Cloudiway.com Portal

Create a Google Service Account for Migration

7 min read Updated on December 1, 2024 Cloudiway Team

Overview

A Google Cloud service account is required to connect Cloudiway to your Google Workspace environment. This service account enables secure API access for migrating email, files, calendars, and other data from Google Workspace to Microsoft 365 or other platforms.

What You'll Create

  • A Google Cloud project to host the service account
  • API access for Gmail, Drive, Calendar, and other services
  • A service account with domain-wide delegation
  • P12 key file for authentication

Prerequisites

Before you begin, ensure you have:

Step 1: Create a Google Cloud Project

  1. Sign in to the Google Cloud Console as a Super Administrator
  2. Click the project dropdown at the top of the page
  3. Click New Project
  4. Enter a project name (e.g., "Cloudiway Migration")
  5. Select your organization from the dropdown (if applicable)
  6. Click Create
  7. Wait for the project to be created, then select it from the project dropdown
Create new Google Cloud project
Creating a new project in Google Cloud Console

Project Naming

Use a descriptive name that identifies the project's purpose, such as "Cloudiway-Migration-2024" or "Company-Name-Migration".

Step 2: Enable Required APIs

Enable the following APIs in your Google Cloud project. Each API provides access to different types of data during migration.

  1. In the Google Cloud Console, navigate to APIs & Services → Library
  2. Search for and enable each of the following APIs:

Email & Communication

  • Gmail API
  • Google Calendar API
  • Google Chat API
  • CalDAV API

Files & Storage

  • Google Drive API
  • Google Vault API

Contacts & People

  • Contacts API
  • Google People API

Administration

  • Admin SDK API
  • Google Tasks API
Google Cloud APIs Library
Accessing the API Library in Google Cloud Console
Enabling Google APIs
Enabling required APIs for migration

API Enablement

For each API, click the search result, then click Enable. Wait for confirmation before proceeding to the next API.

Step 3: Create the Service Account

  1. Navigate to IAM & Admin → Service Accounts
  2. Click Create Service Account
  3. Enter a service account name (e.g., "cloudiway-migration")
  4. Note the automatically generated email address (you'll need this later)
  5. Click Create and Continue
  6. Skip the optional permissions step by clicking Continue
  7. Click Done
Service account creation
Creating the service account
Service account details
Service account details configuration

Generate the P12 Key

  1. Click on the service account you just created
  2. Navigate to the Keys tab
  3. Click Add Key → Create new key
  4. Select P12 format
  5. Click Create
  6. The P12 file downloads automatically—save it securely
Adding a key to service account
Adding a new key to the service account
Selecting P12 key format
Selecting the P12 key format

Important: Save These Values

  • Service Account Email: e.g., cloudiway-migration@project-id.iam.gserviceaccount.com
  • OAuth 2.0 Client ID: Found in the service account details (a long numeric string)
  • P12 Key File: The downloaded file (default password: "notasecret")

Step 4: Configure Domain-Wide Delegation

Domain-wide delegation allows the service account to impersonate users in your organization for data access.

Enable Delegation on Service Account

  1. In the Google Cloud Console, go to IAM & Admin → Service Accounts
  2. Click on your service account
  3. Click Show domain-wide delegation
  4. Check the box for Enable Google Workspace Domain-wide Delegation
  5. Click Save

Authorize in Google Admin Console

  1. Sign in to the Google Admin Console
  2. Navigate to Security → Access and data control → API controls
  3. Click Manage Domain Wide Delegation
  4. Click Add new
  5. Enter the OAuth 2.0 Client ID from your service account
  6. Add the following OAuth scopes (comma-separated):
https://mail.google.com/,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/gmail.settings.sharing,https://www.googleapis.com/auth/chat.spaces.readonly,https://www.googleapis.com/auth/chat.messages.readonly
  1. Click Authorize

Scope Verification

Ensure all required scopes are authorized. Missing scopes will cause API errors during migration.

Next Steps

With your service account created and configured, you're ready to set up your Cloudiway connector:

  1. Log in to the Cloudiway Portal
  2. Navigate to Connectors
  3. Create a new Google Workspace connector
  4. Enter your service account email
  5. Upload the P12 key file
  6. Enter the key password (default: "notasecret")
  7. Test the connection

Configuration Complete

Your Google service account is now ready for use with Cloudiway. Proceed to configure your Google Workspace connector in the Cloudiway portal.

Cloudiway Resources

Solution

Google Workspace to Microsoft 365

Complete Google to Microsoft migration solution

Learn more
Product

Mailbox Migration Tool

Enterprise email migration platform

View product
User Guide

Google Workspace Migration Guide

Step-by-step Google to M365 guide

Read guide

Related Articles

Was this article helpful?

Need more help? Contact our support team

We value your feedback

Help us improve your experience

What would you like to share with us?

Need direct support? Open a ticket