Before you can create a Google service account key, you might need to allow key creation. Follow the steps below to enable this setting.

1. Go to the Google Cloud Platform Console and log in with your Super Admin account.

2. In the top-left corner, next to the Google Cloud logo, select your organization from the dropdown list.
   
   

3. Go to shield_person IAM and admin.
   
   

4. Click person_add GRANT ACCESS.
   
   

5. Add your Super Admin account in the New principal field.
   
   

6. Under Assign roles, select the Organisation Administrator and Organisation Policy Administrator roles.
   
   

7. Click SAVE and wait a few minutes (± 3 minutes) to ensure that IAM changes have propagated.

8. Go to article Organization Policies.
   
   

9. Filter on iam.disableServiceAccountKeyCreation.
   
   

10. Select the policy iam.disableServiceAccountKeyCreation.

11. Click edit MANAGE POLICY.
    
    

12. Scroll down to Rules, and expand the Enforced rule.

13. Change Enforcement to Off.
    
    

14. Click DONE.
    
    

15. Click SET POLICY.