This guide explains how to connect Google Cloud to WatchDog Security using OAuth authentication.Once connected, WatchDog will begin monitoring your Google Cloud environment for security posture risks, configuration issues, vulnerabilities, and inventory data across your organization and projects.WatchDog supports both Non-Privileged Mode and Privileged Mode connections for Google Cloud.
What WatchDog Monitors#
WatchDog operates in read-only mode and does not modify configuration settings within your Google Cloud environment.
Identity & Access ManagementOrganization Resource Manager
Virtual Private Cloud (VPC)
Key Management Service (KMS)
Requirements#
Before connecting the integration, ensure the following:You have administrator access to the Google Cloud organization or project
You're an Account Owner or Security Admin in WatchDog Security
The Google account used during authorization has access to the resources you want WatchDog to monitor
Authentication Modes#
WatchDog supports two authentication modes for Google Cloud.Non-Privileged Mode provides
read-only access to your Google Cloud environment.
This mode allows WatchDog to collect configuration metadata, resource inventory, and posture data without elevated privileges.
This connection is required during setup.Example OAuth scopes used:https://www.googleapis.com/auth/cloud-platform.read-only
https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/compute.readonly
Enabling Required APIs in Google Cloud#
Before connecting the integration, ensure the required Google Cloud APIs are enabled.Authorization may succeed even if these APIs are disabled, but WatchDog will not be able to collect data.Commonly required APIs include:Cloud Resource Manager API
Security Command Center API (optional)
Ensure required APIs are enabled before completing the OAuth connection in WatchDog.
Step 1 — Open the Integration in WatchDog#
2.
Navigate to: Management → Integrations
Step 2 — Verify API Prerequisites#
During setup, WatchDog prompts you to confirm that the required Google Cloud APIs have been enabled.2.
Confirm they are enabled in your Google Cloud environment
3.
Select the confirmation checkbox
Step 3 — Connect Using Non-Privileged Mode#
The Non-Privileged connection is required.
1.
Click Connect via Non-Privileged Mode
2.
You will be redirected to Google
3.
Sign in with your Google account
4.
Review the requested permissions
7.
The initial synchronization will begin
Step 4 — (Optional) Connect Using Privileged Mode#
Privileged Mode provides additional access required for monitoring certain services.1.
Click Connect via Privileged Mode
2.
Choose how long WatchDog may retain privileged tokens
3.
Complete the Google authorization flow
Connecting both modes provides the most complete Google Cloud monitoring coverage.
Permissions Required#
Permissions Required: Read all resourcesActual data visibility depends on:The Google account used during authorization
Whether Privileged Mode is enabled
Whether required APIs are enabled in the Google Cloud environment
Initial Sync#
WatchDog will begin collecting data from Google Cloud
Initial synchronization time depends on environment size
Large environments may take up to one hour
Revoking Access#
To fully remove WatchDog access from Google Cloud, revoke access in both WatchDog and your Google account.Step 1 — Disconnect in WatchDog#
1.
Log into WatchDog Security
2.
Navigate to Management → Integrations
Step 2 — Remove OAuth Access in Google#
2.
Navigate to Third-party apps with account access
Troubleshooting#
Verify:
Required APIs are enabled
Your Google account has sufficient permissions
OAuth authorization completed successfully
