Stay organized with collections
Save and categorize content based on your preferences.
Listing device users
This page explains how to list device users.
Listing specific device users
The following examples show you how to list specific devices users in your
organization.
REST
To list specific device users, call
devices.deviceUsers.list()
with the name of the customer (organization).
Python HTTP
The following example shows how to list specific device users using the Python
HTTP library:
"""Sample script to demonstrate the use of the List method in the Devices API."""importjsonimportpprintfromsix.movesimporturllibimportgoogle.auth.transport.requestsfromgoogle.oauth2importservice_accountSCOPES=['https://www.googleapis.com/auth/cloud-identity.devices']BASE_URL='https://cloudidentity.googleapis.com/v1/'# Change this to the location of the service account keySA_FILE=''# Enter the administrator to call as here.ADMIN_EMAIL=''ifnotSA_FILE:print('Please specify the location of the service account key file')ifnotADMIN_EMAIL:print('Please specify the email of the administrator to call as')ifnotSA_FILEornotADMIN_EMAIL:exit(-1)defcreate_delegated_credentials(user_email):credentials=service_account.Credentials.from_service_account_file(SA_FILE,scopes=['https://www.googleapis.com/auth/cloud-identity.devices'])delegated_credentials=credentials.with_subject(user_email)returndelegated_credentials####################################################################### AUTHENTICATE the service account and retrieve an oauth2 access tokenrequest=google.auth.transport.requests.Request()dc=create_delegated_credentials(ADMIN_EMAIL)dc.refresh(request)print('Access token: '+dc.token+'\n')################################ LIST deviceUsers with filter.# Change this filter according to the options here:# https://support.google.com/a/answer/7549103FILTER=urllib.parse.quote_plus('status:approved os:IOS')list_url=BASE_URL+'devices/-/deviceUsers?filter='+FILTERauth_header={'Authorization':'Bearer '+dc.token}content=urllib.request.urlopen(urllib.request.Request(list_url,headers=auth_header)).read()response=json.loads(content)pp=pprint.PrettyPrinter(indent=4)if'deviceUsers'inresponse:print('Listed: '+str(len(response['deviceUsers']))+' deviceUsers\n')forelementinresponse['deviceUsers']:pp.pprint(element)print('Next page token: '+response['nextPageToken'])else:print('Empty response')
Notice that FILTER is set to filter device users to those users whose status
is "approved" (status:approved) and operating system is "IOS" (os:IOS).
Getting a specific device user
The following examples show you how to retrieve a specific device user.
REST
To get a specific device user, call
devices.deviceUsers.get()
with the name of the device and the customer (organization).
Python HTTP
The following example shows how to retrieve a specific customer using the
Python HTTP library:
"""Sample script to demonstrate the use of the get method in the Devices API."""importjsonimportpprintfromsix.movesimporturllibimportgoogle.auth.transport.requestsfromgoogle.oauth2importservice_accountSCOPES=['https://www.googleapis.com/auth/cloud-identity.devices']BASE_URL='https://cloudidentity.googleapis.com/v1/'# Change this to the location of the service account keySA_FILE=''# Enter the administrator to call as here.ADMIN_EMAIL=''# Enter the Resource Name. You can get this from the value of the name# field in the results of a List method callRESOURCE_NAME=''ifnotSA_FILE:print('Please specify the location of the service account key file')ifnotADMIN_EMAIL:print('Please specify the email of the administrator to call as')ifnotRESOURCE_NAME:print('Please specify the Resource Name to be retrieved')ifnotSA_FILEornotADMIN_EMAILornotRESOURCE_NAME:exit(-1)defcreate_delegated_credentials(user_email):credentials=service_account.Credentials.from_service_account_file(SA_FILE,scopes=['https://www.googleapis.com/auth/cloud-identity.devices'])delegated_credentials=credentials.with_subject(user_email)returndelegated_credentials####################################################################### AUTHENTICATE the service account and retrieve an oauth2 access tokenrequest=google.auth.transport.requests.Request()dc=create_delegated_credentials(ADMIN_EMAIL)dc.refresh(request)print('Access token: '+dc.token+'\n')################################ Get the resourceget_url=BASE_URL+RESOURCE_NAMEauth_header={'Authorization':'Bearer '+dc.token}content=urllib.request.urlopen(urllib.request.Request(get_url,headers=auth_header)).read()response=json.loads(content)pp=pprint.PrettyPrinter(indent=4)pp.pprint(response)
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis document details the process of listing and retrieving device users within an organization.\u003c/p\u003e\n"],["\u003cp\u003eYou can list specific device users by using the REST API call \u003ccode\u003edevices.deviceUsers.list()\u003c/code\u003e, providing the customer's name (organization).\u003c/p\u003e\n"],["\u003cp\u003eThe Python HTTP library example demonstrates how to list device users, including the ability to filter by status and operating system, such as listing only "approved" users on "IOS".\u003c/p\u003e\n"],["\u003cp\u003eRetrieving a specific device user can be done via the REST API call \u003ccode\u003edevices.deviceUsers.get()\u003c/code\u003e, requiring the device's name and the customer's name.\u003c/p\u003e\n"],["\u003cp\u003eThe Python HTTP library example provides a method to get a specific device user, requiring a resource name that can be found within the results of a list method call.\u003c/p\u003e\n"]]],[],null,["# Listing device users\n====================\n\nThis page explains how to list device users.\n\nListing specific device users\n-----------------------------\n\nThe following examples show you how to list specific devices users in your\norganization. \n\n### REST\n\nTo list specific device users, call\n[`devices.deviceUsers.list()`](/identity/docs/reference/rest/v1/devices.deviceUsers/list)\nwith the name of the `customer` (organization).\n\n### Python HTTP\n\nThe following example shows how to list specific device users using the Python\nHTTP library: \n\n \"\"\"Sample script to demonstrate the use of the List method in the Devices API.\"\"\"\n import json\n import pprint\n\n from six.moves import urllib\n\n import google.auth.transport.requests\n from google.oauth2 import service_account\n\n SCOPES = ['https://www.googleapis.com/auth/cloud-identity.devices']\n BASE_URL = 'https://cloudidentity.googleapis.com/v1/'\n\n # Change this to the location of the service account key\n SA_FILE = ''\n\n # Enter the administrator to call as here.\n ADMIN_EMAIL = ''\n\n if not SA_FILE:\n print('Please specify the location of the service account key file')\n if not ADMIN_EMAIL:\n print('Please specify the email of the administrator to call as')\n\n if not SA_FILE or not ADMIN_EMAIL:\n exit(-1)\n\n def create_delegated_credentials(user_email):\n credentials = service_account.Credentials.from_service_account_file(\n SA_FILE,\n scopes=['https://www.googleapis.com/auth/cloud-identity.devices'])\n\n delegated_credentials = credentials.with_subject(user_email)\n\n return delegated_credentials\n\n ######################################################################\n # AUTHENTICATE the service account and retrieve an oauth2 access token\n\n request = google.auth.transport.requests.Request()\n dc = create_delegated_credentials(ADMIN_EMAIL)\n dc.refresh(request)\n print('Access token: ' + dc.token + '\\n')\n\n ###############################\n # LIST deviceUsers with filter.\n\n # Change this filter according to the options here:\n # https://support.google.com/a/answer/7549103\n FILTER = urllib.parse.quote_plus('status:approved os:IOS')\n list_url = BASE_URL + 'devices/-/deviceUsers?filter=' + FILTER\n auth_header = {'Authorization': 'Bearer ' + dc.token}\n content = urllib.request.urlopen(\n urllib.request.Request(list_url, headers=auth_header)).read()\n response = json.loads(content)\n pp = pprint.PrettyPrinter(indent=4)\n\n if 'deviceUsers' in response:\n print('Listed: ' + str(len(response['deviceUsers'])) + ' deviceUsers\\n')\n\n for element in response['deviceUsers']:\n pp.pprint(element)\n print('Next page token: ' + response['nextPageToken'])\n else:\n print('Empty response')\n\nNotice that `FILTER` is set to filter device users to those users whose status\nis \"approved\" (`status:approved`) and operating system is \"IOS\" (`os:IOS`).\n\nGetting a specific device user\n------------------------------\n\nThe following examples show you how to retrieve a specific device user. \n\n### REST\n\nTo get a specific device user, call\n[`devices.deviceUsers.get()`](/identity/docs/reference/rest/v1/devices.deviceUsers/get)\nwith the `name` of the device and the `customer` (organization).\n\n### Python HTTP\n\nThe following example shows how to retrieve a specific customer using the\nPython HTTP library: \n\n \"\"\"Sample script to demonstrate the use of the get method in the Devices API.\"\"\"\n import json\n import pprint\n\n from six.moves import urllib\n\n import google.auth.transport.requests\n from google.oauth2 import service_account\n\n SCOPES = ['https://www.googleapis.com/auth/cloud-identity.devices']\n BASE_URL = 'https://cloudidentity.googleapis.com/v1/'\n\n # Change this to the location of the service account key\n SA_FILE = ''\n\n # Enter the administrator to call as here.\n ADMIN_EMAIL = ''\n\n # Enter the Resource Name. You can get this from the value of the name\n # field in the results of a List method call\n RESOURCE_NAME = ''\n\n if not SA_FILE:\n print('Please specify the location of the service account key file')\n if not ADMIN_EMAIL:\n print('Please specify the email of the administrator to call as')\n if not RESOURCE_NAME:\n print('Please specify the Resource Name to be retrieved')\n\n if not SA_FILE or not ADMIN_EMAIL or not RESOURCE_NAME:\n exit(-1)\n\n def create_delegated_credentials(user_email):\n credentials = service_account.Credentials.from_service_account_file(\n SA_FILE,\n scopes=['https://www.googleapis.com/auth/cloud-identity.devices'])\n\n delegated_credentials = credentials.with_subject(user_email)\n\n return delegated_credentials\n\n ######################################################################\n # AUTHENTICATE the service account and retrieve an oauth2 access token\n\n request = google.auth.transport.requests.Request()\n dc = create_delegated_credentials(ADMIN_EMAIL)\n dc.refresh(request)\n print('Access token: ' + dc.token + '\\n')\n\n ###############################\n # Get the resource\n get_url = BASE_URL + RESOURCE_NAME\n auth_header = {'Authorization': 'Bearer ' + dc.token}\n content = urllib.request.urlopen(\n urllib.request.Request(get_url, headers=auth_header)).read()\n response = json.loads(content)\n pp = pprint.PrettyPrinter(indent=4)\n pp.pprint(response)"]]
