When you use IAM delegated access to add your unlabeled data to Labelbox, you can keep your assets in GCS and grant Labelbox read-only access to your Google Cloud buckets.

GCP Delegated Access client request flow

Part 1: Create GCP Integration in Labelbox

First, you will need to open a new integration in the Labelbox UI.
  1. Navigate to the Integrations tab.
  2. Click New integration.
  3. Specify your GCS bucket name and click Save integration.
  1. Copy the Service Account Email ID and click Finish setup.

Part 2: Configure GCP bucket IAM permissions

Next, you will need to configure the settings in your GCP account for this integration.

Spaces in filenames can be problematic

For optimal performance, eliminate all spaces in filenames before uploading them to your Google Cloud bucket.
  1. In your GCS account, navigate to your GCS bucket permissions.
  2. Click Add permissions.
  3. Paste the Service Account Email ID you copied in Part 1.
  4. Select the Storage Object Viewer predefined role that grants read access to the bucket. Learn more here. Make sure that you are using the new roles only. It is a common mistake to select a legacy role with a similar name.
  5. Click Save to finalize the permission settings.

Add Storage Object Viewer role

Note

Only one bucket is supported per integration.

Part 3: Configure CORS

Follow these instructions to set up the appropriate CORS for the Google Cloud Storage bucket.

Part 4: Create & upload the dataset

Create and upload a JSON file containing sample data to Labelbox. Click through the links below to learn how to format your import file.
Data typeSupported
ImagesImport specifications
VideoImport specifications
TextImport specifications
Tiled imagery (Slippy maps)NOT SUPPORTED
Tiled imagery (COG, NITF, GeoTIFF)Import specifications
AudioImport specifications
DocumentImport specifications
ConversationImport specifications
HTMLImport specifications
LLM response evaluationImport specifications
Multimodal chatImport specifications
To upload a dataset via the UI, follow the steps in Create a dataset.

Part 5: Validate the integration

Finally, you will need to validate whether the integration was set up properly in the Labelbox UI.
  1. Ensure that the Google integration you just created is set as the default or specified during dataset creation.
  2. Create a project, attach the dataset, and open the dataset in the Labelbox Editor to validate that the integration is functioning properly.
If a dataset is signed by a GCP IAM integration, Labelbox will attempt to sign all data rows with this integration. The value of rowData for each Data Row will be updated as follows: <https://storage.googleapis.com/${bucket}/${key}?{queryParams}> The queryParams contain signing information.

Only gsutil URIs are supported

Please ensure that you are using gsutil URIs during data import (JSON file or Python SDK).Example gsutil URI: gs://gcs-lb-demo-bucket/test.png