Identity Provider
Configure Google Certificate Authority Service (CAS) for agent identity and certificate management.
Overview
The Identity Provider settings allow you to configure Google Certificate Authority Service (CAS) for your organization. This enables cryptographic identity for your AI agents through certificate issuance.
Navigate to Settings → Identity Provider or go to /dashboard/settings/identity-provider.
Configuration Fields
| Field | Description | Example |
|---|---|---|
| Service Account JSON | Google Cloud service account credentials in JSON format. Paste the full JSON key file content. | {"type": "service_account", ...} |
| GCP Project ID | Your Google Cloud project ID. Auto-filled when you paste the service account JSON. | my-project-123 |
| CA Pool Location | The region where your CA pool is hosted. | us-central1 |
| CA Pool ID | The ID of your Certificate Authority pool. | prod-agent-ca |
Setup Steps
- Create a CA Pool in Google Cloud Certificate Authority Service.
- Create a Service Account with permissions to issue certificates from that pool.
- Download the JSON key file for the service account.
- Paste the JSON into the Service Account JSON field — the GCP Project ID auto-fills.
- Enter the CA Pool Location and CA Pool ID.
- Click Complete Setup.
Status Messages
- Success — Configuration saved. A green checkmark confirms the setup.
- Error — Invalid credentials or missing fields. An error message with details appears.
Status messages auto-clear after 5 seconds.
The service account needs the roles/privateca.certificateRequester role on the target CA pool to issue certificates.