managers to request on behalf of their reports or enabling self-service discovery of resource bundles
Automate on-call access by provisioning and deprovisioning access via on-call schedules
Simplify compliance without manual overhead
Automate user access reviews so compliance teams can snapshot user listings, assign reviewers to self-service reviews, propagate access changes, and generate an auditor-friendly access report
Review access of employees who have recently transferred roles or departments
Opal + GCP Integration Overview
GCP Compute
Opal leverages Google Cloud IAM capabilities to grant temporary and auditable access to virtual machines hosted using Google's Cloud Compute managed service. We automatically discover virtual machines you want to manage and allow developers to request access to them. Since this method of granting access is native to Google Cloud, it doesn't require managing private/public keys and gives you more time to ship your products.
GCP GKE
Opal lets you define fine-grained access controls to Kubernetes clusters on GKE allowing you to set specific permissions to and policies to Google Cloud users . This simplifies and unifies access controls to clusters while enabling developers to connect easily and request new access to many different clusters.
Buckets
Within a specific project, Google Cloud Storage buckets often contain sensitive data that needs to be monitored carefully. Using Opal, you're able to grant read or write-level access for specific buckets by pushing a single button in Slack.
Projects & Folders
Using Opal, you can grant temporary access to pre-defined and custom roles to all of your sensitive GCP Projects & Folders. When granting access to specific projects, Opal automatically double-checks the specific Google Cloud user has the policy attached to them once a resource owner approves their request in Slack. Access to folders works similarly, and granting access to the top-level cascades down to all projects and folders within it.
Can't find your desired integration?
Add your request to be among the first to know when it's available.