Disable service account key creation policy in Google Cloud

This page tells you how to disable the service account key creation policy in Google Cloud.

The iam.disableServiceAccountKeyCreation policy restricts the creation of service account keys, which can prevent synchronization with Google Directory. To allow successful directory synchronization, you need to disable this policy.

To disable the service account key creation policy, do as follows:

1. Sign in to your Google Cloud console.

2. From the project picker, select your organization.

   

   You've selected your organization, which displays recent projects you've worked on.

   

3. From the left-hand pane, go to IAM & Admin > IAM.

4. Check if you have the Organization Policy Administrator role. If you don't, do as follows:

   1. Click the Edit icon next to your account.
   2. Add the Organization Policy Administrator role by searching for it and selecting it.
   3. Click Save.

   You now have the Organization Policy Administrator role assigned to your account.

   

5. From the left-hand pane, go to IAM & Admin > Organization Policies.

6. In the Filter field, enter Disable service account key creation to locate the organization policy with iam.disableServiceAccountKeyCreation.

7. Click the three dots icon on the right-hand side and select Edit policy.

   

8. Under Policy source, select Inherit parent's policy.

   

9. Click Set Policy.

The iam.disableServiceAccountKeyCreation policy is now inactive. You can successfully synchronize Google Directory.