# How to resolve Sprinto check to configure essential contact for organization

Sprinto Check: Ensure Essential Contacts is Configured for Organization

Sprinto verifies that your Google Cloud Platform (GCP) organisation has **Essential Contacts** configured for critical communication categories. These contacts ensure that your organisation receives important notifications related to security events, legal notices, billing issues, and service disruptions.

If Essential Contacts are missing, misconfigured, or inaccessible due to permission issues, the corresponding Sprinto check will fail.

***

### How It Works

Sprinto connects to your GCP environment and validates that:

* Essential Contacts are configured at the **project or organisation level**, and
* Required contact categories are present and readable by Sprinto.

Sprinto does **not** validate the email addresses themselves. It only checks whether the required contact categories exist and are accessible via the GCP Essential Contacts API.

***

### Required Essential Contact Categories

Google Cloud supports only the following Essential Contact categories:

<table><thead><tr><th width="123.6953125">Category</th><th width="467.796875">Description</th></tr></thead><tbody><tr><td>Billing</td><td>Notifications related to billing and payments</td></tr><tr><td>Legal</td><td>Legal notices and compliance-related communication</td></tr><tr><td>Security</td><td>Security incidents and vulnerability notifications</td></tr><tr><td>Suspension</td><td>Account suspension or restriction alerts</td></tr><tr><td>Technical</td><td>Technical issues and service-related notifications</td></tr></tbody></table>

{% hint style="warning" %}

#### **Important**

Sprinto may internally refer to *Technical Incidents*. In GCP, this maps to the **Technical** category.\
There is **no separate “Technical Incidents” category** in Google Cloud.
{% endhint %}

***

### How to Configure Essential Contacts in GCP

#### Step 1: Add Essential Contacts

1. Sign in to the **Google Cloud Console**.
2. Select the relevant **project** or **organisation**.
3. Go to **IAM & Admin → Essential Contacts**.
4. Click **Add Contact** to create a new contact. Ensure the org selector at the top bar shows your organization name.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FcacgfX6w7ux92MRaUqvN%2Fgcp%20iam1.png?alt=media&#x26;token=ab5bca81-80a2-4295-b7f3-b3cc19070a8f" alt=""><figcaption></figcaption></figure>

5. Add at least one email address for each required category:
   * Billing
   * Legal
   * Security
   * Suspension
   * Technical
6. Save the changes.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2Fjsefxuv24Iwc5VlFLz5b%2Fgcp%20iam2.png?alt=media&#x26;token=fb3d5f5e-52f6-42a5-8949-2d90fe2aee4b" alt="" width="443"><figcaption></figcaption></figure>

***

#### Step 2: Ensure Required Permissions for Sprinto

If the check fails with a **403 Permission Denied** error, Sprinto does not have permission to read Essential Contacts.

**Required IAM role**

The Sprinto service account must have **one** of the following roles:

* **Essential Contacts Viewer** (`roles/essentialcontacts.viewer`) — recommended
* **Essential Contacts Admin** (`roles/essentialcontacts.admin`)

***

**Assign permissions using the GCP Console**

1. Go to **IAM & Admin → IAM**.
2. Select the relevant project.
3. Locate the Sprinto service account.
4. Select **Edit**.
5. Add the role **Essential Contacts Viewer**.
6. Save the changes.

***

**Assign permissions using gcloud CLI**

```bash
gcloud projects add-iam-policy-binding <PROJECT_ID> \
  --member="serviceAccount:<SPRINTO_SERVICE_ACCOUNT_EMAIL>" \
  --role="roles/essentialcontacts.viewer"
```

***

#### Step 3: Enable the Essential Contacts API

1. Go to **APIs & Services → Library**.
2. Search for **Essential Contacts API**.
3. Enable the API if it is not already enabled.

***

#### Step 4: Re-evaluate the Check in Sprinto

1. Log in to the Sprinto Dashboard.
2. Navigate to **Monitoring**.
3. Open the failing Essential Contacts check.
4. Select **Evaluate now**.

The check will pass once Sprinto can successfully read the configured Essential Contacts.

***

### Common Issues and Troubleshooting

#### Check fails even though contacts are added

* Verify that the **Essential Contacts API** is enabled.
* Ensure Sprinto’s service account has the **Essential Contacts Viewer** role.

#### Unable to find “Technical Incidents” category

* This category does **not exist** in GCP.
* Use the **Technical** category instead.

#### 403 Permission Denied error

* Indicates missing IAM permissions.
* Assign the required role and re-run the check.

***

### References

* Google Cloud Essential Contacts\
  <https://cloud.google.com/resource-manager/docs/manage-essential-contacts>
* Essential Contacts audit logging\
  <https://cloud.google.com/resource-manager/docs/essential-contacts-audit-logging>