Google Cloud Account Auto Sync

SpaceONE automatically synchronizes Google Cloud’s organizational hierarchy structure through a Trusted Account. It synchronizes by identifying the hierarchy based on each subscription, and synchronization occurs for SpaceONE’s workspaces, project groups, projects, and service accounts.

Hierarchy Structure Synchronization

Auto Sync Criteria

Google Cloud Hierarchy Structure Reference

Google Cloud’s management structure follows an Organization > Folder > Project hierarchy, which is identical to SpaceONE’s structure. Similarly, Google Cloud accounts have Service Accounts with identical names.

Permission Grant

To use the auto-sync feature in SpaceONE, you must add Organization Viewer and Folder Viewer roles to the Google Cloud service account used in the Trusted Account settings. This must be executed at the Organization Level.

Auto Sync Results

SpaceONE’s account auto-sync feature applies differently depending on the Trusted Account’s Scope.

Domain Scope Trusted Account

Trusted Accounts created in the Domain can be created in Admin Mode and can be configured in two ways:

1. The Organization becomes a single SpaceONE Workspace, enabling synchronization of all underlying projects and accounts.

   Google Cloud	SpaceONE(Cloudforet)
   Organization	Workspace
   Folder	Project Group
   Project	Project
   Service Account	Service Account

2. Top-level Google Cloud Folders can be synchronized as multiple Workspaces. This optimizes performance and management by organizing the management system at the organizational level.

   Google Cloud	SpaceONE(Cloudforet)
   Top-level Folder	Workspace
   Sub Folder	Project Group
   Project	Project
   Service Account	Service Account

Workspace Scope Trusted Account

For Trusted Accounts created in a Workspace, synchronization applies below the Workspace level.