# Enable Service Account Key Creation

## Enable Service Account Key Creation <a href="#enable-service-account-key-creation" id="enable-service-account-key-creation"></a>

If you encounter difficulties creating a service account key for integration with your data transfer tool, you might see an error similar to this:

'The organization policy constraint "iam.disableServiceAccountKeyCreation" is enforced on your organization.'

To enable the creation of service account keys, please follow these steps:

In the main interface of your cloud management platform, open the navigation menu from the top left corner.

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-73dfea17f69155604e464703b2e0712ce0d0e455%2Fimage-20250123-125009.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig1</p></figcaption></figure>

Go to 'IAM & Admin' and select 'IAM'.

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-5faf243396a636fb444445146494ab2a7595a987%2Fimage-20250123-125056.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig2</p></figcaption></figure>

Access the list of projects, typically set up during the initial domain configuration.

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-400f8fcfbab06c85846a6148d2557b3731a5ba4e%2Fimage-20250123-125146.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig3</p></figcaption></figure>

Identify and select the organizational unit associated with your domain.

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-6f8d1eb5e873aa6ae3cbb4e449d75594efe74e02%2Fimage-20250123-125251.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig4</p></figcaption></figure>

Verify that the account you are logged in with, preferably an organization administrator's account, has the following roles assigned:

* Organization Administrator
* Organization Policy Administrator
* Owner: If any roles are missing, proceed to grant access.

In the role management section, add any necessary roles and save the changes.

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-b4890e287a3c9c716b7a0a55ee9edea17cdcc971%2Fimage-20250123-125511.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig5</p></figcaption></figure>

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-9aeabbb088c049f08ffa0d515279f07899e6086d%2Fimage-20250123-125546.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig6</p></figcaption></figure>

Return to the project context you selected earlier, and go to 'Organization Policies'.

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-fcdf3e3127b4cb97a7646b851879156afa134e0e%2Fimage-20250123-125632.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig7</p></figcaption></figure>

View active policies and look for the policy that disables service account key creation. Select the policy to manage it.

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-8380fe96f746d964427d7e4bef6a05cb7bfa82e6%2Fimage-20250123-125701.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig8</p></figcaption></figure>

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-b51ef789fe20ac6fc8dabf43f3c04a28545e0690%2Fimage-20250123-125905.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig9</p></figcaption></figure>

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-76845612bd015ac1728ea8e0058528ee3ada8c73%2Fimage-20250123-125940.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig10</p></figcaption></figure>

Adjust the policy settings by choosing to override the parent policy and set enforcement to off.

<figure><img src="https://1662683669-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA8kGzryHKp7UhDaLtzW%2Fuploads%2Fgit-blob-335535746d6993cadeb891a0adf58aa2cd3fa3ae%2Fimage-20250123-130033.png?alt=media" alt=""><figcaption><p>Enable Service Account Key Creation: Fig11</p></figcaption></figure>

These steps should guide you through resolving policy restrictions to enable the effective creation of service account keys.