Skip to Content
AddonsMigrationMigration Credentials

Migration Credentials

Manage source system credentials for data migration. Store and configure authentication for Google Workspace, IMAP servers, PST imports, and other migration sources. OpsPilot365 encrypts all credentials and supports secure credential rotation.

Note: All credentials are encrypted using AES-256 encryption with keys managed through Azure Key Vault. Credentials are never displayed after initial entry and can only be used for authorized migration operations.

Stored Credentials

NameTypeSourceStatusLast Used
Contoso Google AdminGoogle Workspacecontoso.comValid2 hours ago
Fabrikam IMAPIMAPmail.fabrikam.com:993ValidYesterday
Legacy ExchangeExchange On-Premexchange.northwind.comExpiring3 days ago

Credential Types

Google Workspace

OAuth 2.0 service account authentication with domain-wide delegation.

  • Required: Service account JSON key file
  • Scopes: Gmail, Calendar, Contacts, Drive
  • Admin: Super admin email for impersonation

IMAP Server

Standard IMAP authentication with admin credentials for user access.

  • Server: IMAP hostname and port
  • Auth: Admin username and password
  • Security: SSL/TLS required

Exchange On-Premises

Exchange Web Services (EWS) with admin impersonation rights.

  • Endpoint: EWS URL (autodiscover supported)
  • Auth: Service account with impersonation
  • Versions: Exchange 2013, 2016, 2019

PST Files

Upload PST files directly or connect to network storage locations.

  • Upload: Direct upload to secure storage
  • Network: Azure blob, SharePoint, file share
  • Mapping: PST-to-mailbox mapping file

Add New Credential

Configure a new source system credential by providing a credential name, selecting the source type (Google Workspace, IMAP Server, Exchange On-Premises, PST Files, or Custom), and entering the required authentication details. For Google Workspace, upload the service account JSON key file and provide the admin email for impersonation.

Credential Testing

Validate credentials before starting a migration to ensure connectivity and permissions.

Successful test verifies: Connection established, authentication successful, required permissions verified, can access user mailboxes, API quotas available.

Failed test example: Connection and authentication succeed but missing scope Gmail.readonly. Action: Enable domain-wide delegation for the Gmail API scope in Google Admin Console.

Security Best Practices

  • Use dedicated service accounts for migration
  • Apply principle of least privilege
  • Rotate credentials after migration completes
  • Delete credentials when no longer needed
  • Monitor credential usage in audit logs
  • Enable only required API scopes
  • Restrict service account to migration IPs
  • Set credential expiration dates
  • Document admin approval for access
  • Revoke access immediately after migration

API Reference

  • GET /api/migration/credentials — List stored credentials
  • POST /api/migration/credentials/:id/test — Test a credential
  • POST /api/migration/credentials — Create new credential
Last updated on
Active Migration JobsGoogle Workspace Migration