Detections
Analytics

Ensure that corporate login credentials are used

LOW

Description

Description:

Use corporate login credentials instead of personal accounts, such as Gmail accounts.

Rationale:

It is recommended fully-managed corporate Google accounts be used for increased visibility, auditing, and controlling access to Cloud Platform resources. Email accounts based outside of the user's organization, such as personal accounts, should not be used for business purposes.

None.

Remediation

Follow the documentation and setup corporate login accounts.

Prevention:
To ensure that no email addresses outside the organization can be granted IAM permissions to its Google Cloud projects, folders or organization, turn on the Organization Policy for 'Domain Restricted Sharing'. Learn more at: https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains.

Policy Details

Rule Reference ID: AC_GCP_0008
CSP: GCP
Remediation Available: Yes
Domain: Identity and Access Management
Resource: google_project_iam_binding
Resource Category: Identity and Access Management (IAM)
Resource Type: Policy

Frameworks