Cloud Services
      Back to home
      1. Help Center
      2. Integrations
      3. Cloud Services

      GCP Resource Manager - User Guide

      In this article, you will understand step by step how to easily integrate Scytale with GCP Resource Manager

       

      Permissions for GCP Resource Manager Integration

      To connect GCP Resource Manager with Scytale, the following roles must be granted to the service account:

      Project-Level Roles:

      • Cloud SQL Viewer

      • Storage Object Viewer

      • Storage Insights Viewer

      • Compute Viewer

      • Security Reviewer

      Organization-Level Role (Extra Step):

      • Access Transparency Admin – grants the following permissions:

        • axt.labels.get

        • axt.labels.set

        • resourcemanager.organizations.get

        • resourcemanager.projects.get

        • resourcemanager.projects.list

       

      How to Connect Scytale and GCP Resource Manager

      1. In Scytale, go to 'Integrations'.

      2. Search for GCP Resource Manager and select 'Connect'.

      3. Click 'Upload JSON File' and attach the file generated in GCP (follow the steps below).

      4. Once uploaded, the required fields will be auto-filled.

      5. Add a connection name – this will be used to differentiate between your connections – and then select 'Next'.

      6. Click 'Connect' to complete the setup.

      You have now successfully connected to GCP Resource Manager!

       

      How to Prepare Your Service Account and Credentials in GCP

      Step 1: Enable Required API

      1. Go to APIs & Services → Library.

      2. Search for and enable the following API:

      Here's how it should appear when enabled:

       

      Step 2: Create a Service Account

      1. Navigate to IAM & Admin → Service Accounts.

      2. Click 'Create Service Account'.

      3. Phase 1:

        • Name: GCP-integrations

        • Service Account ID will auto-populate

        • Click Create and continue

      4. Phase 2: Assign the following roles:

        • Cloud SQL Viewer

        • Storage Object Viewer

        • Storage Insights Viewer

        • Compute Viewer

        • Security Reviewer

      5. Phase 3: Skip user access (optional) → Click Done

       

      Step 3: Assign Organization-Level Permissions (Required for Resource Manager)

      1. In GCP, go to IAM & Admin → IAM (at the Organization level).

      2. Click 'Grant Access'.

      3. New principals: Enter the service account email

      4. Role: Select Access Transparency Admin

      • The following permissions will be used:
        • axt.labels.get
        • axt.labels.set
        • resourcemanager.organizations.get
        • resourcemanager.projects.get
        • resourcemanager.projects.list

      5. Click Save



      Step 4: Generate JSON File

      1. Go to IAM & Admin → Service Accounts.

      2. Select the service account you created.

      3. Navigate to the 'Keys' tab → Click Add KeyCreate new key.

      4. Choose JSON and click Create.

      5. Save the downloaded JSON file — you will upload this into Scytale.

      Keep the download JSON for Scytale connection