Hello, 

MSSP Tenant Configuration:

• Permissions: The MSSP needs to ensure your user account (or the service account being used) has the necessary permissions to ingest logs into their tenant. There might be specific roles or IAM configurations required.

Do you know if you have the controls in place to add this?

Not sure that would add up as there are two tenants being fed in.  The first tenant did not need to have any additional permissions on the user account to add the one time code.  It was successful.  The second tenant, while ensuring the user has Chronicle Service Admin Role and Security Center Admin role applied continues to give the same error. Is there another specific role or IAM config that you are aware of? 

You have two GCP orgs with different secops tenants under each, correct? 

Two seperate GCP orgs being sent to a single Secops Instance owned by the mssp, tied to their org. 

As far as I know the nonce is only good per secops instance.   This is probably more of a support case then a community function.  

Or, I believe we would need to explore the pub/sub route.   

I hope you are not using the same one-time code for both integrations; you need a new one-time code for each tenant.