How to resolve Sprinto check to configure essential contact for organization

Sprinto Check: Ensure Essential Contacts is Configured for Organization

Sprinto verifies that your Google Cloud Platform (GCP) organisation has Essential Contacts configured for critical communication categories. These contacts ensure that your organisation receives important notifications related to security events, legal notices, billing issues, and service disruptions.

If Essential Contacts are missing, misconfigured, or inaccessible due to permission issues, the corresponding Sprinto check will fail.

How It Works

Sprinto connects to your GCP environment and validates that:

• Essential Contacts are configured at the project or organisation level, and

• Required contact categories are present and readable by Sprinto.

Sprinto does not validate the email addresses themselves. It only checks whether the required contact categories exist and are accessible via the GCP Essential Contacts API.

Required Essential Contact Categories

Google Cloud supports only the following Essential Contact categories:

How to Configure Essential Contacts in GCP

Step 1: Add Essential Contacts

1. Sign in to the Google Cloud Console.

2. Select the relevant project or organisation.

3. Go to IAM & Admin → Essential Contacts.

4. Click Add Contact to create a new contact. Ensure the org selector at the top bar shows your organization name.

1. Add at least one email address for each required category:

   • Billing

   • Legal

   • Security

   • Suspension

   • Technical

2. Save the changes.

Step 2: Ensure Required Permissions for Sprinto

If the check fails with a 403 Permission Denied error, Sprinto does not have permission to read Essential Contacts.

Required IAM role

The Sprinto service account must have one of the following roles:

• Essential Contacts Viewer (roles/essentialcontacts.viewer) — recommended

• Essential Contacts Admin (roles/essentialcontacts.admin)

Assign permissions using the GCP Console

1. Go to IAM & Admin → IAM.

2. Select the relevant project.

3. Locate the Sprinto service account.

4. Select Edit.

5. Add the role Essential Contacts Viewer.

6. Save the changes.

Assign permissions using gcloud CLI

Step 3: Enable the Essential Contacts API

1. Go to APIs & Services → Library.

2. Search for Essential Contacts API.

3. Enable the API if it is not already enabled.

Step 4: Re-evaluate the Check in Sprinto

1. Log in to the Sprinto Dashboard.

2. Navigate to Monitoring.

3. Open the failing Essential Contacts check.

4. Select Evaluate now.

The check will pass once Sprinto can successfully read the configured Essential Contacts.

Common Issues and Troubleshooting

Check fails even though contacts are added

• Verify that the Essential Contacts API is enabled.

• Ensure Sprinto’s service account has the Essential Contacts Viewer role.

Unable to find “Technical Incidents” category

• This category does not exist in GCP.

• Use the Technical category instead.

403 Permission Denied error

• Indicates missing IAM permissions.

• Assign the required role and re-run the check.

References

• Google Cloud Essential Contacts https://cloud.google.com/resource-manager/docs/manage-essential-contacts

• Essential Contacts audit logging https://cloud.google.com/resource-manager/docs/essential-contacts-audit-logging