Composable Audience Studio (CAS) connects to BigQuery using a GCP service account with a JSON key. You will create a service account, grant IAM roles, and generate a JSON key.
- Open the Google Cloud Console > IAM & Admin > Service Accounts.
- Click Create Service Account.
- Enter a display name (e.g.,
TAI-CAS-Service). - Click Create and Continue.
- Note the service account email address assigned (e.g.,
tai-cas-service@<project_id>.iam.gserviceaccount.com).
Grant the service account the required IAM roles as described in Step 1 (BigQuery IAM Permissions section above). Grant the service account the required IAM roles as described in Step 1: Prepare Your BigQuery Data. Minimum required:
roles/bigquery.jobUserat project levelroles/bigquery.dataEditorat dataset level
- In the Service Account details page, go to the Keys tab.
- Click Add Key > Create new key.
- Choose JSON format > Create.
- The browser downloads the
.jsonkey file automatically.
This file grants full access to the service account. Store it safely and do not share it.
If your GCP project uses VPC Service Controls or organization policies that restrict API access by IP, add Treasure AI's export IP addresses to the allowed list.
For the list of Treasure AI IP addresses to add, see Static IP Addresses for Integrations and Result Workers. Whitelist both the Import and Export tabs.