Skip to content

Create a service account and private key

Vicki Cove edited this page May 20, 2021 · 2 revisions

Google BigQuery uses service account authentication when you create a connection from ArcGIS Insights. The following connection parameters are required to authenticate BigQuery connections:

  • Service account email. You can use the email address from an existing service account, or create a new one.
  • Private key. The private key must be a JSON format. It is recommended that you create a new private key for each BigQuery connection.

Create a service account

The email address from a service account is a required parameter to create a database connection to BigQuery. If you have an existing service account, you can use the corresponding email from that account.

Complete the following steps to create a service account:

  1. Follow the link to Google Cloud Platform dashboard and sign in, if necessary.
  2. On the side pane, click IAM & Admin.
  3. On the IAM & Admin pane, click Service Accounts. The Service Accounts page opens.
  4. Click Create service account. The Create service account page appears.
  5. For Service account details, provide the following information:
    • Service account name-The name of the service account is used to create the service account email address. The Service account ID is generated automatically using the Service account name.
    • Service account description-The service account description is optional and can be used to provide more information about how the service account should be used. For example, you could use the description Authenticate BigQuery connections in ArcGIS Insights.
  6. Click Create. The service account is created. The next step is Grant this service account access to the project.
  7. For Grant this service account access to the project, click the Role menu to view the available roles.
  8. In the menu, hover your pointer over Basic, then choose Editor, Owner, or Viewer. The role is applied to the service account.
  9. Click Done.

The new service account appears in the table on the Service accounts page. The email associated to the service account you created will be used for the Service account email connection property when you create a connection to BigQuery.

Keep the Service accounts page open and proceed to the next section to create a private key.

Create a private key

A private key is also required to create a database connection to BigQuery. The private key must be created using the same service account used for the Service account email parameter. A new private key should be created for each BigQuery connection, rather than using an existing private key. The private key must be a JSON format.

Complete the following steps to create a private key:

Note: If you just created your service account and are still on the Service accounts page, skip to step 4.

  1. Follow the link to Google Cloud Platform dashboard and sign in, if necessary.
  2. On the side pane, click IAM & Admin.
  3. On the IAM & Admin pane, click Service Accounts. The Service Accounts page opens.
  4. Find the service account you will use to authenticate the BigQuery connection on the table. Under the Actions header, click the button that corresponds to the service account to open the menu.
  5. Click Manage keys. The page for the service account opens on the Keys tab.
  6. Click Add key and choose Create new key from the menu. The Create private key window appears.
  7. In the Create private key window, verify the Key type is set to JSON.
  8. Click Create.

The private key file downloads to your computer. The file will be used in the Private key connection property when you create a connection to BigQuery.

Next steps

Now that you have created a service account and private key, the next steps are to add a connector for BigQuery and create a database connection.