-
Notifications
You must be signed in to change notification settings - Fork 228
CSOAR-4145: Google firebase: create documentation #6026
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit
Hold shift + click to select a range
35db422
CSOAR-4145: added google firebase info
mahendrak-sumo bd0946b
Merge branch 'main' into CSOAR-4145
mahendrak-sumo bba5b30
Merge branch 'main' into CSOAR-4145
mahendrak-sumo 6a954ac
CSOAR-4145: fixed issues
mahendrak-sumo b611da1
Merge branch 'CSOAR-4145' of github.com:mahendrak-sumo/sumologic-docu…
mahendrak-sumo 6f3b072
Merge branch 'main' into CSOAR-4145
mahendrak-sumo cb6da46
Merge branch 'main' into CSOAR-4145
mahendrak-sumo dd3f802
Updates from review
jpipkin1 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
102 changes: 102 additions & 0 deletions
102
...latform-services/automation-service/app-central/integrations/google-firebase.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| --- | ||
| title: Google Firebase | ||
| description: '' | ||
| --- | ||
|
|
||
| import useBaseUrl from '@docusaurus/useBaseUrl'; | ||
|
|
||
| <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/google.png')} alt="google" width="80"/> | ||
|
|
||
| ***Version: 1.0 | ||
| Updated: Nov 15, 2025*** | ||
|
|
||
| Google Firebase Authentication is a secure, scalable identity management service that enables user sign-up, sign-in, and access control across web and mobile applications. | ||
|
|
||
| ## Actions | ||
|
|
||
| * **List Users** (*Enrichment*) - List all the users account information. | ||
| * **Get User** (*Enrichment*) - Get the user account information. | ||
| * **Delete User** (*Containment*) - Remove a user account from the system. | ||
| * **Update User Attributes** (*Containment*) - Modify user details such as password, status, or settings. | ||
| * **List Sign-in Methods** (*Enrichment*) - View authentication providers linked to a user. | ||
|
|
||
| ## Google Firebase Authentication configuration | ||
|
|
||
| Our Google Firebase integration support two types of authentication, Service Account and WIF (Workload Identity Federation). We recommend using WIF since it is more secure and easier to manage. For more information, see [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). | ||
|
|
||
| ## Required AWS details from Sumo Logic | ||
|
|
||
| To configure the Google Firebase integration using WIF authentication, you need the following AWS details from Sumo Logic. These details are essential for setting up the Workload Identity Federation (WIF) credentials in Google Workspace: | ||
| * Deployment name is the unique name of your Sumo Logic [deployment](/docs/api/about-apis/getting-started/#documentation), for example, `dub`, `fra`, etc. | ||
| * Sumo Logic AWS account ID: `926226587429` | ||
| * Sumo Logic AWS role: `<deployment_name>-csoar-automation-gcpiam` | ||
| * Sumo Logic AWS Lambda function: `<deployment_name>-csoar-automation-gcpiam` | ||
| * Full ARN: `arn:aws:sts::926226587429:assumed-role/<deployment_name>-csoar-automation-gcpiam/<deployment_name>-csoar-automation-gcpiam` | ||
|
|
||
|
|
||
| ### Workload Identity Federation (WIF) authentication | ||
|
|
||
| To [create WIF credentials](https://cloud.google.com/iam/docs/workload-identity-federation) in Google Workspace needed to configure the Google Firebase integration, follow these steps: | ||
| 1. Log in to the [Google Cloud](https://console.cloud.google.com) portal. | ||
| 2. Select a Google Cloud project (or create a new one). | ||
| 3. Go to the **API&Services** | ||
| 4. In the same page click on **ENABLED API AND SERVICES** and search for Cloud Resource Manager API, IAM Service Account Credentials API, Identity and Access Management (IAM) API, Security Token Service API, Google Firebase API and enable it all. | ||
| 5. Go to the **IAM & Admin** > **Service Accounts** page. | ||
| 6. Click **CREATE SERVICE ACCOUNT** [Service Account](https://cloud.google.com/iam/docs/service-accounts-create) is required to access the Google Firebase. | ||
| 7. While creating the service account, in **Permissions** add the role **Service Account Token Creator** and click on **DONE**. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-chat/google-chat-11.png')} style={{border:'1px solid gray'}} alt="google-chat" width="800"/> | ||
| 8. Go to the **IAM & Admin** > **Workload Identity Federation** page. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-chat/google-chat-4.png')} style={{border:'1px solid gray'}} alt="google-chat" width="800"/> | ||
| 9. Click **CREATE POOL**, provide the details, and click on **CONTINUE**. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-chat/google-chat-5.png')} style={{border:'1px solid gray'}} alt="google-chat" width="800"/> | ||
| 10. Add **Provider details**. Select **AWS** as the provider type and provide the details of the AWS Account ID which is provided by Sumo Logic. Click on **CONTINUE** and **SAVE**. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-chat/google-chat-6.png')} style={{border:'1px solid gray'}} alt="google-chat" width="800"/> | ||
| 11. Now you will see the created pool and provider. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-chat/google-chat-8.png')} style={{border:'1px solid gray'}} alt="google-chat" width="800"/> | ||
| 12. Now we have to build a principal name to configure in Sumo Logic. The format of the principal name is: `principalSet://iam.googleapis.com/projects/{YourProjectID}/locations/global/workloadIdentityPools/{YourPoolName}/attribute.aws_role/arn:aws:sts::{SumoAWSAccountID}:assumed-role/{SumoAWSRole}/{SumoAWSLambdaFunction}`. | ||
| 13. Go to the **IAM & Admin** > **IAM** page and click on **Grant Access** to add a new principal. | ||
| 14. In the **New principals** field, provide the above principal name and select the role **Workload Identity User**. Click on **SAVE**. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-chat/google-chat-12.png')} style={{border:'1px solid gray'}} alt="google-chat" width="800"/> | ||
| 15. Go to the **IAM & Admin** > **Workload Identity Federation** page and select the pool which was created above. | ||
| 16. Click on **Grant Access** > **Grant access using service account impersonation**. | ||
| 17. Select the service account which created above, select the principle as aws_role and provide the arn `arn:aws:sts::{SumoAWSAccountID}:assumed-role/{SumoAWSRole}` and click on **SAVE**. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-chat/google-chat-10.png')} style={{border:'1px solid gray'}} alt="google-chat" width="800"/> | ||
| 18. Again go to **Grant Access** > **Grant access using service account impersonation**. Select the service account which was created above. Select the principle as `aws_role` and provide the arn `arn:aws:sts::{SumoAWSAccountID}:assumed-role/{SumoAWSRole}/{SumoAWSLambdaFunction}`. Click on **SAVE**. | ||
| 19. Download the WIF `conf.json` file. Make sure you save it in a safe place. Use the JSON content to configure the Google Firebase integration to use WIF authentication in Automation Service and Cloud SOAR. | ||
|
|
||
| ### Service Account authentication | ||
|
|
||
| To [create service account credentials](https://developers.google.com/workspace/guides/create-credentials) in Google Workspace needed to configure the Google Firebase app integration, follow these steps: | ||
|
|
||
| 1. Log in to the [Google Cloud](https://console.cloud.google.com) portal. | ||
| 2. Select a Google Cloud project (or create a new one). | ||
| 3. Go to the **API & Services** > **Credentials** page. | ||
| 4. In the same page click on **ENABLES API AND SERVICES** and search for Google Firebase and enable it. | ||
| 5. Click **CREATE CREDENTIALS** and select **Service Account**.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-1.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/> | ||
| 6. Enter a service account name to display in the Google Cloud console. The Google Cloud console generates a service account ID based on this name. | ||
| 7. (Optional) Enter a description of the service account. | ||
| 8. Skip two optional grant permissions steps and click **Done** to complete the service account creation.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-2.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/> | ||
| 9. Click on the generated service account to open the details.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-3.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/> | ||
| 10. Under the **KEYS** tab, click **ADD KEY** and choose **Create new key**.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-4.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/> | ||
| 11. Click on **CREATE** (make sure **JSON** is selected).<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-5.png')} style={{border:'1px solid gray'}} alt="google-drive" width="400"/> | ||
| 12. The JSON file is downloaded. Make sure you save it in a safe place. | ||
| 13. Enable the Admin SDK API for the project at [https://console.cloud.google.com/flows/enableapi?apiid=admin.googleapis.com](https://console.cloud.google.com/flows/enableapi?apiid=admin.googleapis.com). | ||
|
|
||
| ## Configure Google Firebase in Automation Service and Cloud SOAR | ||
|
|
||
| import IntegrationsAuth from '../../../../reuse/integrations-authentication.md'; | ||
| import IntegrationCertificate from '../../../../reuse/automation-service/integration-certificate.md'; | ||
| import IntegrationEngine from '../../../../reuse/automation-service/integration-engine.md'; | ||
| import IntegrationLabel from '../../../../reuse/automation-service/integration-label.md'; | ||
| import IntegrationProxy from '../../../../reuse/automation-service/integration-proxy.md'; | ||
| import IntegrationTimeout from '../../../../reuse/automation-service/integration-timeout.md'; | ||
|
|
||
| <IntegrationsAuth/> | ||
| * <IntegrationLabel/> | ||
| * **Private Key Json**. Provide the content of the JSON file generated [above](#google-firebase-configuration). Open the file and copy-paste the whole content in the field. | ||
| * **WIF Private Key Json**. Provide the content of the Workload Identity Federation JSON file generated [above](#google-firebase-configuration). Open the file and copy-paste the whole content in the field. | ||
| * **scopes**. Default scope is already added as `https://www.googleapis.com/auth/identitytoolkit`, if not then add this scope. | ||
| * **Project ID**. Provide the Google Firebase Project ID where the firebase actions will be performed. | ||
| * <IntegrationEngine/> | ||
| * <IntegrationProxy/> | ||
|
|
||
| <img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/misc/google-firebase.png')} style={{border:'1px solid gray'}} alt="Google Firebase configuration" width="400"/> | ||
|
|
||
| For information about Google Firebase, see [Google Firebase documentation](https://firebase.google.com/products/auth). | ||
|
|
||
| ## Change Log | ||
|
|
||
| * November 15, 2025 (v1.0) - First upload | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.