cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Blocked on Assigning Required Role for Home Assistant Nest Integration – Service Account Missing

Go to answer
timothykfisher
Community Member

3 weeks ago

Hi Google Nest team,

 

I’m trying to set up the official Google Nest Device Access integration with Home Assistant via OAuth and Pub/Sub, but I’m completely blocked by a service account permission issue.

 

When I attempt to assign the required role (Pub/Sub Publisher) to the service account #, I receive the following error:

 

Member ‘serviceAccount:#’ does not exist

 

This appears to be an internal service account that should be provisioned automatically, but it’s not visible or assignable in my Google Cloud project (project ID: home-assistant-nest-v2-460401).

 

I’ve followed the official Nest Device Access documentation carefully and confirmed that:

 

  • Device Access Console is set up and linked.

  • OAuth credentials are created and active.

  • Pub/Sub API is enabled.

  • All other permissions and services are configured.

 

 

I’m on the Basic (billing-only) support tier in Google Cloud, so I’m unable to open a tech-related support case to escalate.

 

Can someone from the Nest Developer team help investigate why this service account is not provisioned or visible, and how I can proceed?

 

Thank you in advance!

Labels:
0 Kudos
1 Recommended Answer

Go to answer
Suc1
Solutions Expert
Solutions Expert

3 weeks ago

Thanks for sharing the details. It sounds like the Device Access service account was not properly provisioned or exposed in your GCP project during setup. This can sometimes occur if the linking between Device Access Console and Google Cloud wasn’t fully completed or synced.

To help troubleshoot, here are a few steps you can review:

  1. Verify if your Device Access project is properly linked to your GCP project:
     Device Access - Google Cloud Project Setup

  2. Check if any Google-managed service accounts (ending with gserviceaccount.com) are visible under IAM > Service Accounts in your Google Cloud Console.

  3. Confirm that the Pub/Sub API is fully enabled:
     Enable Pub/Sub API

To better assist, could you please provide a few more details:

  • The full service account email or ID you are attempting to assign the Pub/Sub role to.

  • Whether you created the OAuth credentials after linking your Device Access project.

  • If your user account has Owner or Editor permissions on the GCP project during configuration.

Once we have this information, we can help narrow down why the internal service account is not visible or provisioned.

View Recommended Answer in original post

0 Kudos
5 REPLIES 5

Go to answer
timothykfisher
Community Member

3 weeks ago

🔧 Summary of Attempted Nest Integration via Pub/Sub in Home Assistant

 

I’m trying to integrate my wired Nest Doorbell with Home Assistant using the official Google OAuth + Pub/Sub method via the Device Access program. The goal is to play a chime (via Sonos) when the doorbell button is pressed.

 

Completed steps:

 

  1. Created a new Google Cloud Project

  2. Enabled the Smart Device Management API

  3. Linked the project to the Device Access Console

  4. Created an OAuth 2.0 client ID and added test users

  5. Created a Pub/Sub topic

  6. Set up Home Assistant Cloud and successfully authenticated with OAuth

 

 

Blocked at this step:

 

When trying to add the required service account in IAM → Grant access to the Pub/Sub topic:

 

#

 

I get this error:

 

“Email addresses and domains must be associated with an active Google Account, Google Workspace account, or Cloud Identity account.”

 

From what I’ve read, this service account should be automatically provisioned by Google when the SDM API is enabled. That has not happened for me, and it cannot be added manually.

 

🧱 Current status:

 

I’m stuck here — button press events are not coming through to Home Assistant, so I can’t trigger any automations.

 

🙏 Request:

 

  • Can someone confirm if # is still the correct service account?

  • Should it be automatically provisioned?

  • Any known workarounds or help from the Google Device Access team would be appreciated.

 

 

Thanks!

0 Kudos

Go to answer
Suc1
Solutions Expert
Solutions Expert

3 weeks ago

Thanks for sharing the details. It sounds like the Device Access service account was not properly provisioned or exposed in your GCP project during setup. This can sometimes occur if the linking between Device Access Console and Google Cloud wasn’t fully completed or synced.

To help troubleshoot, here are a few steps you can review:

  1. Verify if your Device Access project is properly linked to your GCP project:
     Device Access - Google Cloud Project Setup

  2. Check if any Google-managed service accounts (ending with gserviceaccount.com) are visible under IAM > Service Accounts in your Google Cloud Console.

  3. Confirm that the Pub/Sub API is fully enabled:
     Enable Pub/Sub API

To better assist, could you please provide a few more details:

  • The full service account email or ID you are attempting to assign the Pub/Sub role to.

  • Whether you created the OAuth credentials after linking your Device Access project.

  • If your user account has Owner or Editor permissions on the GCP project during configuration.

Once we have this information, we can help narrow down why the internal service account is not visible or provisioned.

0 Kudos

Go to answer
timothykfisher
Community Member
In response to Suc1

3 weeks ago

Thanks for the quick reply! Here are the details you requested:

 

  1. Service account email or ID:

    I’m trying to assign the Pub/Sub role to #, but it does not appear in my IAM > Service Accounts list.

  2. OAuth credentials:

    Yes, I created the OAuth 2.0 credentials after linking the Device Access project to my Google Cloud project in the Device Access Console.

  3. Permissions:

    My Google account has Owner permissions on the GCP project. I confirmed this under IAM settings.

 

 

Despite following the official steps and completing the project linking, the sdm-publisher service account was never created or made visible in the project, so I can’t assign Pub/Sub permissions and complete the Home Assistant Nest integration.

 

Let me know if there’s anything else I can check or provide!

0 Kudos

Go to answer
timothykfisher
Community Member
In response to Suc1

2 weeks ago

Hi, checking back in on this in hopes that you can help...

The system managed Nest Device Access service account was never provisioned so I cannot see a service account email or ID. 

Thanks for helping! 

0 Kudos

Go to answer
timothykfisher
Community Member
In response to Suc1

a week ago

Hi Suc1, was hoping to unblock this by the weekend so am just checking in to see if you were able to review my previous reply to your questions. Thank you in advance for all of your help. Much appreciated. 

0 Kudos