Hello, I have gone round in ever decreasing circles with Google Support and we dont really want to pay for an expensive support plan so we are really hoping somebody can help here, please. We have traditionally been able to do this on other Google tenants on the "Cloud Identity Free' license, but are being blocked on this occasion. 

We have created a new Project in  Google Cloud Platform Console and enabled the requisite API's for a migration (Gmail, Contacts, Cals, etc). We can also "Create Service Account" successfully. 

What we cannot do is 'Create New key' for the service account. We need to create a new JSON in order to utilise a 3rd party migration tool. Please see the screenshot below. Neither of our Super Admin accounts can do this. If we go to 'Organisation Policies' or 'Principal Access Boundary" we cannot make any changes. 

We only need to temporarily disable iam.disableServiceAccountKeyCreation in "Organisation Policies" to create the JSON and allow a migration. How can we perform this without upgrading the support package with Google Cloud? Many thanks in advance.