{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-guides/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":["availability"]},"type":"markdown"},"seo":{"title":"Google Cloud Security Configuration Guide","siteUrl":"https://docs.synqly.com","lang":"en-US","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This guide walks you through enabling the required Google Cloud APIs, creating a service account with read access to Security Command Center and Cloud Asset Inventory, and collecting the values needed to connect Google Cloud Security to Synqly."]},{"$$mdtype":"Tag","name":"Availability","attributes":{"type":"in-development"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The Google Cloud Security connector is currently in development."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"prerequisites","__idx":0},"children":["Prerequisites"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Before you begin, make sure:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You know whether you want the integration to read data at the organization or project level."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Security Command Center is already activated for the Google Cloud scope you want to connect."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You can sign in to the ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://console.cloud.google.com/"},"children":["Google Cloud Console"]}," with permission to enable APIs, create service accounts, and grant IAM roles on the target scope."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"enable-the-required-apis","__idx":1},"children":["Enable the required APIs"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Enable these APIs in the Google Cloud project where your service account will live:"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["In the Google Cloud Console, go to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["APIs & Services -> Library"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Search for and enable ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Security Command Center API"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Search for and enable ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Cloud Asset API"]},"."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"create-a-service-account-and-assign-permissions","__idx":2},"children":["Create a service account and assign permissions"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Creating a dedicated service account for this integration is recommended. Reusing an existing service account is a power-user setup and should only be done if you understand the access and lifecycle trade-offs."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"1-create-the-service-account","__idx":3},"children":["1. Create the service account"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Follow the Google documentation to ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://cloud.google.com/iam/docs/service-accounts-create"},"children":["create a service account"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Give the service account a clear name such as ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["integration-google-cloud-security"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"2-grant-the-required-iam-roles-on-your-target-scope","__idx":4},"children":["2. Grant the required IAM roles on your target scope"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Grant the service account access on the same organization or project you plan to use in ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["scope_path"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Assign the following roles on the target scope:"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Role"},"children":["Role"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"IAM identifier"},"children":["IAM identifier"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Enables"},"children":["Enables"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Required"},"children":["Required"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Security Center Findings Viewer"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["roles/securitycenter.findingsViewer"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["query_compliance_findings"]},", ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["query_ioms"]},", and ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["query_threats"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Cloud Asset Viewer"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["roles/cloudasset.viewer"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["query_cloud_resource_inventory"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Service Usage Consumer"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["roles/serviceusage.serviceUsageConsumer"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Cloud Asset Inventory API access in environments where ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["serviceusage.services.use"]}," is required"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Optional"]}]}]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If your organization prefers broader read-only access, ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Security Center Admin Viewer"]}," (",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["roles/securitycenter.adminViewer"]},") can be used instead of ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Security Center Findings Viewer"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"3-create-a-json-key-for-the-service-account","__idx":5},"children":["3. Create a JSON key for the service account"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Create a JSON key for the service account by following the Google documentation to ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://cloud.google.com/iam/docs/keys-create-delete#iam-service-account-keys-create-console"},"children":["create a service account key"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Unlike the Google Workspace Identity setup, this connector does not use domain-wide delegation."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Download the JSON key and keep it secure. You will need these values from the file:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_email"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_id"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["private_key"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["token_uri"]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"choose-your-scope_path","__idx":6},"children":["Choose your ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["scope_path"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["scope_path"]}," is used to determine which Google Cloud scope to query for findings and inventory."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Supported formats:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["organizations/{numeric_id}"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["projects/{project_id}"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["projects/{project_number}"]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Examples:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["organizations/123456789012"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["projects/my-production-project"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["projects/123456789012"]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Use an organization-scoped path when you want coverage across the full organization. Use a project-scoped path when you want to limit the integration to a single project."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"configure-the-integration","__idx":7},"children":["Configure the integration"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Create your integration in Synqly with the following values."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Credential: Token URL (Optional)"]}," ","Leave this blank to use the default Google token URL: ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["https://oauth2.googleapis.com/token"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Credential: Client Email"]}," ","The ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_email"]}," value from your service account JSON key."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Credential: Client ID"]}," ","The ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_id"]}," value from your service account JSON key."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Credential: Secret"]}," ","The ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["private_key"]}," value from your service account JSON key. This is the full PEM-encoded private key string from the downloaded JSON file."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Scope Path"]}," ","The organization or project scope you want Synqly to read, formatted exactly as described in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["scope_path"]}," section above."]}]},"headings":[{"value":"Prerequisites","id":"prerequisites","depth":2},{"value":"Enable the required APIs","id":"enable-the-required-apis","depth":2},{"value":"Create a service account and assign permissions","id":"create-a-service-account-and-assign-permissions","depth":2},{"value":"1. Create the service account","id":"1-create-the-service-account","depth":3},{"value":"2. Grant the required IAM roles on your target scope","id":"2-grant-the-required-iam-roles-on-your-target-scope","depth":3},{"value":"3. Create a JSON key for the service account","id":"3-create-a-json-key-for-the-service-account","depth":3},{"value":"Choose your scope_path","id":"choose-your-scope_path","depth":2},{"value":"Configure the integration","id":"configure-the-integration","depth":2}],"frontmatter":{"slug":"guides/provider-configuration/google-security-command-center-cloudsecurity-setup","seo":{"title":"Google Cloud Security Configuration Guide"}},"lastModified":"2026-05-20T21:28:18.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/guides/provider-configuration/google-security-command-center-cloudsecurity-setup","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}