Skip to main content

Support access to Google Cloud

DoiT provides complete transparency when accessing your Google Cloud Billing account.

When you open a technical support request with DoiT International, we may occasionally need to access your Cloud Billing account to help you effectively. This document describes how to grant access and how access control works.

Key points

  • We only access your Cloud Billing account to provide technical support per our contractual obligations. We never access your Cloud Billing account for any other reason.

  • Support engineers do not have write access to your Cloud Billing account. The only exception is that we are able to raise Google Cloud support requests on your behalf.

Grant access

When creating a new service request with DoiT, you will be prompted to grant DoiT access to the relevant Google Cloud projects.

A typical access grant is implemented with a gcloud command. The access is view-only, limited, and provides access only to the support engineers handling your request.

gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="group:ticket-$TICKET_ID@cre.doit-intl.com" \
--role=roles/viewer --condition=None

For example, to add an IAM policy binding for the group assigned to the service request #1234 on a Google Cloud project example-project-id, run:

gcloud projects add-iam-policy-binding example-project-id \
--member="group:[email protected]" \
--role=roles/viewer --condition=None

DoiT workspace customer ID

If you use GCP organization policy to restrict identities by domain, make sure to whitelist cre.doit-intl.com using the DoiT Google Workspace customer ID C04eumws5.

Revoke access

Support access is automatically revoked for security reasons when the ticket is resolved. The next time you create a support request, you will need to grant our support engineers access again.