Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tryflare.ai/llms.txt

Use this file to discover all available pages before exploring further.

GCP Connector

Flare connects to GCP via OAuth to read your Cloud Audit Logs. The connection is read-only - Flare cannot modify your GCP resources.

What Flare accesses

Flare reads three types of GCP Cloud Audit Logs:
Log typeWhat it captures
Admin ActivityAPI calls that modify resource configuration or metadata (always enabled in GCP)
Data AccessAPI calls that read or write user-provided data
System EventsGCP-generated administrative actions on resources

Required permissions

The Google account you authenticate with needs the following IAM role on the GCP project you want to analyze: 
roles/logging.viewer
This is a read-only role. It allows Flare to list and read log entries but not modify anything.
To check your permissions, go to the GCP Console IAM page, find your account, and verify Logs Viewer or roles/logging.viewer is listed.

Granting access

If you don’t have roles/logging.viewer, ask your GCP admin to run: 
gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
  --member="user:[email protected]" \
  --role="roles/logging.viewer"

Connecting

  1. Go to Connectors in Flare
  2. Select Google Cloud Platform
  3. Click Connect with Google
  4. Sign in with your Google account on Google’s OAuth consent screen
  5. Grant Flare access to read your Cloud Audit Logs
After connecting, Flare shows your Google email and the connection date.

OAuth scopes

Flare requests a single OAuth scope:
ScopePurpose
https://www.googleapis.com/auth/logging.readRead-only access to Cloud Logging
Flare does not request write, admin, or billing scopes.

Finding your GCP Project ID

When running an analysis, you’ll need your GCP Project ID. To find it:
  1. Open the GCP Console
  2. Click the project selector dropdown at the top of the page
  3. Your Project ID is shown in the ID column (e.g., my-project-123)
The Project ID is different from the Project Name. The ID is the lowercase, hyphenated identifier (e.g., flare-prod-2026), not the display name.

Token refresh

Flare automatically refreshes your OAuth token when it expires. You don’t need to reconnect manually unless:
  • You revoke Flare’s access in your Google Account permissions
  • Your Google account password changes and invalidates active sessions
  • Your GCP organization enforces session policies that expire OAuth tokens

Reconnecting

If your connection expires or is revoked, Flare shows the connector status as Expired with a red indicator. To reconnect:
  1. Go to Connectors
  2. Click Reconnect GCP
  3. Complete the Google OAuth flow again
Your analysis history is preserved - only the live connection needs to be re-established.

Disconnecting

To remove your GCP connection:
  1. Go to Connectors
  2. Click Disconnect below the connected status
This removes the OAuth tokens from Flare. Your analysis history is not deleted.

Troubleshooting

Your Google account doesn’t have roles/logging.viewer on the project you’re trying to analyze. Ask your GCP admin to grant the role, or verify you’re using the correct Project ID.
Your OAuth token was revoked or expired. Click Reconnect GCP on the Connectors page to re-authenticate.
Check that Cloud Audit Logs are enabled for your project. Admin Activity logs are always on, but Data Access logs may need to be explicitly enabled.
Verify the Project ID matches the project where your workloads run. Also try a wider time window - if there’s little activity, “Last 1h” may return zero logs.