Why Service Account ID & P12 File Matter
When migrating data from Google Workspace to Microsoft 365 using a third-party tool, security and authentication are critical. This is where the Service Account ID and the P12 key file come in.
Together, they allow migration tools to securely access Google services without needing personal credentials. This ensures that your data transfer is both secure and efficient.
Step-by-Step: Creating a Service Account and P12 File
Follow these steps carefully to set up your Service Account ID and generate the P12 file.
1. Create a Google Cloud Project
- Log in to the Google Cloud Platform with your Google Workspace account.
- From the dashboard, select “New Project”.
- Enter your Project Name, Organization, and Location, then click Create.
2. Enable Required APIs
- Open your newly created project.
- Navigate to APIs & Services → Enable APIs and Services.
- Search for and enable the following APIs:
- Gmail API
- Google Calendar API
- People API
- Admin SDK API
- Contacts API
3. Create a Service Account
- Go to IAM & Admin → Service Accounts.
- Click Create Service Account.
- Provide details like:
- Service Account Name (e.g., demo)
- Service Account ID (e.g., demo-456@...)
- Assign roles if needed (optional).
- Click Done to complete.
Note: The Unique ID of the service account will be needed for domain-wide delegation later.
4. Delegate Domain-Wide Authority
- In your Google Workspace Admin console, go to:
Main Menu → Security → API Controls. - Under Domain-wide Delegation, select Manage Domain-wide Delegation.
- Click Add New and enter:
- Client ID: The Service Account’s Unique ID.
- OAuth Scopes: Add the following URLs:
- https://www.googleapis.com/auth/admin.directory.user.readonly
- https://www.googleapis.com/auth/drive.readonly
- https://www.googleapis.com/auth/drive
- https://www.googleapis.com/auth/admin.directory.user
- https://www.googleapis.com/auth/calendar
- https://www.googleapis.com/auth/calendar.events
- https://www.googleapis.com/auth/calendar.events.readonly
- https://www.googleapis.com/auth/contacts.readonly
- https://mail.google.com/
- https://www.google.com/m8/feeds
- https://www.googleapis.com/auth/admin.directory.userschema.readonly
- https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
- https://www.googleapis.com/auth/calendar.readonly
- https://www.googleapis.com/auth/calendar.settings.readonly
- https://www.googleapis.com/auth/gmail.readonly
- https://www.googleapis.com/auth/admin.directory.group.readonly
4. Click Authorize.
5. Generate and Download the P12 File
- From the Service Accounts page, click the ⋮ (Actions menu) next to your service account.
- Select Manage Keys → Create New Key.
- Choose P12 as the key type and click Create.
- The P12 file will download automatically to your system.
If you face errors when generating the P12 file:
- Switch to an Organization Project.
- Assign the Organization Policy Administrator role.
- Ensure Disable service account key creation is set to Not Enforced.
- Retry creating the key.
Using Service Account ID & P12 File for Migration
Once you have the Service Account ID and P12 File, you’re ready to connect them with your migration tool.
Shoviv G Suite to Office 365 Tool: Simplifying Migration
Migrating from G Suite to Microsoft 365 can be tricky, involving multiple steps and potential downtime. The Shoviv G Suite to Office 365 Migration Tool removes these hurdles by offering:
- Bulk mailbox migration
- Advanced filters & scheduling
- Incremental export to prevent duplication
- 24/7 live support via chat, email, or phone
With Shoviv, you can focus on the migration itself while the tool securely handles authentication using your Service Account ID and P12 file.
Replies