Mantieni tutto organizzato con le raccolte
Salva e classifica i contenuti in base alle tue preferenze.
Configurazione dell'API User Invitation
Questa pagina spiega come configurare l'API User Invitation di Cloud Identity.
Attivazione dell'API e configurazione delle credenziali
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
Eseguire l'autenticazione come account di servizio con delega a livello di dominio
Se vuoi fornire a un account privilegi a livello di dominio in modo che possa gestire
gli inviti degli utenti per conto degli amministratori, devi autenticarti come account di servizio
e poi concedergli i privilegi a livello di dominio.
L'esempio seguente mostra come creare un'istanza di un client utilizzando le credenziali del account di servizio. Per eseguire l'autenticazione come utente finale, sostituisci l'oggetto
credenziale dell'account di servizio con la credenziale che hai ottenuto in precedenza
nell'articolo Utilizzo di OAuth 2.0 per applicazioni server web.
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-09-04 UTC."],[[["\u003cp\u003eThis page details the setup process for the Cloud Identity User Invitation API, including enabling the API and setting up necessary credentials.\u003c/p\u003e\n"],["\u003cp\u003eYou can install the required Python client library using the provided \u003ccode\u003epip\u003c/code\u003e command for managing the API.\u003c/p\u003e\n"],["\u003cp\u003eFor domain-wide management of user invitations, the guide explains how to authenticate as a service account and delegate the necessary privileges, noting that the audit logs will show the impersonated user as the actor.\u003c/p\u003e\n"],["\u003cp\u003eThe process for instantiating a client using service account credentials is demonstrated with a Python example, which covers setting scopes and creating a service using the \u003ccode\u003egoogleapiclient.discovery\u003c/code\u003e module.\u003c/p\u003e\n"]]],[],null,["# Setting up the User Invitation API\n==================================\n\nThis page explains how to set up the Cloud Identity User Invitation API.\n\nEnabling the API and setting up credentials\n-------------------------------------------\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n\n\n Enable the Cloud Identity API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=cloudidentity.googleapis.com)\n-\n Create a service account:\n\n 1.\n In the Google Cloud console, go to the **Create service account** page.\n\n [Go to Create service account](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create?supportedpurview=project)\n 2. Select your project.\n 3.\n In the **Service account name** field, enter a name. The Google Cloud console fills\n in the **Service account ID** field based on this name.\n\n\n In the **Service account description** field, enter a description. For example,\n `Service account for quickstart`.\n 4. Click **Create and continue**.\n 5.\n Grant the **Project \\\u003e Owner** role to the service account.\n\n\n To grant the role, find the **Select a role** list, then select\n **Project \\\u003e Owner**.\n | **Note** : The **Role** field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a [predefined role](/iam/docs/understanding-roles#predefined_roles) or [custom role](/iam/docs/understanding-custom-roles) that meets your needs.\n 6. Click **Continue**.\n 7.\n Click **Done** to finish creating the service account.\n\n\n Do not close your browser window. You will use it in the next step.\n-\n Create a service account key:\n\n 1. In the Google Cloud console, click the email address for the service account that you created.\n 2. Click **Keys**.\n 3. Click **Add key** , and then click **Create new key**.\n 4. Click **Create**. A JSON key file is downloaded to your computer.\n 5. Click **Close**.\n\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n\n\n Enable the Cloud Identity API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=cloudidentity.googleapis.com)\n-\n Create a service account:\n\n 1.\n In the Google Cloud console, go to the **Create service account** page.\n\n [Go to Create service account](https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create?supportedpurview=project)\n 2. Select your project.\n 3.\n In the **Service account name** field, enter a name. The Google Cloud console fills\n in the **Service account ID** field based on this name.\n\n\n In the **Service account description** field, enter a description. For example,\n `Service account for quickstart`.\n 4. Click **Create and continue**.\n 5.\n Grant the **Project \\\u003e Owner** role to the service account.\n\n\n To grant the role, find the **Select a role** list, then select\n **Project \\\u003e Owner**.\n | **Note** : The **Role** field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a [predefined role](/iam/docs/understanding-roles#predefined_roles) or [custom role](/iam/docs/understanding-custom-roles) that meets your needs.\n 6. Click **Continue**.\n 7.\n Click **Done** to finish creating the service account.\n\n\n Do not close your browser window. You will use it in the next step.\n-\n Create a service account key:\n\n 1. In the Google Cloud console, click the email address for the service account that you created.\n 2. Click **Keys**.\n 3. Click **Add key** , and then click **Create new key**.\n 4. Click **Create**. A JSON key file is downloaded to your computer.\n 5. Click **Close**.\n\n\u003cbr /\u003e\n\nInstalling the Python client library\n------------------------------------\n\nTo install the Python client library, run the following command: \n\n pip install --upgrade google-api-python-client google-auth \\\n google-auth-oauthlib google-auth-httplib2\n\nFor more on setting up your Python development environment, refer to the\n[Python Development Environment Setup Guide](/python/docs/setup).\n\nAuthenticating as a service account with domain-wide delegation\n---------------------------------------------------------------\n\nIf you want to provide an account with domain-wide privileges so it can manage\nuser invitations on behalf of admins, you should authenticate as a service\naccount and then grant it the domain-wide privileges.\n| **Note:** Because domain-wide delegation works by allowing the service account to impersonate an admin user, audit logs will show any service account actions as the user.\n\nSee\n[Delegate domain-wide authority to your service account](https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account)\nfor instructions. You need to provide the following scope to authorize the\nservice account:\n\n- `https://www.googleapis.com/auth/cloud-identity.userinvitations`\n\n### Instantiating a client\n\nThe following example shows how to instantiate a client using service account\ncredentials. To authenticate as an end-user instead, replace the credential\nobject from the service account with the credential you obtained earlier in\n[Using OAuth 2.0 for web server applications](https://developers.google.com/identity/protocols/oauth2/web-server#obtainingaccesstokens). \n\n### Python\n\n from google.oauth2 import service_account\n import googleapiclient.discovery\n\n SCOPES = ['https://www.googleapis.com/auth/cloud-identity.userinvitations']\n SERVICE_ACCOUNT_FILE = '/path/to/service-account-file.json'\n\n def create_service():\n credentials = service_account.Credentials.from_service_account_file(\n SERVICE_ACCOUNT_FILE, scopes=SCOPES)\n delegated_credentials = credentials.with_subject('user@altostrat.com')\n\n service_name = 'cloudidentity'\n api_version = 'v1'\n service = googleapiclient.discovery.build(\n service_name,\n api_version,\n credentials=delegated_credentials)\n\n return service\n\nYou can now begin making calls to the User Invitation API."]]
