Add a source connection

Google Workspace to Google Workspace migration

You add a source connection to allow Google Workspace Migrate to read, convert, and transfer data from the Google Workspace source environment.

Before you begin 

  • You don't have to create a new service account. You can use the service account that you set up earlier. Follow the steps below if you want to create a new service account. 
  • Use a Google Cloud project belonging to either the source or target environment, depending on how you want to manage your API usage and quotas.
  • You can create the new service account in a different Google Cloud project. If you do, first enable the APIs in the new project. Go to Step 1: Use Google Cloud to turn on APIs.  

Steps to add a source connection

Expand all  |  Collapse all

Step 1: Create the service account (Optional)
  1. In Google Cloud, click IAM & Adminand thenService Accounts. You might have to click Menu first.
  2. Click Create Service Account.
  3. For Service account name, enter a name.

    The service account ID is completed automatically.

  4. (Optional) To add your own description to the service account, click Service account description and enter a description.
  5. Click Create and Continue.
  6. Service account and user permissions are not required for Google Workspace Migrate.

    Click Done to skip these steps.

  7. Select the email address of the service account that you created.
  8. At the top, click Keysand thenAdd Keyand thenCreate new key.
  9. Make sure the key type is set to JSON and click Create.

    You'll get a message that the service account JSON key file has been created and downloaded to your computer. Make a note of the name of this file because you’ll need it later.

  10. Click Close.

What happens next? 

It can take up to 24 hours to create service accounts. If you lose the name of the key file, repeat these steps to create a new one.

Step 2: Authorize the service account

Next, authorize the service account in the Google Admin console for your source domain. You must complete this step even if you are reusing a service account. 

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in

  2. In the Admin console, go to Menu and then Securityand thenAccess and data controland thenAPI controlsand thenManage Domain Wide Delegation.
    You must be signed in as a super administrator for this task.
  3. Click Add new and enter your service account client ID.

    You can find the ID (also known as the Unique ID) in the JSON file that you downloaded when you created the service account or in Google Cloud (click IAM & Adminand thenService accountsand thenthe name of your service account).

  4. For OAuth scopes, copy and paste the following scopes:,,,,,,,,,,,,,,,,,,,,,

  5. Click Authorize.
  6. Point to the new client ID, click View details, and make sure that every scope is listed.

    If a scope is not listed, click Edit, enter the missing scope, and click Authorize. You can't edit the client ID.

  7. Go back to Google Cloud and click Save.


You might see the following error: Client is not authorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.

To troubleshoot: 

  • Repeat step 2 (Authorize the service account) above. 
  • Make sure you're using the correct client ID. Open the JSON file in a text editor to verify the client IDs match. 
  • If you still see the error, you might need to wait for the authorization process to finish. It usually takes a few minutes, but can take up to 24 hours.
Step 3: Add a source connection for Google Workspace
  1. In the Google Workspace Migrate platform, click New and thenConnection.
  2. Under Name, enter a connection name.
  3. Under Type, select Google Workspace.
  4. Under Admin email, enter the email address of a super administrator for your source Google Workspace domain.
  5. Under Account, choose an option:
    • Select an existing Google Workspace account, then move to step 8.
    • Select Add a new account, then move to step 6. 
  6. Locate the JSON key file for the Google service account on the source domain.
  7. Under Service certificate, click Upload file, navigate to the downloaded JSON private key, and click Open. Or, drag the JSON file to the box.
  8. Click Create.

Edit a connection

  1. In the Google Workspace Migrate platform, click Connections. You might have to click Menu first.
  2. Point to the connection and click More and thenEdit.
  3. Enter your changes and click Save.

Next step

Create a sharding users list (Optional)

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Clear search
Close search
Google apps
Main menu
Search Help Center