> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stackone.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Google Cloud Security OAuth 2.0 connector profile – StackOne setup guide

> Set up the OAuth 2.0 connector profile for Google Cloud Security in StackOne. One-time admin setup required before your users can link Google Cloud Security accounts via Hub.

<Warning>Security Admin or Organization Admin privileges in Google Cloud are required to complete this setup.</Warning>

<Panel>
  <div className="not-prose guides-scope-selector" data-guides-scope-selector data-guide-actions-json="[{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_folders&#x22;,&#x22;label&#x22;:&#x22;List Folders&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_folder&#x22;,&#x22;label&#x22;:&#x22;Get Folder&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_search_folders&#x22;,&#x22;label&#x22;:&#x22;Search Folders&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_create_folder&#x22;,&#x22;label&#x22;:&#x22;Create Folder&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_update_folder&#x22;,&#x22;label&#x22;:&#x22;Update Folder&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_delete_folder&#x22;,&#x22;label&#x22;:&#x22;Delete Folder&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_project_iam_policy&#x22;,&#x22;label&#x22;:&#x22;Get Project IAM Policy&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_set_project_iam_policy&#x22;,&#x22;label&#x22;:&#x22;Set Project IAM Policy&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_test_project_iam_permissions&#x22;,&#x22;label&#x22;:&#x22;Test Project IAM Permissions&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_organization&#x22;,&#x22;label&#x22;:&#x22;Get Organization&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_search_organizations&#x22;,&#x22;label&#x22;:&#x22;Search Organizations&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_projects&#x22;,&#x22;label&#x22;:&#x22;List Projects&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_project&#x22;,&#x22;label&#x22;:&#x22;Get Project&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_search_projects&#x22;,&#x22;label&#x22;:&#x22;Search Projects&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_create_project&#x22;,&#x22;label&#x22;:&#x22;Create Project&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_update_project&#x22;,&#x22;label&#x22;:&#x22;Update Project&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_delete_project&#x22;,&#x22;label&#x22;:&#x22;Delete Project&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_predefined_roles&#x22;,&#x22;label&#x22;:&#x22;List Predefined Roles&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_project_roles&#x22;,&#x22;label&#x22;:&#x22;List Project Roles&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_role&#x22;,&#x22;label&#x22;:&#x22;Get Role&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_create_project_role&#x22;,&#x22;label&#x22;:&#x22;Create Project Role&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_update_project_role&#x22;,&#x22;label&#x22;:&#x22;Update Project Role&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_delete_project_role&#x22;,&#x22;label&#x22;:&#x22;Delete Project Role&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_undelete_project_role&#x22;,&#x22;label&#x22;:&#x22;Undelete Project Role&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_service_account_keys&#x22;,&#x22;label&#x22;:&#x22;List Service Account Keys&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_service_account_key&#x22;,&#x22;label&#x22;:&#x22;Get Service Account Key&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_create_service_account_key&#x22;,&#x22;label&#x22;:&#x22;Create Service Account Key&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_disable_service_account_key&#x22;,&#x22;label&#x22;:&#x22;Disable Service Account Key&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_enable_service_account_key&#x22;,&#x22;label&#x22;:&#x22;Enable Service Account Key&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_delete_service_account_key&#x22;,&#x22;label&#x22;:&#x22;Delete Service Account Key&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_secret_versions&#x22;,&#x22;label&#x22;:&#x22;List Secret Versions&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_secret_version&#x22;,&#x22;label&#x22;:&#x22;Get Secret Version&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_access_secret_version&#x22;,&#x22;label&#x22;:&#x22;Access Secret Version&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_add_secret_version&#x22;,&#x22;label&#x22;:&#x22;Add Secret Version&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_enable_secret_version&#x22;,&#x22;label&#x22;:&#x22;Enable Secret Version&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_disable_secret_version&#x22;,&#x22;label&#x22;:&#x22;Disable Secret Version&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_destroy_secret_version&#x22;,&#x22;label&#x22;:&#x22;Destroy Secret Version&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_secrets&#x22;,&#x22;label&#x22;:&#x22;List Secrets&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_secret&#x22;,&#x22;label&#x22;:&#x22;Get Secret&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_create_secret&#x22;,&#x22;label&#x22;:&#x22;Create Secret&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_update_secret&#x22;,&#x22;label&#x22;:&#x22;Update Secret&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_delete_secret&#x22;,&#x22;label&#x22;:&#x22;Delete Secret&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_secret_iam_policy&#x22;,&#x22;label&#x22;:&#x22;Get Secret IAM Policy&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_set_secret_iam_policy&#x22;,&#x22;label&#x22;:&#x22;Set Secret IAM Policy&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_service_accounts&#x22;,&#x22;label&#x22;:&#x22;List Service Accounts&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_service_account&#x22;,&#x22;label&#x22;:&#x22;Get Service Account&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_create_service_account&#x22;,&#x22;label&#x22;:&#x22;Create Service Account&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_update_service_account&#x22;,&#x22;label&#x22;:&#x22;Update Service Account&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_disable_service_account&#x22;,&#x22;label&#x22;:&#x22;Disable Service Account&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_enable_service_account&#x22;,&#x22;label&#x22;:&#x22;Enable Service Account&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_delete_service_account&#x22;,&#x22;label&#x22;:&#x22;Delete Service Account&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_undelete_service_account&#x22;,&#x22;label&#x22;:&#x22;Undelete Service Account&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_tag_keys&#x22;,&#x22;label&#x22;:&#x22;List Tag Keys&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_tag_key&#x22;,&#x22;label&#x22;:&#x22;Get Tag Key&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_list_tag_values&#x22;,&#x22;label&#x22;:&#x22;List Tag Values&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]},{&#x22;id&#x22;:&#x22;googlecloudsecurity_get_tag_value&#x22;,&#x22;label&#x22;:&#x22;Get Tag Value&#x22;,&#x22;scopes&#x22;:[&#x22;https://www.googleapis.com/auth/cloud-platform&#x22;]}]" style={{ borderRadius: '8px', padding: '16px', marginBottom: '24px' }}>
    <div className="guides-scope-selector__title" style={{ fontSize: '16px', fontWeight: '600', marginBottom: '12px' }}>Select Actions to adjust the guide</div>
    <div className="guides-scope-selector__muted" style={{ fontSize: '13px', marginBottom: '12px' }}>Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.</div>

    <div style={{ display: 'flex', gap: '8px', marginBottom: '12px', flexWrap: 'wrap' }}>
      <input type="text" placeholder="Search actions..." className="guides-scope-selector__input" data-guide-action-search style={{ padding: '8px 12px', borderRadius: '6px', fontSize: '13px', flex: 1, minWidth: '160px' }} />

      <button type="button" className="guides-scope-selector__quick-btn" data-guide-select-all style={{ padding: '6px 10px', borderRadius: '6px', fontSize: '12px', cursor: 'pointer' }}>Select all</button>
      <button type="button" className="guides-scope-selector__quick-btn" data-guide-clear style={{ padding: '6px 10px', borderRadius: '6px', fontSize: '12px', cursor: 'pointer' }}>Clear</button>
    </div>

    <div className="guides-scope-selector__list" style={{ maxHeight: '240px', overflowY: 'auto', borderRadius: '6px', marginBottom: '12px' }}>
      <div className="guides-scope-selector__list-header" style={{ display: 'flex', alignItems: 'center', gap: '10px', padding: '8px 12px', fontSize: '12px', fontWeight: '600', position: 'sticky', top: 0, zIndex: 1 }}>
        <div style={{ width: '16px', flexShrink: 0 }} />

        <div style={{ flex: 1, textAlign: 'left' }}>Action</div>
        <div style={{ minWidth: '120px', marginLeft: 'auto', textAlign: 'right' }}>Scope(s)</div>
      </div>

      <div className="guides-scope-selector__muted" data-guide-loading style={{ padding: '16px', textAlign: 'center', fontSize: '13px' }}>Loading actions...</div>
      <div className="guides-scope-selector__muted" data-guide-no-results hidden style={{ padding: '16px', textAlign: 'center', fontSize: '13px' }}>No actions match your search.</div>
    </div>

    <div className="guides-scope-selector__url-section" style={{ marginTop: '12px', paddingTop: '12px' }}>
      <div className="guides-scope-selector__muted" style={{ fontSize: '12px', fontWeight: '500', marginBottom: '6px' }}>Dynamic Guide URL</div>

      <div style={{ display: 'flex', alignItems: 'center', gap: '8px', flexWrap: 'wrap' }}>
        <input type="text" readOnly className="guides-scope-selector__input" data-guide-url style={{ flex: 1, minWidth: '200px', padding: '8px 10px', borderRadius: '6px', fontSize: '12px', fontFamily: 'monospace' }} />

        <button type="button" className="guides-scope-selector__copy-btn" data-guide-copy-url style={{ width: '120px', padding: '8px 14px', borderRadius: '6px', fontSize: '13px', fontWeight: '500', cursor: 'pointer', whiteSpace: 'nowrap', marginLeft: 'auto' }}>Copy URL</button>
      </div>

      <div style={{ marginTop: '12px' }}>
        <div className="guides-scope-selector__muted" style={{ fontSize: '12px', fontWeight: '500', marginBottom: '6px' }}>Scopes Selected</div>

        <div style={{ display: 'flex', alignItems: 'stretch', gap: '8px', flexWrap: 'wrap' }}>
          <pre className="guides-scope-selector__input" role="textbox" aria-readonly="true" tabIndex={0} data-guide-scopes-output style={{ flex: 1, minWidth: '200px', minHeight: '88px', maxHeight: '120px', overflowY: 'auto', margin: 0, padding: '8px 10px', borderRadius: '6px', fontSize: '12px', fontFamily: 'monospace', whiteSpace: 'pre-wrap' }} />

          <div className="guides-scope-selector__muted" style={{ display: 'flex', flexDirection: 'column', gap: '8px', fontSize: '12px', fontWeight: '500', flexShrink: 0, alignItems: 'flex-start' }}>
            <div style={{ whiteSpace: 'nowrap' }}>Separator</div>

            <select className="guides-scope-selector__input" data-guide-scope-delimiter style={{ width: '100%', padding: '6px 10px', borderRadius: '6px', fontSize: '12px' }}>
              <option value="space">Space</option>
              <option value="comma">Comma</option>
              <option value="semicolon">Semicolon</option>
              <option value="pipe">Pipe</option>
              <option value="newline">Newline</option>
            </select>

            <button type="button" className="guides-scope-selector__copy-btn" data-guide-copy-scopes style={{ width: '120px', padding: '8px 14px', borderRadius: '6px', fontSize: '13px', fontWeight: '500', cursor: 'pointer', whiteSpace: 'nowrap' }}>Copy scopes</button>
          </div>
        </div>
      </div>
    </div>
  </div>
</Panel>

<section data-guide-section data-guide-scopes="">
  <h2>Create or select a Google Cloud project</h2>

  <p>To use the IAM and Security APIs with OAuth 2.0, you need a Google Cloud project.</p>

  <Steps>
    <Step title="Sign in to Google Cloud">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Sign in to your <a href="https://console.cloud.google.com/" target="_blank" rel="noopener noreferrer">Google Cloud Console</a>.</p>
      </div>
    </Step>

    <Step title="Create or select a project">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Select an existing project from the dropdown at the top of the page, or create a new one by clicking <strong>New Project</strong> and filling in the <strong>Project name</strong>, <strong>Organization</strong>, and <strong>Parent resource</strong> fields, then clicking <strong>Create</strong>.</p>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Enable the required APIs</h2>

  <p>Navigate to <strong>APIs & Services</strong> > <strong>Library</strong>, search for each API below, click on it, then click <strong>Enable</strong>. If it already shows <strong>Manage</strong>, the API is already enabled.</p>

  <ul>
    <li>Identity and Access Management (IAM) API</li>
    <li>IAM Service Account Credentials API</li>
    <li>Secret Manager API</li>
    <li>Cloud Resource Manager API</li>
  </ul>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Configure Google Auth Platform</h2>

  <p>Before creating OAuth credentials, ensure Google Auth Platform is configured.</p>

  <Steps>
    <Step title="Navigate to Google Auth Platform">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>In the Google Cloud Console, go to <strong>APIs & Services</strong> > <strong>OAuth consent screen</strong>. This will open the Google Auth Platform dashboard.</p>
      </div>
    </Step>

    <Step title="Start configuration">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>If you have already configured Auth Platform (the OAuth Overview page with usage metrics is shown), skip this step and navigate to the <strong>Branding</strong> page from the sidebar. Otherwise, you will see a <strong>Get started</strong> button — click it to begin the configuration process.</p>
      </div>
    </Step>

    <Step title="Enter app information">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Fill in the required fields for your application.</p>

        <ul>
          <li><strong>App name</strong>: Enter a name for your application (e.g., StackOne GCP IAM & Security Integration).</li>
          <li><strong>User support email</strong>: Select an email for user inquiries.</li>
          <li>Click <strong>Next</strong> to continue.</li>
        </ul>
      </div>
    </Step>

    <Step title="Select audience">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Choose the appropriate user type for your application.</p>

        <ul>
          <li><strong>Internal</strong>: Only users within your Google Workspace organization can authorize (no app verification required).</li>
          <li><strong>External</strong>: Any Google account can authorize (requires app verification for production use).</li>
          <li>Click <strong>Next</strong> to continue.</li>
        </ul>
      </div>
    </Step>

    <Step title="Enter contact information">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Provide email addresses for Google to notify you about any changes to your project. Click <strong>Next</strong> to continue.</p>
      </div>
    </Step>

    <Step title="Finish configuration">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Review your settings, agree to the Google API Services User Data Policy, and click <strong>Create</strong> to complete the setup.</p>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Configure scopes</h2>

  <p>In Google Auth Platform, go to <strong>Data Access</strong> and click <strong>Add or Remove Scopes</strong> to configure the OAuth scopes your application needs.</p>

  <Steps>
    <Step title="Add scopes">
      <div data-guide-step data-guide-scopes="https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/cloud-platform.read-only" data-guide-display-scopes-list="https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/cloud-platform.read-only">
        <div className="connector-guide-actions-badge" data-guide-actions-badge data-guide-actions-badge-scopes="https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/cloud-platform.read-only" style={{ display: 'block', width: 'fit-content', maxWidth: '100%', padding: '2px 8px', borderRadius: '8px', fontSize: '12px', marginBottom: '8px', marginTop: '-10px', whiteSpace: 'nowrap', overflowX: 'auto', overflowY: 'hidden', msOverflowStyle: 'none', scrollbarWidth: 'none' }}>
          <span>Enables actions: </span><span data-guide-actions-badge-labels>Access Secret Version, Add Secret Version, Create Folder, Create Project, Create Project Role, Create Secret, Create Service Account, Create Service Account Key, Delete Folder, Delete Project, Delete Project Role, Delete Secret, Delete Service Account, Delete Service Account Key, Destroy Secret Version, Disable Secret Version, Disable Service Account, Disable Service Account Key, Enable Secret Version, Enable Service Account, Enable Service Account Key, Get Folder, Get Organization, Get Project, Get Project IAM Policy, Get Role, Get Secret, Get Secret IAM Policy, Get Secret Version, Get Service Account, Get Service Account Key, Get Tag Key, Get Tag Value, List Folders, List Predefined Roles, List Project Roles, List Projects, List Secret Versions, List Secrets, List Service Account Keys, List Service Accounts, List Tag Keys, List Tag Values, Search Folders, Search Organizations, Search Projects, Set Project IAM Policy, Set Secret IAM Policy, Test Project IAM Permissions, Undelete Project Role, Undelete Service Account, Update Folder, Update Project, Update Project Role, Update Secret, Update Service Account</span>
        </div>

        <p>Add the required Google Cloud Platform scopes for your integration.</p>

        <div style={{ marginTop: '8px' }} data-guide-display-scopes>
          <div className="connector-guide-scopes-container">
            <ul className="not-prose" style={{ listStyleType: "'- '", paddingLeft: '1em', margin: 0 }}>
              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="https://www.googleapis.com/auth/cloud-platform">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy https://www.googleapis.com/auth/cloud-platform" title="Copy scope" data-copy="https://www.googleapis.com/auth/cloud-platform">
                  <span className="connector-guide-scope-copy__label">[https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform)</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="https://www.googleapis.com/auth/cloud-platform.read-only">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy https://www.googleapis.com/auth/cloud-platform.read-only" title="Copy scope" data-copy="https://www.googleapis.com/auth/cloud-platform.read-only">
                  <span className="connector-guide-scope-copy__label">[https://www.googleapis.com/auth/cloud-platform.read-only](https://www.googleapis.com/auth/cloud-platform.read-only)</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>
            </ul>
          </div>
        </div>
      </div>
    </Step>

    <Step title="Select scopes from the list">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>In the <strong>Update selected scopes</strong> side panel that opens, check the required scopes from the list.</p>
      </div>
    </Step>

    <Step title="Manually add scopes (if needed)">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>If a required scope is not shown in the list, use the <strong>Manually add scopes</strong> section.</p>

        <ul>
          <li>Enter the full scope URL in the input field.</li>
          <li>Click <strong>Add to table</strong>.</li>
        </ul>
      </div>
    </Step>

    <Step title="Apply and save">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Confirm and persist your scope configuration.</p>

        <ul>
          <li>Click <strong>Update</strong> to apply the selected scopes. The side panel will close.</li>
          <li>On the <strong>Data Access</strong> page, click <strong>Save</strong> to persist the scope configuration.</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Create OAuth 2.0 client credentials</h2>

  <p>Set up OAuth client credentials to authenticate with the GCP IAM and Security APIs. If you already have an existing OAuth 2.0 client, you can reuse it by adding the StackOne redirect URI and generating a new secret.</p>

  <Steps>
    <Step title="Navigate to Credentials">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>In the Google Cloud Console, go to <strong>APIs & Services</strong> > <strong>Credentials</strong>.</p>
      </div>
    </Step>

    <Step title="Option A — Create a new OAuth client">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Skip this step if you are using an existing client.</p>

        <ul>
          <li>Click <strong>+ Create Credentials</strong> and select <strong>OAuth client ID</strong>.</li>
          <li>Select <strong>Web application</strong> as the application type.</li>
          <li>Enter a <strong>Name</strong> for your OAuth client (e.g., StackOne Cloud Security Integration).</li>
          <li>Under <strong>Authorized redirect URIs</strong>, click <strong>Add URI</strong> and enter `https://api.stackone.com/connect/oauth2/googlecloudsecurity/callback`.</li>
          <li>Click <strong>Create</strong>. A dialog will display your <strong>Client ID</strong> and <strong>Client Secret</strong> — copy and store them securely.</li>
        </ul>
      </div>
    </Step>

    <Step title="Option B — Use an existing OAuth client">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Skip this step if you created a new client above.</p>

        <ul>
          <li>Click on your existing OAuth 2.0 client ID from the list.</li>
          <li>Under <strong>Authorized redirect URIs</strong>, click <strong>Add URI</strong>, enter `https://api.stackone.com/connect/oauth2/googlecloudsecurity/callback`, and click <strong>Save</strong>.</li>
          <li>Under <strong>Client secrets</strong>, click <strong>+ Add secret</strong> to generate a new secret. Copy it and store it securely — it will not be shown again.</li>
          <li>Your <strong>Client ID</strong> is shown on the same page under <strong>Additional information</strong>.</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

## Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for <strong>Google Cloud Security</strong>:

<Steps>
  <Step title="Navigate to Connector Profiles">
    Login to StackOne and navigate to [Connector Profiles](https://app.stackone.com/connector_profiles)
  </Step>

  <Step title="Create New Connector Profile">
    <ul>
      <li>Click <strong>+ Connector Profile</strong></li>
      <li>Search for and select <strong>Google Cloud Security</strong></li>
      <li>Select <strong>Type</strong> as <strong>OAuth 2.0</strong></li>

      <li>
        Fill out the fields using details retrieved from your provider:

        <ul style={{ marginLeft: '20px' }}>
          <li><strong>Client ID</strong></li>
          <li><strong>Client Secret</strong></li>
          <li><strong>Scopes</strong> (Optional)</li>
        </ul>
      </li>

      <li>(Optional) Select <strong>Actions</strong> to be enabled for this Connector Profile</li>
      <li>Click <strong>Create profile</strong></li>
    </ul>
  </Step>
</Steps>

Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to <a href="/guides/accounts-section#linking-accounts">Link Accounts</a> for <strong>Google Cloud Security</strong>.
