Onboarding GCP

Overview

Prisma Cloud DSPM Orchestrator is used to securely detect and classify sensitive information in your environment, while keeping your data in the organization. You can integrate all of your GCP projects with Prisma Cloud DSPM and monitor them using Orchestrator. You can either use a single Orchestrator to monitor all projects, or use multiple Orchestrators in case separation between environments is required.

Onboarding Prisma Cloud DSPM Orchestrator to Your GCP Environment

When integrating a GCP project with Prisma Cloud DSPM for the first time, you need to approve the installation of Orchestrator in your project to enable Prisma Cloud DSPM to monitor your environment.

1. Sign in to your Prisma Cloud DSPM account.
2. From the left menu, select Settings.

3. Under Integrations, from the GCP option, click Configure .

4. In the Add New drop down, opt to add a new account by using either Cloud Shell or by Terraform.
5. To continue with the onboarding, click a link below according to your chosen option:
   • Add a new project using Cloud Shell
   • Add a new project using Terraform

Add a new project using Cloud Shell

1. Sign in to the GCP project where you want to install Orchestrator.
   Note

   Ensure your project has Administrator privileges and the permissions to create IAM roles and service accounts.

2. Enter your Project ID and select a Label for it.
3. Select whether you want to use an existing Orchestrator (in which case, you can select the required Orchestrator from the dropdown menu) or deploy a new Orchestrator in this project.
4. Click Get CloudShell command.
5. From the generated Cloud Shell command, click Copy code snippet.
6. Click Open Cloud Shell.A GCP console will open in a new tab. Do not close the Prisma Cloud DSPM tab.
7. From the bottom of the GCP console, under Cloud Shell, click Continue.
8. Paste the copied Cloud Shell command into the shell, then click Enter and Authorize.
9. Allow the script to run.
10. When the script finishes running, go back to Dig (this tab is automatically refreshed) and click Done. The new project is now listed under Connected Projects in your GCP configuration page.

Add a new project using Terraform

1. After choosing to add a new project using Terraform, the Connect New Project window opens
2. Specify the project ID using the export command.
3. Select whether you want to use an existing Orchestrator (in which case, you can select the required Orchestrator from the dropdown menu) or deploy a new Orchestrator in this project.
4. Click Get Terraform command to generate a Terraform module.
5.  Click Copy to copy the Terraform module, and click Done.
   Important: Do not modify the Terraform module. If the module is modified, Prisma Cloud DSPM cannot provide seamless updates and manage permissions.
6. Insert the Terraform module into your Terraform pipeline.
7. Run the Terraform module. After the module has successfully run, your Terraform-managed GCP account is automatically onboarded into Prisma Cloud DSPM, and listed under Connected Accounts in your GCP configuration page.

Connect additional GCP accounts

After connecting a first GCP account and installing Orchestrator in it, you can connect more GCP accounts that you want to be monitored by Prisma Cloud DSPM. You can either add an existing Orchestrator to monitor all accounts, or install a new Orchestrator for each account.

1. Add a new account as described above.
2. Select whether you want to use an existing Orchestrator (in which case, you can select the required Orchestrator from the dropdown menu) or deploy a new Orchestrator in this account.
3. Click Get Cloud Shell/Terraform command, and add an account by using CloudShell or Terraform. When added, the new account is listed under Connected Accounts in your GCP configuration page.