Hello,
I'm encountering a blocker when trying to create a JSON key for a Service Account in Google Cloud Platform (GCP).
Context:
I am Lacretine Doule, the Super Admin of our Google Workspace domain gdsassaararsdaxd.id. I'm trying to set up a Service Account with Domain-Wide Delegation to run a Python script that lists Web App URLs from Apps Script projects for all users in our domain.
The issue:
When I try to generate a JSON key (Add Key → Create new key → JSON) in the Service Accounts section of my GCP project, I get the following error message:
"Service Account Key Creation is Disabled. An Organization Policy that blocks service account keys has been enforced on your organization. Enforced Organization Policies IDs: iam.disableServiceAccountKeyCreation"
What I have tried:
- Adding the "Organization Policy Administrator" role to my Super Admin account in GCP
- Trying to modify the iam.disableServiceAccountKeyCreation policy in Organization Policies
- The "Organization Policy Administrator" role does not appear in the available roles list, even at the organization level
My questions:
1. How can I temporarily disable the iam.disableServiceAccountKeyCreation policy to generate my JSON key?
2. Is there an alternative to using a JSON key for Service Account authentication with Domain-Wide Delegation?
I am the only Super Admin of our Google Workspace organization gdsassaararsdaxd.id.
Thank you for your help.
Best regards,