GCP consent permissions through interactive login - Saviynt Forums - 72981

Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.

We are using the OOTB GCP oAuth connector for our integration. While Setting-up OAuth Consent Screen we didn't add the total scope as mentioned in the documentation but only limited to Users and Groups(As per the client's requirement to maintain the least privilege) scope When we authorize the connection through Click login with g-suite user and authenticate the API through consent screen as below permissions. Our question is, How to limit the scope in the below screen? Which scope is valid for the integration, scope provided to the OAuth account and Authorize the connection to generate refresh tokens.

3 REPLIES 3

Hi @Venkatakrishna ,

We are checking on your request and we will keep you posted.

For GCP, the commonly used scopes include, but are not limited to:

Google Cloud Storage:
Google Cloud Pub/Sub:
- https://www.googleapis.com/auth/pubsub
Google Cloud Compute Engine:
- https://www.googleapis.com/auth/compute
- https://www.googleapis.com/auth/compute.readonly
Google Cloud Identity and Access Management (IAM):
- https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/cloud-platform.read-only
Google Workspace (formerly G Suite) APIs:
- https://www.googleapis.com/auth/admin.directory.user
- https://www.googleapis.com/auth/admin.directory.group

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @Venkatakrishna,

Please refer the below document for detailed info:-

https://docs.saviyntcloud.com/bundle/GCP-v23x/page/Content/Using-Classic-Integration.htm

https://docs.saviyntcloud.com/bundle/GCP-v24x/page/Content/Using-the-GCP-Connector.htm