To start the process of connecting your Google Cloud account to Hightouch, navigate to your Integration Settings. Under Cloud Providers, click Add Cloud Provider, and select Google Cloud Platform.
Give your Credential a name, then select either Managed service account or Your service account.
Using the Managed service account access type, Hightouch can create a Service Account within our secure Google Cloud account, to which you can bind your project's IAM policies which grant permissions within your Google Cloud project.
Click Create a new service account, and Hightouch will generate a new Service Account in our project (unique to your workspace and this credential) and provide you with the Service Account Email. Copy that email, and click Create to confirm the service account creation.
Next, you'll need to bind IAM roles to this service account by calling
gcloud projects add-iam-policy-binding via the Google Cloud CLI. The specific roles you grant will depend on the types of resources you want to grant Hightouch access to, such as Cloud Storage or BigQuery. Consult the relevant docs for more information on the specific permissions Hightouch needs.
Using the Your service account access type, you can bring your own Service Account to Hightouch by uploading your service account's key, which we'll securely store.
First, you'll need to create a Service Account, grant it the relevant roles, and generate a key. Make sure you create JSON key, not P12. Once the service account and key have been created, download the key to your machine and drag and drop it into the file selector.
Hightouch will parse the key, and if it's valid, you'll see the Client ID and Client Email fields populated. If those correspond with your intended service account, click Create.
Once you have a Google Cloud credential set up, you can now select it elsewhere in the app when setting up External Storage, BigQuery, or other Google Cloud integrations like Google Ad Manager.
Example on the External Storage page: