Restez organisé à l'aide des collections
Enregistrez et classez les contenus selon vos préférences.
Configurer l'API User Invitation
Cette page explique comment configurer l'API User Invitation de Cloud Identity.
Activer l'API et configurer des identifiants
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
Authentification en tant que compte de service avec délégation au niveau du domaine
Si vous souhaitez fournir à un compte des droits sur l'ensemble du domaine lui permettant de gérer les invitations des utilisateurs pour le compte des administrateurs, vous devez vous authentifier en tant que compte de service, puis lui accorder les privilèges au niveau du domaine.
L'exemple suivant montre comment instancier un client à l'aide des identifiants d'un compte de service. Pour vous authentifier en tant qu'utilisateur final, remplacez l'objet du compte de service par l'objet que vous avez obtenu précédemment dans Utiliser OAuth 2.0 pour les applications de serveur Web.
Vous pouvez maintenant commencer à appeler l'API User Invitation.
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/09/04 (UTC).
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Difficile à comprendre","hardToUnderstand","thumb-down"],["Informations ou exemple de code incorrects","incorrectInformationOrSampleCode","thumb-down"],["Il n'y a pas l'information/les exemples dont j'ai besoin","missingTheInformationSamplesINeed","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/09/04 (UTC)."],[[["\u003cp\u003eThis page details the setup process for the Cloud Identity User Invitation API, including enabling the API and setting up necessary credentials.\u003c/p\u003e\n"],["\u003cp\u003eYou can install the required Python client library using the provided \u003ccode\u003epip\u003c/code\u003e command for managing the API.\u003c/p\u003e\n"],["\u003cp\u003eFor domain-wide management of user invitations, the guide explains how to authenticate as a service account and delegate the necessary privileges, noting that the audit logs will show the impersonated user as the actor.\u003c/p\u003e\n"],["\u003cp\u003eThe process for instantiating a client using service account credentials is demonstrated with a Python example, which covers setting scopes and creating a service using the \u003ccode\u003egoogleapiclient.discovery\u003c/code\u003e module.\u003c/p\u003e\n"]]],[],null,["# Setting up the User Invitation API\n==================================\n\nThis page explains how to set up the Cloud Identity User Invitation API.\n\nEnabling the API and setting up credentials\n-------------------------------------------\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n\n\n Enable the Cloud Identity API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=cloudidentity.googleapis.com)\n-\n Create a service account:\n\n 1.\n In the Google Cloud console, go to the **Create service account** page.\n\n [Go to Create service account](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create?supportedpurview=project)\n 2. Select your project.\n 3.\n In the **Service account name** field, enter a name. The Google Cloud console fills\n in the **Service account ID** field based on this name.\n\n\n In the **Service account description** field, enter a description. For example,\n `Service account for quickstart`.\n 4. Click **Create and continue**.\n 5.\n Grant the **Project \\\u003e Owner** role to the service account.\n\n\n To grant the role, find the **Select a role** list, then select\n **Project \\\u003e Owner**.\n | **Note** : The **Role** field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a [predefined role](/iam/docs/understanding-roles#predefined_roles) or [custom role](/iam/docs/understanding-custom-roles) that meets your needs.\n 6. Click **Continue**.\n 7.\n Click **Done** to finish creating the service account.\n\n\n Do not close your browser window. You will use it in the next step.\n-\n Create a service account key:\n\n 1. In the Google Cloud console, click the email address for the service account that you created.\n 2. Click **Keys**.\n 3. Click **Add key** , and then click **Create new key**.\n 4. Click **Create**. A JSON key file is downloaded to your computer.\n 5. Click **Close**.\n\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n\n\n Enable the Cloud Identity API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=cloudidentity.googleapis.com)\n-\n Create a service account:\n\n 1.\n In the Google Cloud console, go to the **Create service account** page.\n\n [Go to Create service account](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create?supportedpurview=project)\n 2. Select your project.\n 3.\n In the **Service account name** field, enter a name. The Google Cloud console fills\n in the **Service account ID** field based on this name.\n\n\n In the **Service account description** field, enter a description. For example,\n `Service account for quickstart`.\n 4. Click **Create and continue**.\n 5.\n Grant the **Project \\\u003e Owner** role to the service account.\n\n\n To grant the role, find the **Select a role** list, then select\n **Project \\\u003e Owner**.\n | **Note** : The **Role** field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a [predefined role](/iam/docs/understanding-roles#predefined_roles) or [custom role](/iam/docs/understanding-custom-roles) that meets your needs.\n 6. Click **Continue**.\n 7.\n Click **Done** to finish creating the service account.\n\n\n Do not close your browser window. You will use it in the next step.\n-\n Create a service account key:\n\n 1. In the Google Cloud console, click the email address for the service account that you created.\n 2. Click **Keys**.\n 3. Click **Add key** , and then click **Create new key**.\n 4. Click **Create**. A JSON key file is downloaded to your computer.\n 5. Click **Close**.\n\n\u003cbr /\u003e\n\nInstalling the Python client library\n------------------------------------\n\nTo install the Python client library, run the following command: \n\n pip install --upgrade google-api-python-client google-auth \\\n google-auth-oauthlib google-auth-httplib2\n\nFor more on setting up your Python development environment, refer to the\n[Python Development Environment Setup Guide](/python/docs/setup).\n\nAuthenticating as a service account with domain-wide delegation\n---------------------------------------------------------------\n\nIf you want to provide an account with domain-wide privileges so it can manage\nuser invitations on behalf of admins, you should authenticate as a service\naccount and then grant it the domain-wide privileges.\n| **Note:** Because domain-wide delegation works by allowing the service account to impersonate an admin user, audit logs will show any service account actions as the user.\n\nSee\n[Delegate domain-wide authority to your service account](https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account)\nfor instructions. You need to provide the following scope to authorize the\nservice account:\n\n- `https://www.googleapis.com/auth/cloud-identity.userinvitations`\n\n### Instantiating a client\n\nThe following example shows how to instantiate a client using service account\ncredentials. To authenticate as an end-user instead, replace the credential\nobject from the service account with the credential you obtained earlier in\n[Using OAuth 2.0 for web server applications](https://developers.google.com/identity/protocols/oauth2/web-server#obtainingaccesstokens). \n\n### Python\n\n from google.oauth2 import service_account\n import googleapiclient.discovery\n\n SCOPES = ['https://www.googleapis.com/auth/cloud-identity.userinvitations']\n SERVICE_ACCOUNT_FILE = '/path/to/service-account-file.json'\n\n def create_service():\n credentials = service_account.Credentials.from_service_account_file(\n SERVICE_ACCOUNT_FILE, scopes=SCOPES)\n delegated_credentials = credentials.with_subject('user@altostrat.com')\n\n service_name = 'cloudidentity'\n api_version = 'v1'\n service = googleapiclient.discovery.build(\n service_name,\n api_version,\n credentials=delegated_credentials)\n\n return service\n\nYou can now begin making calls to the User Invitation API."]]
