Add a source connection

G Suite to G Suite migration

You add a source connection to allow G Suite Migrate to read, convert, and transfer data from the G Suite source environment.

Before you begin 

  • You don't have to create a new service account. You can use the service account that you set up earlier. Follow the steps below if you want to create a new service account. 
  • Use a GCP project belonging to either the source or target environment, depending on how you want to manage your API usage and quotas.
  • You can create the new service account in a different GCP project. If you do, first enable the APIs in the new project. Go to Enable APIs

Steps to add a source connection

Open all   |   Close all

Step 1: Create the service account (Optional)
  1. In the GCP Console, click IAM & Adminand thenService Accounts. You might have to click Menu "" first.
  2. Click Create Service Account.
  3. In the Service account name field, enter a name.

    The service account ID is completed automatically.

  4. (Optional) In the Service account description field, enter a description of the service account.
  5. Click Create.
  6. Service account permissions are not required for G Suite Migrate. Click Continue to skip this step.
  7. User permissions are not required for G Suite Migrate. Click Done to skip this step.
  8. Under Service Accounts, select the email address of the service account you created.
  9. Click Add Keyand thenCreate new key.
  10. Make sure the key type is set to JSON and click Create.

    You'll get a message that the service account JSON key file has been created and downloaded to your computer. Make a note of the name of this file because you’ll need it later.

  11. Click Close.

What happens next? 

Service accounts can take up to 24 hours to propagate through large domains. If you lose the key, repeat these steps to create a new one.

Step 2: Authorize the service account

Next, authorize the service account in the Google Admin console for your source domain. You must complete this step even if you are reusing a service account. 

  1. In the Admin console, click Securityand thenAPI controls
  2. Under Domain wide delegation, click Manage Domain Wide Delegation.
  3. On the Manage domain wide delegation page, click Add new.
  4. Under Client ID, enter your service account's client ID.

    You can find the service account client ID in the JSON file you downloaded when you created the service account. Alternatively, you can find the client ID in the Google Cloud Platform Console. Click IAM & Adminand thenService accounts, then select your service account.

  5. In the OAuth scopes field, copy and paste the following scopes:

    https://apps-apis.google.com/a/feeds/emailsettings/2.0/,
    https://www.googleapis.com/auth/contacts,
    https://www.googleapis.com/auth/admin.directory.group,
    https://www.googleapis.com/auth/admin.directory.group.member,
    https://www.googleapis.com/auth/admin.directory.orgunit,
    https://www.googleapis.com/auth/admin.directory.resource.calendar,
    https://www.googleapis.com/auth/admin.directory.user,
    https://www.googleapis.com/auth/apps.groups.migration,
    https://www.googleapis.com/auth/apps.groups.settings,
    https://www.googleapis.com/auth/calendar,
    https://www.googleapis.com/auth/drive,
    https://www.googleapis.com/auth/drive.appdata,
    https://www.googleapis.com/auth/drive.file,
    https://www.googleapis.com/auth/gmail.modify,
    https://www.googleapis.com/auth/migrate.deployment.interop,
    https://www.googleapis.com/auth/tasks,
    https://www.googleapis.com/auth/userinfo.email,
    https://sites.google.com/feeds,
    https://www.googleapis.com/auth/gmail.settings.basic,
    https://www.googleapis.com/auth/gmail.settings.sharing,
    https://www.googleapis.com/auth/admin.directory.customer.readonly,
    https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly

  6. Click Authorize.
  7. To make sure every scope appears, select the new client ID and click View details.

    If they don't, click Edit, enter the missing scopes, and click Authorize. Note that you can't edit the client ID.

  8. Go back to the Google Cloud Platform Console and click Save.

Note: It might take some time for the authorization process to complete.

Step 3: Add a source connection for G Suite
  1. In the G Suite Migrate platform, click New ""and thenConnection.
  2. Under Name, enter a connection name.
  3. Under Type, select G Suite.
  4. Under Admin email, enter the email address of a super administrator for your source G Suite domain.
  5. Under Account, choose an option:
    • Select an existing G Suite account, then move to step 8.
    • Select Add a new account, then move to step 6. 
  6. Locate the JSON key file for the Google service account on the source domain.
  7. Under Service certificate, click Upload file, navigate to the downloaded JSON private key, and click Open. Or, drag the JSON file to the box.
  8. Click Create.

Edit a connection (Optional)

  1. In the G Suite Migrate platform, click Connections. You might have to click Menu "" first.
  2. Point to the connection and click More ""and thenEdit.
  3. Enter your changes and click Save.

Next step

Create a sharding users list (Optional)


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.