jsonpermissionsmigrationgcloudgoogle-workspace

Organisational Policy Permissions Google Cloud for Microsoft Migration


I am attempting to shift a small business (5 email inboxes) over to Microsoft 365 business. I made sure to organise all the DNS prerequisites on both sides before performing the migration. During the automated process, while it completed no JSON file was created on the Google side. I attempted to download the API key for the service account, but I get the error that the Service account key creation is disabled. Service account key creation disabled Tracing that, I found under the organisational policies that the service account key creation (iam.disableServiceAccountKeyCreation) was enforced. There is only one account with access to the cloud, policies etc. the account is supposed to have all organisational permissions, however checking on the cloud shell, I continue to get access errors, and neither the service account or the main account appear to have permissions to make any changes.

I am brand new to this account/network/business side of IT so I am a bit unsure what the issue might be. I have attempted to make changes according to the documentation but I have had no success.

Looking at the gcloud organizations describe organizationurl.com in the return there is no depicted owner:. using `gcloud projects describe projectnametmpz' I get a do not have permission to access projects error. Similarly for

gcloud iam service-accounts keys create file.json \
--iam-account serviceaccountkey@projectid-tpmz.iam.gserviceaccount.com

ERROR: (gcloud.iam.service-accounts.keys.create) FAILED_PRECONDITION: Key creation is not allowed on this service account.

If anyone could give me some pointers on how to enable the correct permissions I would be immensely grateful.

I have attempted to trace the problem on the Google end, and I have narrowed it down to being Microsoft support could not help and for Google cloud support a subscription was needed, and all the documentation seems to be sending me in cirlces.


Solution

  • I had the same problem after completing the EOP wizard for Workspace migration. Took me a couple of hours to figure out 8-/

    With a Workspace super admin, login to https://console.cloud.google.com. Make sure you're working in the root org.

    Hope this helps.