deepblue/GoogleDriveManagement
1
0
Fork 0
mirror of https://github.com/GAM-team/GAM.git synced 2026-06-28 09:51:36 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

[no ci] wiki DASA article update

Browse Source
This commit is contained in:
Jay Lee
2025-06-26 09:58:54 -04:00
committed by GitHub
parent 64356a9736
commit a51b245015
1 changed files with 0 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
wiki/Using-GAM7-with-a-delegated-admin-service-account.md
View File

@@ -1,19 +1,12 @@
# Using GAM7 with a delegated admin service account
- [Thanks](#thanks)
- [Introduction](#introduction)
- [Advantages](#advantages)
- [Disadvantages](#disadvantages)
- [Setup Steps](#setup-steps)
## Thanks
Thanks to Jay Lee for the original version of this document.
## Introduction
Delegated admin service accounts (DASA) are regular [GCP service accounts](https://cloud.google.com/iam/docs/service-accounts#what_are_service_accounts) that are granted a Workspace [delegated admin role](https://support.google.com/a/answer/33325). Service accounts have an email address like `gam-project-xuw-sp1-c4b@gam-project-xuw-sp1-c4b.iam.gserviceaccount.com` and are not part of a Workspace or Cloud Identity domain even if they are owned by a project in the domains organization. Service accounts cannot login to Google web services interactively, they are only able to call Google APIs.
GAM7 version 6.50.00 or higher is required.
## Advantages
* DASA accounts dont require a Workspace or Cloud Identity license.
* DASA accounts dont have a password login that can be phished or captured, they use [RSA private keys](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) to sign authentication requests which makes them very secure. You should however [rotate the key](https://jaylee.us/qwm) on a regular basis and keep it safe and secured!