Cloud SCC authentication

This topic describes authentication information for Cloud SCC.

Supported authentication methods

Cloud SCC supports the following authentication methods.

Service accounts

Service accounts are recommended for almost all use cases, whether you are developing locally or in a production application. For an example of how to set up authentication with a service account, see Accessing Cloud SCC programmatically.

For more information about setting up authentication with a production application, see setting up authentication for server to server production applications.

User accounts

You can authenticate users directly to your application, when the application needs to access resources on behalf of an end user. For most use cases, we recommend using a service account instead.

Examples of why to use user accounts with Cloud SCC include:

If your application uses end user authentication, you need to specify OAuth scopes when making a method call. See Cloud SCC reference for per-method OAuth scopes.

For more information about setting up authentication with user accounts, see authenticating as an end user.

Access control

Roles limit an authenticated identity's ability to access resources. When building a production application, only grant an identity the permissions it needs in order to interact with applicable GCP APIs, features, or resources.

For more information about these roles, see Cloud SCC access control.

More information

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Security Command Center
Need help? Visit our support page.