Learn how to manage service accounts and configure permissions for Identity and Access Management (IAM) in the Google Cloud Console.

Manage who can impersonate your service account by controlling access in the "Grant users access to this service account" section to enhance security.

1. Log in to the Google Cloud Console. Ensure you are signed in with an account that has the necessary permissions to manage service accounts.
2. Select an existing project or create a new one.
3. Select IAM & Admin and then select Service Accounts.
4. Create the service account by selecting the + CREATE SERVICE ACCOUNT
5. At the top of the page, provide a name and description for the service account
6. Select CREATE.
7. Assign the following roles to the service account:
   • Cloud Run Invoker to invoke the Google function if it is already deployed or will be deployed using another service account.
   • Cloud Functions Developer and Storage Object Admin to deploy a Google function.
8. Select CONTINUE and DONE to complete the setup.
9. Navigate to IAM & Admin > Service Accounts to configure Reltio impersonation permissions.
10. Select the service account that you want the source account to impersonate.
11. Navigate to Permissions and then View by Principals.
12. Select + GRANT ACCESS.
13. Enter the email address of the service account provided by Reltio in the Add principals field and assign the following roles:
    • Service Account User to allow the source account to impersonate the target account.
    • Service Account Token Creator if the source needs to generate tokens for authentication or authorization purposes.
14. Select SAVE to apply the new permissions.
    Attention: Once the service account is created, share the service account email with Reltio Support for setup.