By default, GDC Sandbox comes with a pre-configured, fake OpenID Connect (OIDC) identity provider and a user account to test your workflow lifecycles. For details on identity providers, see Connect to an identity provider.
The first page upon accessing the GDC console is the fake OIDC Provider, and you can return there at any time by selecting Logout in the banner. From this screen, you can select any user account in your instance and sign in as that user.
For all tasks you perform in GDC Sandbox, you can use the default
platform administrator account, associated with the email
fop-platform-admin@example.com. You can select this account when you
sign into the GDC console, assign yourself roles and permissions,
and manage your projects.
While you are signed on to the instance using this account, you can create additional users. The project creation instructions on a later page describe how to add new users as part of the project setup process.
The fake OIDC identity provider simplifies the GDC Sandbox experience. Some differences between this provider and a real one:
- This provider does not check for passwords or other authentication. Any user who can connect to the instance can select any of the existing accounts managed by the fake OIDC identity provider, and sign into the instance using that account.
- The accounts managed by this provider don't have a direct connection to the Google Cloud accounts of the users who have access to your instance. You can create fake OIDC provider accounts with the same username as your team members who are using the instance, and this may be a useful convention, but the system does not enforce that specific individuals use specific accounts in the instance. Anyone who can connect to the instance can choose any account to sign in.
- These accounts also don't have any connection to the "gateway accounts" that are used when you connect to the gateway VM from your personal computer.
Don't remove the Platform Admin account fop-platform-admin@example.com,
or remove the Organization IAM Admin role from that account.
Roles and permissions
For each operation you test on a service, you must have the required roles and permissions. For a list of all available required roles, see Role definitions.
You can grant the necessary roles to yourself using the default user account
GDC Sandbox provides you. Before granting a yourself a role
to test a service, you must have the Project IAM Admin (project-iam-admin)
role. To grant yourself a role,
install gdcloud if you plan to use the command line,
and review the GDC console and gdcloud CLI instructions in
Set up role bindings.
Replace all instances of USER_EMAIL with
fop-platform-admin@example.com.
To see a list of all roles you've assigned to yourself, do the following:
- In the Console menu, click org-1 > Select project.
- Click your preferred project.
- In the Projects page, you see a list of all assigned roles by the default user email.