---
title: "Connect Service Account to Workload Identity Pool"
slug: "service-account-to-wipool-wif"
updated: 2025-11-17T12:04:07Z
published: 2025-11-17T12:57:34Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.britive.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect Service Account to Workload Identity Pool

1. Log in to the [GCP Console](https://console.cloud.google.com) using administrative privileges.
2. From the selector on the top, select organization. (You must be on the root organisation level.)
3. Select **IAM & Admin** -> **IAM** from the navigation menu.
4. Go to **View By Roles** and click **Grant Access.**
5. Provide the newly created service account email in the **New principals** text box.
6. In the **Assign Roles,** select the custom role.
7. Click **Save**.
8. From GCP CLI run the below command:

```shell
gcloud iam service-accounts add-iam-policy-binding <SERVICE_ACCOUNT_EMAIL> --role="roles/iam.serviceAccountTokenCreator" --member="principalSet://iam.googleapis.com/projects/<PROJECT_NUMBER>/locations/global/workloadIdentityPools/<WORKLOAD_IDENTITY_POOL_ID>/*"
```