Team,
Is it possible to use Windows Authentication for accessing CloudSQL - MSSQL? I need to manage my users in a group and provide permissions to my CloudSQL - Is this possible?
Also, are there any articles on how to integrate CyberArk in Google Cloud?
Thanks
SV
Cloud SQL for SQL Server does not support Windows Authentication. It only supports SQL Authentication, and integration with Managed Microsoft AD, Kerberos, or NTLM is not available. If Windows Authentication is a critical requirement, the recommended approach is to deploy SQL Server on Compute Engine or GKE and join it to a Managed Microsoft AD domain. This setup allows for domain-based logins and Windows Authentication. For organizations with on-premises Active Directory, trust relationships can be established between the on-premises AD and the Managed Microsoft AD domain to extend authentication capabilities to Google Cloud resources.
Integrating CyberArk with Google Cloud enables secure secrets management and privileged access control. Several methods can be used depending on organizational requirements:
CyberArk PAM Integration with Google Chronicle Security Operations:
Google Chronicle Security Operations supports CyberArk PAM for securely storing and retrieving secrets like passwords, API keys, and certificates. Integration typically involves configuring CyberArk PAM using APIs or connectors and optionally executing integration logic remotely for on-premises vaults. Secrets can then be retrieved dynamically using a predefined formula, such as [EnvironmentName:::VaultIntegrationName:::VaultIntegrationInstanceName:::PasswordID].
Google Workspace Admin Console Integration (SAML SSO):
CyberArk can be integrated with Google Workspace via SAML-based SSO. Administrators configure Google Workspace as the IdP, retrieve the SSO URL, Entity ID, and certificate, and provide these details to CyberArk Support to enable SAML. CyberArk is added as a custom SAML app in the Google Admin Console, with attribute mapping and group permissions configured as needed.
CyberArk PAM for Google Cloud Resources:
CyberArk PAM can manage credentials for Google Cloud resources, such as service accounts or database logins. This involves creating users in the CyberArk PrivateArk Client, assigning vault permissions, and configuring integration with Google Cloud using API credentials. Optional installation of CyberArk agents, like CPM and PSM, on Compute Engine instances provides advanced features, such as credential rotation and session monitoring.
Other Integration Methods:
Organizations can leverage CyberArk APIs for programmatic credential retrieval in custom workflows or install agents on Compute Engine for privileged session management and credential rotation.