Using the Managed service account access type, Hightouch can create a Service Account within our secure Google Cloud account, to which you can bind your project's IAM policies which grant permissions within your Google Cloud project.
Click Create a new service account, and Hightouch will generate a new Service Account in our project (unique to your workspace and this credential) and provide you with the Service Account Email. Copy that email, and click Create to confirm the service account creation.
Next, you'll need to bind IAM roles to this service account by calling gcloud projects add-iam-policy-binding via the Google Cloud CLI. The specific roles you grant will depend on the types of resources you want to grant Hightouch access to, such as Cloud Storage or BigQuery. Consult the relevant docs for more information on the specific permissions Hightouch needs.