Stay organized with collections
Save and categorize content based on your preferences.
The Identity and Access Management (IAM) API uses Kubernetes custom resources
to manage the control access for identity providers.
To use the IAM API, use the GDC console. If
your application uses your own libraries to call the API, adopt the example
service endpoint in the following section, and the
full API definition to build your requests.
Service endpoint and discovery document
The API endpoint for the IAM API is
https://MANAGEMENT_API_SERVER_ENDPOINT/apis/iam.gdc.goog/v1,
where MANAGEMENT_API_SERVER_ENDPOINT is the endpoint of
the Management API server.
Using the kubectl proxy command, access the URL in your browser to
obtain the discovery document for the IAM API. The kubectl proxy command opens
up a proxy on 127.0.0.1:8001 to the Kubernetes API server on your local
machine. Once that command is running, access the document at the
following URL:
http://127.0.0.1:8001/apis/iam.gdc.goog/v1
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe Identity and Access Management (IAM) API leverages Kubernetes custom resources to manage access control for identity providers.\u003c/p\u003e\n"],["\u003cp\u003eThe IAM API is accessible through the GDC console, or you can use your own libraries, adopting the example service endpoint and full API definition to build requests.\u003c/p\u003e\n"],["\u003cp\u003eThe IAM API endpoint is located at \u003ccode\u003ehttps://\u003c/code\u003e\u003cvar translate=no\u003eGDCH_API_SERVER_ENDPOINT\u003c/var\u003e\u003ccode\u003e/apis/iam.gdc.goog/v1\u003c/code\u003e, where \u003cvar translate=no\u003eGDCH_API_SERVER_ENDPOINT\u003c/var\u003e represents the GDC API server endpoint.\u003c/p\u003e\n"],["\u003cp\u003eThe discovery document for the IAM API can be obtained by using the \u003ccode\u003ekubectl proxy\u003c/code\u003e command and then accessing \u003ccode\u003ehttp://127.0.0.1:8001/apis/iam.gdc.goog/v1\u003c/code\u003e in your browser.\u003c/p\u003e\n"]]],[],null,["# Identity and Access Management API overview\n\nThe Identity and Access Management (IAM) API uses Kubernetes custom resources\nto manage the control access for identity providers.\n\nTo use the IAM API, use the GDC console. If\nyour application uses your own libraries to call the API, adopt the example\nservice endpoint in the following section, and the\n[full API definition](./identity-v1) to build your requests.\n\nService endpoint and discovery document\n---------------------------------------\n\nThe API endpoint for the IAM API is\n`https://`\u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e`/apis/iam.gdc.goog/v1`,\nwhere \u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e is the endpoint of\nthe Management API server.\n\nUsing the `kubectl proxy` command, access the URL in your browser to\nobtain the discovery document for the IAM API. The `kubectl proxy` command opens\nup a proxy on `127.0.0.1:8001` to the Kubernetes API server on your local\nmachine. Once that command is running, access the document at the\nfollowing URL:\n`http://127.0.0.1:8001/apis/iam.gdc.goog/v1`\n\nExample resources\n-----------------\n\nThe following is a sample resource: \n\n apiVersion: iam.gdc.goog/v1\n kind: IdentityProviderConfig\n metadata:\n name: example-provider\n namespace: platform\n spec:\n - oidc:\n clientID: clientID\n clientSecret: clientSecret\n groupPrefix: example-\n groupsClaim: groups\n issuerURI: https://test-oidc-provider.example.com\n scopes: openid email profile\n userClaim: user-email@example.com\n userPrefix: example-"]]