If you are unable to create a Google Cloud Service Account Key to be registered with LegacyFlo, the error message will have a statement similar to the one below
The organization policy constraint "iam.disableSericeAccountKeyCreation" is enforced on your organization.
To enable Google Cloud Service Account Key creation, follow the steps below.
A. From the top left corner of the Google Cloud interface, select the hamburger menu
B. Select IAM & Admin.
C. Select IAM
D. Navigate to project list . ( By default created while domain setup for primary domain)
E. Select the Organization Unit for the domain
F. Confirm the organization administrator using whose email id you have logged in has the following Roles assigned:
- Organization Administrator
- Organization Policy Administrator
- Owner
G. If any of these Roles are missing, then click on GRANT ACCESS
Add the necessary roles in the pop-up and Save the changes
H. Now, navigate back to the project selected in the steps D and E.
I. Select Organization Policies
J. Click on VIEW ACTIVE POLICIES and search for Disable service account key creation. Click on the link
K. Click MANAGE POLICY
I. In the Policy Source, select Override parent's policy and in the Enforcement section, select Off.