Troubleshooting Dataplex connection and authentication issues
Resolve common connection and authentication issues when connecting Atlan to Google Cloud Dataplex.
Service account key invalid
Invalid service account key or Authentication failed
Cause
The service account key file is invalid, corrupted, deleted, or rotated in Google Cloud Console.
Solution
-
Verify the service account key file is valid JSON:
cat <key-file-path> | jq . -
Verify the service account key exists and check if it was rotated in Google Cloud Console.
-
Regenerate the service account key if needed:
- Navigate to IAM & Admin → Service Accounts in Google Cloud Console
- Select your service account
- Go to Keys tab
- Create a new key and update it in Atlan
Service account lacks required permissions
Permission denied or Insufficient permissions
Cause
The service account doesn't have the required Dataplex permissions or the custom role assignment is incorrect.
Solution
-
Verify the service account has the custom role assigned:
- Check IAM & Admin → IAM in Google Cloud Console
- Confirm the service account email has the custom role attached
-
Verify the custom role includes all required permissions:
- Check IAM & Admin → Roles in Google Cloud Console
- Review the custom role permissions
- Add any missing permissions from the setup guide
-
Verify the service account has access to the specific Dataplex catalog resources (entry groups, entries) you're trying to crawl.
Dataplex API not enabled
API not enabled or Service unavailable
Cause
The Dataplex API isn't enabled in your Google Cloud project.
Solution
-
Enable the Dataplex API in your Google Cloud project:
- Navigate to APIs & Services → Library in Google Cloud Console
- Search for "Dataplex API"
- Click Enable
-
Wait a few minutes for the API to fully activate before retrying the connection.
Invalid project ID
Project not found or Invalid project ID
Cause
The project ID is incorrect or the service account belongs to a different project.
Solution
-
Verify the project ID is correct:
- Check the project ID in Google Cloud Console
- Check for typos or extra spaces
-
Verify the service account belongs to the same project:
- Check the service account email format:
[email protected] - Verify the project ID matches
- Check the service account email format:
Network connectivity issues
Connection timeout or Network error
Cause
Network connectivity issues between Atlan and Google Cloud, or Google Cloud service outages.
Solution
-
Verify network connectivity from Atlan to Google Cloud:
- Check firewall rules if using VPC
- Verify outbound HTTPS (443) is allowed
-
Verify Google Cloud service status:
- Check Google Cloud Status Dashboard
- Verify Dataplex service is operational
Preflight checks fail but connection works
Preflight check validation failed with specific validation errors
Cause
Manual connection test succeeds but preflight checks fail. This indicates validation issues with API accessibility, authentication, or permissions.
Solution
-
Review the specific preflight check error message:
- Connection validation: Check network and API enablement
- Authentication: Verify service account key
- Permissions: Verify IAM roles and permissions
-
Run preflight checks again after addressing the specific issue.
See also
- Set up Dataplex: Configure Dataplex connection and authentication
- Crawl Dataplex assets: Configure and run the crawler
Need help
If you need assistance after trying the steps, contact Atlan support: Submit a request.