GCP consent permissions through interactive login - Saviynt Forums - 72981

Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

We are using the OOTB GCP oAuth connector for our integration. While Setting-up OAuth Consent Screen we didn't add the total scope as mentioned in the documentation but only limited to Users and Groups(As per the client's requirement to maintain the least privilege) scope When we authorize the connection through Click login with g-suite user and authenticate the API through consent screen as below permissions. Our question is, How to limit the scope in the below screen? Which scope is valid for the integration, scope provided to the OAuth account and Authorize the connection to generate refresh tokens.

3 REPLIES 3

Hi @Venkatakrishna ,

We are checking on your request and we will keep you posted.

For GCP, the commonly used scopes include, but are not limited to:

Google Cloud Storage:
Google Cloud Pub/Sub:
- https://www.googleapis.com/auth/pubsub
Google Cloud Compute Engine:
- https://www.googleapis.com/auth/compute
- https://www.googleapis.com/auth/compute.readonly
Google Cloud Identity and Access Management (IAM):
- https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/cloud-platform.read-only
Google Workspace (formerly G Suite) APIs:
- https://www.googleapis.com/auth/admin.directory.user
- https://www.googleapis.com/auth/admin.directory.group

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi @Venkatakrishna,

Please refer the below document for detailed info:-

https://docs.saviyntcloud.com/bundle/GCP-v23x/page/Content/Using-Classic-Integration.htm

https://docs.saviyntcloud.com/bundle/GCP-v24x/page/Content/Using-the-GCP-Connector.htm