Skip to main content

GCP Resource Manager - User Guide

In this article, you will understand step by step how to easily integrate Scytale with GCP Resource Manager

Updated over 6 months ago

Permissions for GCP Resource Manager Integration

To connect GCP Resource Manager with Scytale, the following roles must be granted to the service account:

Project-Level Roles:

  • Cloud SQL Viewer

  • Storage Object Viewer

  • Storage Insights Viewer

  • Compute Viewer

  • Security Reviewer

Organization-Level Role (Extra Step):

  • Access Transparency Admin – grants the following permissions:

    • axt.labels.get

    • axt.labels.set

    • resourcemanager.organizations.get

    • resourcemanager.projects.get

    • resourcemanager.projects.list

How to Connect Scytale and GCP Resource Manager

  1. In Scytale, go to 'Integrations'.

  2. Search for GCP Resource Manager and select 'Connect'.

  3. Click 'Upload JSON File' and attach the file generated in GCP (follow the steps below).

  4. Once uploaded, the required fields will be auto-filled.

  5. Add a connection name – this will be used to differentiate between your connections – and then select 'Next'.

  6. Click 'Connect' to complete the setup.

You have now successfully connected to GCP Resource Manager!

How to Prepare Your Service Account and Credentials in GCP

Step 1: Enable Required API

  1. Go to APIs & Services → Library.

  2. Search for and enable the following API:

Here's how it should appear when enabled:

Step 2: Create a Service Account

  1. Navigate to IAM & Admin → Service Accounts.

  2. Click 'Create Service Account'.

  3. Phase 1:

    • Name: GCP-integrations

    • Service Account ID will auto-populate

    • Click Create and continue

  4. Phase 2: Assign the following roles:

    • Cloud SQL Viewer

    • Storage Object Viewer

    • Storage Insights Viewer

    • Compute Viewer

    • Security Reviewer

  5. Phase 3: Skip user access (optional) → Click Done

Step 3: Assign Organization-Level Permissions (Required for Resource Manager)

  1. In GCP, go to IAM & Admin → IAM (at the Organization level).

  2. Click 'Grant Access'.

  3. New principals: Enter the service account email

  4. Role: Select Access Transparency Admin

  • The following permissions will be used:

    • axt.labels.get

    • axt.labels.set

    • resourcemanager.organizations.get

    • resourcemanager.projects.get

    • resourcemanager.projects.list

5. Click Save



Step 4: Generate JSON File

  1. Go to IAM & Admin → Service Accounts.

  2. Select the service account you created.

  3. Navigate to the 'Keys' tab → Click Add KeyCreate new key.

  4. Choose JSON and click Create.

  5. Save the downloaded JSON file — you will upload this into Scytale.

Keep the download JSON for Scytale connection

Related Articles
AWS Integrations - User Guide
Azure Integrations - User Guide
GCP Integrations - User Guide
GCP IAM - User Access List Not Collecting All Users
SentinelOne - User Guide
Did this answer your question?