Mit Sammlungen den Überblick behalten
Sie können Inhalte basierend auf Ihren Einstellungen speichern und kategorisieren.
User Invite API einrichten
Auf dieser Seite wird erläutert, wie Sie die Cloud Identity User Invitation API einrichten.
API aktivieren und Anmeldedaten einrichten
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
Als Dienstkonto mit domainweiter Delegierung authentifizieren
Wenn Sie ein Konto mit domainweiten Berechtigungen zur Verwaltung von Nutzereinladungen für Administratoren bereitstellen möchten, sollten Sie es als Dienstkonto authentifizieren und diesem dann die domainweiten Berechtigungen gewähren.
Das folgende Beispiel zeigt, wie ein Client mithilfe von Dienstkonto-Anmeldedaten instanziiert wird. Wenn Sie sich stattdessen als Endnutzer authentifizieren möchten, ersetzen Sie das Objekt für die Anmeldedaten aus dem Dienstkonto durch die Anmeldedaten, die Sie zuvor in OAuth 2.0 für Webserveranwendungen verwenden erhalten haben.
[[["Leicht verständlich","easyToUnderstand","thumb-up"],["Mein Problem wurde gelöst","solvedMyProblem","thumb-up"],["Sonstiges","otherUp","thumb-up"]],[["Schwer verständlich","hardToUnderstand","thumb-down"],["Informationen oder Beispielcode falsch","incorrectInformationOrSampleCode","thumb-down"],["Benötigte Informationen/Beispiele nicht gefunden","missingTheInformationSamplesINeed","thumb-down"],["Problem mit der Übersetzung","translationIssue","thumb-down"],["Sonstiges","otherDown","thumb-down"]],["Zuletzt aktualisiert: 2025-09-04 (UTC)."],[[["\u003cp\u003eThis page details the setup process for the Cloud Identity User Invitation API, including enabling the API and setting up necessary credentials.\u003c/p\u003e\n"],["\u003cp\u003eYou can install the required Python client library using the provided \u003ccode\u003epip\u003c/code\u003e command for managing the API.\u003c/p\u003e\n"],["\u003cp\u003eFor domain-wide management of user invitations, the guide explains how to authenticate as a service account and delegate the necessary privileges, noting that the audit logs will show the impersonated user as the actor.\u003c/p\u003e\n"],["\u003cp\u003eThe process for instantiating a client using service account credentials is demonstrated with a Python example, which covers setting scopes and creating a service using the \u003ccode\u003egoogleapiclient.discovery\u003c/code\u003e module.\u003c/p\u003e\n"]]],[],null,["# Setting up the User Invitation API\n==================================\n\nThis page explains how to set up the Cloud Identity User Invitation API.\n\nEnabling the API and setting up credentials\n-------------------------------------------\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n\n\n Enable the Cloud Identity API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=cloudidentity.googleapis.com)\n-\n Create a service account:\n\n 1.\n In the Google Cloud console, go to the **Create service account** page.\n\n [Go to Create service account](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create?supportedpurview=project)\n 2. Select your project.\n 3.\n In the **Service account name** field, enter a name. The Google Cloud console fills\n in the **Service account ID** field based on this name.\n\n\n In the **Service account description** field, enter a description. For example,\n `Service account for quickstart`.\n 4. Click **Create and continue**.\n 5.\n Grant the **Project \\\u003e Owner** role to the service account.\n\n\n To grant the role, find the **Select a role** list, then select\n **Project \\\u003e Owner**.\n | **Note** : The **Role** field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a [predefined role](/iam/docs/understanding-roles#predefined_roles) or [custom role](/iam/docs/understanding-custom-roles) that meets your needs.\n 6. Click **Continue**.\n 7.\n Click **Done** to finish creating the service account.\n\n\n Do not close your browser window. You will use it in the next step.\n-\n Create a service account key:\n\n 1. In the Google Cloud console, click the email address for the service account that you created.\n 2. Click **Keys**.\n 3. Click **Add key** , and then click **Create new key**.\n 4. Click **Create**. A JSON key file is downloaded to your computer.\n 5. Click **Close**.\n\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n\n\n Enable the Cloud Identity API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=cloudidentity.googleapis.com)\n-\n Create a service account:\n\n 1.\n In the Google Cloud console, go to the **Create service account** page.\n\n [Go to Create service account](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create?supportedpurview=project)\n 2. Select your project.\n 3.\n In the **Service account name** field, enter a name. The Google Cloud console fills\n in the **Service account ID** field based on this name.\n\n\n In the **Service account description** field, enter a description. For example,\n `Service account for quickstart`.\n 4. Click **Create and continue**.\n 5.\n Grant the **Project \\\u003e Owner** role to the service account.\n\n\n To grant the role, find the **Select a role** list, then select\n **Project \\\u003e Owner**.\n | **Note** : The **Role** field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a [predefined role](/iam/docs/understanding-roles#predefined_roles) or [custom role](/iam/docs/understanding-custom-roles) that meets your needs.\n 6. Click **Continue**.\n 7.\n Click **Done** to finish creating the service account.\n\n\n Do not close your browser window. You will use it in the next step.\n-\n Create a service account key:\n\n 1. In the Google Cloud console, click the email address for the service account that you created.\n 2. Click **Keys**.\n 3. Click **Add key** , and then click **Create new key**.\n 4. Click **Create**. A JSON key file is downloaded to your computer.\n 5. Click **Close**.\n\n\u003cbr /\u003e\n\nInstalling the Python client library\n------------------------------------\n\nTo install the Python client library, run the following command: \n\n pip install --upgrade google-api-python-client google-auth \\\n google-auth-oauthlib google-auth-httplib2\n\nFor more on setting up your Python development environment, refer to the\n[Python Development Environment Setup Guide](/python/docs/setup).\n\nAuthenticating as a service account with domain-wide delegation\n---------------------------------------------------------------\n\nIf you want to provide an account with domain-wide privileges so it can manage\nuser invitations on behalf of admins, you should authenticate as a service\naccount and then grant it the domain-wide privileges.\n| **Note:** Because domain-wide delegation works by allowing the service account to impersonate an admin user, audit logs will show any service account actions as the user.\n\nSee\n[Delegate domain-wide authority to your service account](https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account)\nfor instructions. You need to provide the following scope to authorize the\nservice account:\n\n- `https://www.googleapis.com/auth/cloud-identity.userinvitations`\n\n### Instantiating a client\n\nThe following example shows how to instantiate a client using service account\ncredentials. To authenticate as an end-user instead, replace the credential\nobject from the service account with the credential you obtained earlier in\n[Using OAuth 2.0 for web server applications](https://developers.google.com/identity/protocols/oauth2/web-server#obtainingaccesstokens). \n\n### Python\n\n from google.oauth2 import service_account\n import googleapiclient.discovery\n\n SCOPES = ['https://www.googleapis.com/auth/cloud-identity.userinvitations']\n SERVICE_ACCOUNT_FILE = '/path/to/service-account-file.json'\n\n def create_service():\n credentials = service_account.Credentials.from_service_account_file(\n SERVICE_ACCOUNT_FILE, scopes=SCOPES)\n delegated_credentials = credentials.with_subject('user@altostrat.com')\n\n service_name = 'cloudidentity'\n api_version = 'v1'\n service = googleapiclient.discovery.build(\n service_name,\n api_version,\n credentials=delegated_credentials)\n\n return service\n\nYou can now begin making calls to the User Invitation API."]]