API for provisioning and managing identity resources.
Service: cloudidentity.googleapis.com
To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.
Discovery document
A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:
Service endpoint
A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:
https://cloudidentity.googleapis.com
REST Resource: v1beta1.customers.userinvitations
| Methods | |
|---|---|
cancel |
POST /v1beta1/{name=customers/*/userinvitations/*}:cancel Cancels a UserInvitation that was already sent. |
get |
GET /v1beta1/{name=customers/*/userinvitations/*} Retrieves a UserInvitation resource. |
isInvitableUser |
GET /v1beta1/{name=customers/*/userinvitations/*}:isInvitableUser Verifies whether a user account is eligible to receive a UserInvitation (is an unmanaged account). |
list |
GET /v1beta1/{parent=customers/*}/userinvitations Retrieves a list of UserInvitation resources. |
send |
POST /v1beta1/{name=customers/*/userinvitations/*}:send Sends a UserInvitation to email. |
REST Resource: v1beta1.devices
| Methods | |
|---|---|
cancelWipe |
POST /v1beta1/{name=devices/*}:cancelWipe Cancels an unfinished device wipe. |
create |
POST /v1beta1/devices Creates a device. |
delete |
DELETE /v1beta1/{name=devices/*} Deletes the specified device. |
get |
GET /v1beta1/{name=devices/*} Retrieves the specified device. |
list |
GET /v1beta1/devices Lists/Searches devices. |
wipe |
POST /v1beta1/{name=devices/*}:wipe Wipes all data on the specified device. |
REST Resource: v1beta1.devices.deviceUsers
| Methods | |
|---|---|
approve |
POST /v1beta1/{name=devices/*/deviceUsers/*}:approve Approves device to access user data. |
block |
POST /v1beta1/{name=devices/*/deviceUsers/*}:block Blocks device from accessing user data |
cancelWipe |
POST /v1beta1/{name=devices/*/deviceUsers/*}:cancelWipe Cancels an unfinished user account wipe. |
delete |
DELETE /v1beta1/{name=devices/*/deviceUsers/*} Deletes the specified DeviceUser. |
get |
GET /v1beta1/{name=devices/*/deviceUsers/*} Retrieves the specified DeviceUser |
list |
GET /v1beta1/{parent=devices/*}/deviceUsers Lists/Searches DeviceUsers. |
lookup |
GET /v1beta1/{parent=devices/*/deviceUsers}:lookup Looks up resource names of the DeviceUsers associated with the caller's credentials, as well as the properties provided in the request. |
wipe |
POST /v1beta1/{name=devices/*/deviceUsers/*}:wipe Wipes the user's account on a device. |
REST Resource: v1beta1.devices.deviceUsers.clientStates
| Methods | |
|---|---|
get |
GET /v1beta1/{name=devices/*/deviceUsers/*/clientStates/*} Gets the client state for the device user |
patch |
PATCH /v1beta1/{clientState.name=devices/*/deviceUsers/*/clientStates/*} Updates the client state for the device user Note: This method is available only to customers who have one of the following SKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity Premium |
REST Resource: v1beta1.groups
| Methods | |
|---|---|
create |
POST /v1beta1/groups Creates a Group. |
delete |
DELETE /v1beta1/{name=groups/*} Deletes a Group. |
get |
GET /v1beta1/{name=groups/*} Retrieves a Group. |
getSecuritySettings |
GET /v1beta1/{name=groups/*/securitySettings} Get Security Settings |
list |
GET /v1beta1/groups Lists the Group resources under a customer or namespace. |
lookup |
GET /v1beta1/groups:lookup Looks up the resource name of a Group by its EntityKey. |
patch |
PATCH /v1beta1/{resource.name=groups/*} Updates a Group. |
search |
GET /v1beta1/groups:search Searches for Group resources matching a specified query. |
updateSecuritySettings |
PATCH /v1beta1/{securitySettings.name=groups/*/securitySettings} Update Security Settings |
REST Resource: v1beta1.groups.memberships
| Methods | |
|---|---|
checkTransitiveMembership |
GET /v1beta1/{parent=groups/*}/memberships:checkTransitiveMembership Check a potential member for membership in a group. |
create |
POST /v1beta1/{parent=groups/*}/memberships Creates a Membership. |
delete |
DELETE /v1beta1/{name=groups/*/memberships/*} Deletes a Membership. |
get |
GET /v1beta1/{name=groups/*/memberships/*} Retrieves a Membership. |
getMembershipGraph |
GET /v1beta1/{parent=groups/*}/memberships:getMembershipGraph Get a membership graph of just a member or both a member and a group. |
list |
GET /v1beta1/{parent=groups/*}/memberships Lists the Memberships within a Group. |
lookup |
GET /v1beta1/{parent=groups/*}/memberships:lookup Looks up the resource name of a Membership by its EntityKey. |
modifyMembershipRoles |
POST /v1beta1/{name=groups/*/memberships/*}:modifyMembershipRoles Modifies the MembershipRoles of a Membership. |
searchDirectGroups |
GET /v1beta1/{parent=groups/*}/memberships:searchDirectGroups Searches direct groups of a member. |
searchTransitiveGroups |
GET /v1beta1/{parent=groups/*}/memberships:searchTransitiveGroups Search transitive groups of a member. |
searchTransitiveMemberships |
GET /v1beta1/{parent=groups/*}/memberships:searchTransitiveMemberships Search transitive memberships of a group. |
REST Resource: v1beta1.inboundSamlSsoProfiles
| Methods | |
|---|---|
create |
POST /v1beta1/inboundSamlSsoProfiles Creates an InboundSamlSsoProfile for a customer. |
delete |
DELETE /v1beta1/{name=inboundSamlSsoProfiles/*} Deletes an InboundSamlSsoProfile. |
get |
GET /v1beta1/{name=inboundSamlSsoProfiles/*} Gets an InboundSamlSsoProfile. |
list |
GET /v1beta1/inboundSamlSsoProfiles Lists InboundSamlSsoProfiles for a customer. |
patch |
PATCH /v1beta1/{inboundSamlSsoProfile.name=inboundSamlSsoProfiles/*} Updates an InboundSamlSsoProfile. |
REST Resource: v1beta1.inboundSamlSsoProfiles.idpCredentials
| Methods | |
|---|---|
add |
POST /v1beta1/{parent=inboundSamlSsoProfiles/*}/idpCredentials:add Adds an IdpCredential. |
delete |
DELETE /v1beta1/{name=inboundSamlSsoProfiles/*/idpCredentials/*} Deletes an IdpCredential. |
get |
GET /v1beta1/{name=inboundSamlSsoProfiles/*/idpCredentials/*} Gets an IdpCredential. |
list |
GET /v1beta1/{parent=inboundSamlSsoProfiles/*}/idpCredentials Returns a list of IdpCredentials in an InboundSamlSsoProfile. |
REST Resource: v1beta1.inboundSsoAssignments
| Methods | |
|---|---|
create |
POST /v1beta1/inboundSsoAssignments Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit. |
delete |
DELETE /v1beta1/{name=inboundSsoAssignments/*} Deletes an InboundSsoAssignment. |
get |
GET /v1beta1/{name=inboundSsoAssignments/*} Gets an InboundSsoAssignment. |
list |
GET /v1beta1/inboundSsoAssignments Lists the InboundSsoAssignments for a Customer. |
patch |
PATCH /v1beta1/{inboundSsoAssignment.name=inboundSsoAssignments/*} Updates an InboundSsoAssignment. |
REST Resource: v1beta1.orgUnits.memberships
| Methods | |
|---|---|
list |
GET /v1beta1/{parent=orgUnits/*}/memberships List OrgMembership resources in an OrgUnit treated as 'parent'. |
move |
POST /v1beta1/{name=orgUnits/*/memberships/*}:move Move an OrgMembership to a new OrgUnit. |
REST Resource: v1beta1.policies
| Methods | |
|---|---|
get |
GET /v1beta1/{name=policies/*} Get a policy |
list |
GET /v1beta1/policies List policies |
REST Resource: v1.customers.userinvitations
| Methods | |
|---|---|
cancel |
POST /v1/{name=customers/*/userinvitations/*}:cancel Cancels a UserInvitation that was already sent. |
get |
GET /v1/{name=customers/*/userinvitations/*} Retrieves a UserInvitation resource. |
isInvitableUser |
GET /v1/{name=customers/*/userinvitations/*}:isInvitableUser Verifies whether a user account is eligible to receive a UserInvitation (is an unmanaged account). |
list |
GET /v1/{parent=customers/*}/userinvitations Retrieves a list of UserInvitation resources. |
send |
POST /v1/{name=customers/*/userinvitations/*}:send Sends a UserInvitation to email. |
REST Resource: v1.devices
| Methods | |
|---|---|
cancelWipe |
POST /v1/{name=devices/*}:cancelWipe Cancels an unfinished device wipe. |
create |
POST /v1/devices Creates a device. |
delete |
DELETE /v1/{name=devices/*} Deletes the specified device. |
get |
GET /v1/{name=devices/*} Retrieves the specified device. |
list |
GET /v1/devices Lists/Searches devices. |
wipe |
POST /v1/{name=devices/*}:wipe Wipes all data on the specified device. |
REST Resource: v1.devices.deviceUsers
| Methods | |
|---|---|
approve |
POST /v1/{name=devices/*/deviceUsers/*}:approve Approves device to access user data. |
block |
POST /v1/{name=devices/*/deviceUsers/*}:block Blocks device from accessing user data |
cancelWipe |
POST /v1/{name=devices/*/deviceUsers/*}:cancelWipe Cancels an unfinished user account wipe. |
delete |
DELETE /v1/{name=devices/*/deviceUsers/*} Deletes the specified DeviceUser. |
get |
GET /v1/{name=devices/*/deviceUsers/*} Retrieves the specified DeviceUser |
list |
GET /v1/{parent=devices/*}/deviceUsers Lists/Searches DeviceUsers. |
lookup |
GET /v1/{parent=devices/*/deviceUsers}:lookup Looks up resource names of the DeviceUsers associated with the caller's credentials, as well as the properties provided in the request. |
wipe |
POST /v1/{name=devices/*/deviceUsers/*}:wipe Wipes the user's account on a device. |
REST Resource: v1.devices.deviceUsers.clientStates
| Methods | |
|---|---|
get |
GET /v1/{name=devices/*/deviceUsers/*/clientStates/*} Gets the client state for the device user |
list |
GET /v1/{parent=devices/*/deviceUsers/*}/clientStates Lists the client states for the given search query. |
patch |
PATCH /v1/{clientState.name=devices/*/deviceUsers/*/clientStates/*} Updates the client state for the device user Note: This method is available only to customers who have one of the following SKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity Premium |
REST Resource: v1.groups
| Methods | |
|---|---|
create |
POST /v1/groups Creates a Group. |
delete |
DELETE /v1/{name=groups/*} Deletes a Group. |
get |
GET /v1/{name=groups/*} Retrieves a Group. |
getSecuritySettings |
GET /v1/{name=groups/*/securitySettings} Get Security Settings |
list |
GET /v1/groups Lists the Group resources under a customer or namespace. |
lookup |
GET /v1/groups:lookup Looks up the resource name of a Group by its EntityKey. |
patch |
PATCH /v1/{resource.name=groups/*} Updates a Group. |
search |
GET /v1/groups:search Searches for Group resources matching a specified query. |
updateSecuritySettings |
PATCH /v1/{securitySettings.name=groups/*/securitySettings} Update Security Settings |
REST Resource: v1.groups.memberships
| Methods | |
|---|---|
checkTransitiveMembership |
GET /v1/{parent=groups/*}/memberships:checkTransitiveMembership Check a potential member for membership in a group. |
create |
POST /v1/{parent=groups/*}/memberships Creates a Membership. |
delete |
DELETE /v1/{name=groups/*/memberships/*} Deletes a Membership. |
get |
GET /v1/{name=groups/*/memberships/*} Retrieves a Membership. |
getMembershipGraph |
GET /v1/{parent=groups/*}/memberships:getMembershipGraph Get a membership graph of just a member or both a member and a group. |
list |
GET /v1/{parent=groups/*}/memberships Lists the Memberships within a Group. |
lookup |
GET /v1/{parent=groups/*}/memberships:lookup Looks up the resource name of a Membership by its EntityKey. |
modifyMembershipRoles |
POST /v1/{name=groups/*/memberships/*}:modifyMembershipRoles Modifies the MembershipRoles of a Membership. |
searchDirectGroups |
GET /v1/{parent=groups/*}/memberships:searchDirectGroups Searches direct groups of a member. |
searchTransitiveGroups |
GET /v1/{parent=groups/*}/memberships:searchTransitiveGroups Search transitive groups of a member. |
searchTransitiveMemberships |
GET /v1/{parent=groups/*}/memberships:searchTransitiveMemberships Search transitive memberships of a group. |
REST Resource: v1.inboundSamlSsoProfiles
| Methods | |
|---|---|
create |
POST /v1/inboundSamlSsoProfiles Creates an InboundSamlSsoProfile for a customer. |
delete |
DELETE /v1/{name=inboundSamlSsoProfiles/*} Deletes an InboundSamlSsoProfile. |
get |
GET /v1/{name=inboundSamlSsoProfiles/*} Gets an InboundSamlSsoProfile. |
list |
GET /v1/inboundSamlSsoProfiles Lists InboundSamlSsoProfiles for a customer. |
patch |
PATCH /v1/{inboundSamlSsoProfile.name=inboundSamlSsoProfiles/*} Updates an InboundSamlSsoProfile. |
REST Resource: v1.inboundSamlSsoProfiles.idpCredentials
| Methods | |
|---|---|
add |
POST /v1/{parent=inboundSamlSsoProfiles/*}/idpCredentials:add Adds an IdpCredential. |
delete |
DELETE /v1/{name=inboundSamlSsoProfiles/*/idpCredentials/*} Deletes an IdpCredential. |
get |
GET /v1/{name=inboundSamlSsoProfiles/*/idpCredentials/*} Gets an IdpCredential. |
list |
GET /v1/{parent=inboundSamlSsoProfiles/*}/idpCredentials Returns a list of IdpCredentials in an InboundSamlSsoProfile. |
REST Resource: v1.inboundSsoAssignments
| Methods | |
|---|---|
create |
POST /v1/inboundSsoAssignments Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit. |
delete |
DELETE /v1/{name=inboundSsoAssignments/*} Deletes an InboundSsoAssignment. |
get |
GET /v1/{name=inboundSsoAssignments/*} Gets an InboundSsoAssignment. |
list |
GET /v1/inboundSsoAssignments Lists the InboundSsoAssignments for a Customer. |
patch |
PATCH /v1/{inboundSsoAssignment.name=inboundSsoAssignments/*} Updates an InboundSsoAssignment. |