---
title: Configuring GCP GKE access
description: The required configurations within your GCP project to allow PingOne Privilege to discover and manage your GKE clusters.
component: privilege
page_id: privilege:configuration:configuring-kubernetes-access/gcp-gke
canonical_url: https://docs.pingidentity.com/privilege/configuration/configuring-kubernetes-access/gcp-gke.html
revdate: May 4, 2026
section_ids:
  step-1-verify-service-account-permissions: "Step 1: Verify service account permissions"
  step-2-onboard-the-cluster-in-pingone-privilege: "Step 2: Onboard the cluster in PingOne Privilege"
  validation: Validation
---

# Configuring GCP GKE access

This topic describes the required configurations within your Google Cloud Platform (GCP) project to allow PingOne Privilege to discover and manage your Google Kubernetes Engine (GKE) clusters. The process involves verifying service account permissions, configuring Role-Based Access Control (RBAC) on the GKE cluster, and then onboarding the cluster in PingOne Privilege.

## Step 1: Verify service account permissions

First, ensure the service account used to onboard your GCP project to PingOne Privilege has the necessary permissions to manage Kubernetes resources.

1. In the Google Cloud console, go to **IAM & Admin > IAM**.

2. Find the service account associated with your PingOne Privilege integration.

3. Verify that the service account has the **Kubernetes Engine Admin** role.

   This role allows PingOne Privilege to discover and interact with your GKE clusters. If it doesn't, edit the principal's permissions and add this role.

## Step 2: Onboard the cluster in PingOne Privilege

After completing the configuration in the GCP console, rescan your account in PingOne Privilege to discover and manage the cluster.

1. In the PingOne Privilege admin console, go to **Clouds**.

2. Find your GCP cloud account, and click **More Info**.

3. Go to the **Resources** tab and click **Rescan**.

## Validation

After the rescan is complete, the GKE cluster will be available to manage.

1. In the PingOne Privilege admin console, go to **Targets**.

2. Find the newly discovered cluster, click **More Info**, and enable the **Manage** toggle to onboard it.

The GKE cluster is now managed by PingOne Privilege.