{
	"id": "2d846ae3-62e8-41f7-ba53-5e7b7cea0639",
	"created_at": "2026-04-06T00:14:43.031791Z",
	"updated_at": "2026-04-10T03:20:30.098645Z",
	"deleted_at": null,
	"sha1_hash": "d4c8b713bb0eb660617f2cf5810a265a24bbf32b",
	"title": "Cloud Identity API  |  Google Cloud Documentation",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 166801,
	"plain_text": "Cloud Identity API  |  Google Cloud Documentation\r\nArchived: 2026-04-05 19:26:09 UTC\r\nAPI for provisioning and managing identity resources.\r\nService: cloudidentity.googleapis.com\r\nTo call this service, we recommend that you use the Google-provided client libraries. If your application needs to\r\nuse your own libraries to call this service, use the following information when you make the API requests.\r\nDiscovery document\r\nA Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used\r\nto build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide\r\nmultiple discovery documents. This service provides the following discovery documents:\r\nhttps://cloudidentity.googleapis.com/$discovery/rest?version=v1\r\nhttps://cloudidentity.googleapis.com/$discovery/rest?version=v1beta1\r\nService endpoint\r\nA service endpoint is a base URL that specifies the network address of an API service. One service might have\r\nmultiple service endpoints. This service has the following service endpoint and all URIs below are relative to this\r\nservice endpoint:\r\nhttps://cloudidentity.googleapis.com\r\nREST Resource: v1beta1.customers.userinvitations\r\nMethods\r\ncancel\r\nPOST /v1beta1/{name=customers/*/userinvitations/*}:cancel\r\nCancels a UserInvitation that was already sent.\r\nget\r\nGET /v1beta1/{name=customers/*/userinvitations/*}\r\nRetrieves a UserInvitation resource.\r\nisInvitableUser\r\nGET /v1beta1/{name=customers/*/userinvitations/*}:isInvitableUser\r\nVerifies whether a user account is eligible to receive a UserInvitation (is an\r\nunmanaged account).\r\nlist\r\nGET /v1beta1/{parent=customers/*}/userinvitations\r\nRetrieves a list of UserInvitation resources.\r\nhttps://cloud.google.com/identity/docs/reference/rest\r\nPage 1 of 9\n\nMethods\r\nsend\r\nPOST /v1beta1/{name=customers/*/userinvitations/*}:send\r\nSends a UserInvitation to email.\r\nREST Resource: v1beta1.devices\r\nMethods\r\ncancelWipe\r\nPOST /v1beta1/{name=devices/*}:cancelWipe\r\nCancels an unfinished device wipe.\r\ncreate\r\nPOST /v1beta1/devices\r\nCreates a device.\r\ndelete\r\nDELETE /v1beta1/{name=devices/*}\r\nDeletes the specified device.\r\nget\r\nGET /v1beta1/{name=devices/*}\r\nRetrieves the specified device.\r\nlist\r\nGET /v1beta1/devices\r\nLists/Searches devices.\r\nwipe\r\nPOST /v1beta1/{name=devices/*}:wipe\r\nWipes all data on the specified device.\r\nREST Resource: v1beta1.devices.deviceUsers\r\nMethods\r\napprove\r\nPOST /v1beta1/{name=devices/*/deviceUsers/*}:approve\r\nApproves device to access user data.\r\nblock\r\nPOST /v1beta1/{name=devices/*/deviceUsers/*}:block\r\nBlocks device from accessing user data\r\ncancelWipe\r\nPOST /v1beta1/{name=devices/*/deviceUsers/*}:cancelWipe\r\nCancels an unfinished user account wipe.\r\ndelete\r\nDELETE /v1beta1/{name=devices/*/deviceUsers/*}\r\nDeletes the specified DeviceUser.\r\nget\r\nGET /v1beta1/{name=devices/*/deviceUsers/*}\r\nRetrieves the specified DeviceUser\r\nhttps://cloud.google.com/identity/docs/reference/rest\r\nPage 2 of 9\n\nMethods\r\nlist\r\nGET /v1beta1/{parent=devices/*}/deviceUsers\r\nLists/Searches DeviceUsers.\r\nlookup\r\nGET /v1beta1/{parent=devices/*/deviceUsers}:lookup\r\nLooks up resource names of the DeviceUsers associated with the caller's\r\ncredentials, as well as the properties provided in the request.\r\nwipe\r\nPOST /v1beta1/{name=devices/*/deviceUsers/*}:wipe\r\nWipes the user's account on a device.\r\nREST Resource: v1beta1.devices.deviceUsers.clientStates\r\nMethods\r\nget\r\nGET /v1beta1/{name=devices/*/deviceUsers/*/clientStates/*}\r\nGets the client state for the device user\r\npatch\r\nPATCH\r\n/v1beta1/{clientState.name=devices/*/deviceUsers/*/clientStates/*}\r\nUpdates the client state for the device user\r\nNote: This method is available only to customers who have one of the following\r\nSKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud\r\nIdentity Premium\r\nREST Resource: v1beta1.groups\r\nMethods\r\ncreate\r\nPOST /v1beta1/groups\r\nCreates a Group .\r\ndelete\r\nDELETE /v1beta1/{name=groups/*}\r\nDeletes a Group .\r\nget\r\nGET /v1beta1/{name=groups/*}\r\nRetrieves a Group .\r\ngetSecuritySettings\r\nGET /v1beta1/{name=groups/*/securitySettings}\r\nGet Security Settings\r\nhttps://cloud.google.com/identity/docs/reference/rest\r\nPage 3 of 9\n\nMethods\r\nlist\r\nGET /v1beta1/groups\r\nLists the Group resources under a customer or namespace.\r\nlookup\r\nGET /v1beta1/groups:lookup\r\nLooks up the resource name of a Group by its EntityKey .\r\npatch\r\nPATCH /v1beta1/{resource.name=groups/*}\r\nUpdates a Group .\r\nsearch\r\nGET /v1beta1/groups:search\r\nSearches for Group resources matching a specified query.\r\nupdateSecuritySettings\r\nPATCH /v1beta1/{securitySettings.name=groups/*/securitySettings}\r\nUpdate Security Settings\r\nREST Resource: v1beta1.groups.memberships\r\nMethods\r\ncheckTransitiveMembership\r\nGET\r\n/v1beta1/{parent=groups/*}/memberships:checkTransitiveMembership\r\nCheck a potential member for membership in a group.\r\ncreate\r\nPOST /v1beta1/{parent=groups/*}/memberships\r\nCreates a Membership .\r\ndelete\r\nDELETE /v1beta1/{name=groups/*/memberships/*}\r\nDeletes a Membership .\r\nget\r\nGET /v1beta1/{name=groups/*/memberships/*}\r\nRetrieves a Membership .\r\ngetMembershipGraph\r\nGET /v1beta1/{parent=groups/*}/memberships:getMembershipGraph\r\nGet a membership graph of just a member or both a member and a group.\r\nlist\r\nGET /v1beta1/{parent=groups/*}/memberships\r\nLists the Membership s within a Group .\r\nlookup\r\nGET /v1beta1/{parent=groups/*}/memberships:lookup\r\nLooks up the resource name of a Membership by its EntityKey .\r\nmodifyMembershipRoles\r\nPOST /v1beta1/{name=groups/*/memberships/*}:modifyMembershipRoles\r\nModifies the MembershipRole s of a Membership .\r\nhttps://cloud.google.com/identity/docs/reference/rest\r\nPage 4 of 9\n\nMethods\r\nsearchDirectGroups\r\nGET /v1beta1/{parent=groups/*}/memberships:searchDirectGroups\r\nSearches direct groups of a member.\r\nsearchTransitiveGroups\r\nGET /v1beta1/{parent=groups/*}/memberships:searchTransitiveGroups\r\nSearch transitive groups of a member.\r\nsearchTransitiveMemberships\r\nGET\r\n/v1beta1/{parent=groups/*}/memberships:searchTransitiveMemberships\r\nSearch transitive memberships of a group.\r\nREST Resource: v1beta1.inboundOidcSsoProfiles\r\nREST Resource: v1beta1.inboundSamlSsoProfiles\r\nREST Resource: v1beta1.inboundSamlSsoProfiles.idpCredentials\r\nREST Resource: v1beta1.inboundSsoAssignments\r\nREST Resource: v1beta1.orgUnits.memberships\r\nMethods\r\nlist\r\nGET /v1beta1/{parent=orgUnits/*}/memberships\r\nList OrgMembership resources in an OrgUnit treated as 'parent'.\r\nmove\r\nPOST /v1beta1/{name=orgUnits/*/memberships/*}:move\r\nMove an OrgMembership to a new OrgUnit.\r\nREST Resource: v1beta1.policies\r\nMethods\r\ncreate\r\nPOST /v1beta1/policies\r\nCreate a policy.\r\ndelete\r\nDELETE /v1beta1/{name=policies/*}\r\nDelete a policy.\r\nget\r\nGET /v1beta1/{name=policies/*}\r\nGet a policy.\r\nlist\r\nGET /v1beta1/policies\r\nList policies.\r\nhttps://cloud.google.com/identity/docs/reference/rest\r\nPage 5 of 9\n\nMethods\r\npatch\r\nPATCH /v1beta1/{policy.name=policies/*}\r\nUpdate a policy.\r\nREST Resource: v1.customers.userinvitations\r\nMethods\r\ncancel\r\nPOST /v1/{name=customers/*/userinvitations/*}:cancel\r\nCancels a UserInvitation that was already sent.\r\nget\r\nGET /v1/{name=customers/*/userinvitations/*}\r\nRetrieves a UserInvitation resource.\r\nisInvitableUser\r\nGET /v1/{name=customers/*/userinvitations/*}:isInvitableUser\r\nVerifies whether a user account is eligible to receive a UserInvitation (is an\r\nunmanaged account).\r\nlist\r\nGET /v1/{parent=customers/*}/userinvitations\r\nRetrieves a list of UserInvitation resources.\r\nsend\r\nPOST /v1/{name=customers/*/userinvitations/*}:send\r\nSends a UserInvitation to email.\r\nREST Resource: v1.devices\r\nMethods\r\ncancelWipe\r\nPOST /v1/{name=devices/*}:cancelWipe\r\nCancels an unfinished device wipe.\r\ncreate\r\nPOST /v1/devices\r\nCreates a device.\r\ndelete\r\nDELETE /v1/{name=devices/*}\r\nDeletes the specified device.\r\nget\r\nGET /v1/{name=devices/*}\r\nRetrieves the specified device.\r\nlist\r\nGET /v1/devices\r\nLists/Searches devices.\r\nwipe\r\nPOST /v1/{name=devices/*}:wipe\r\nWipes all data on the specified device.\r\nhttps://cloud.google.com/identity/docs/reference/rest\r\nPage 6 of 9\n\nREST Resource: v1.devices.deviceUsers\r\nMethods\r\napprove\r\nPOST /v1/{name=devices/*/deviceUsers/*}:approve\r\nApproves device to access user data.\r\nblock\r\nPOST /v1/{name=devices/*/deviceUsers/*}:block\r\nBlocks device from accessing user data\r\ncancelWipe\r\nPOST /v1/{name=devices/*/deviceUsers/*}:cancelWipe\r\nCancels an unfinished user account wipe.\r\ndelete\r\nDELETE /v1/{name=devices/*/deviceUsers/*}\r\nDeletes the specified DeviceUser.\r\nget\r\nGET /v1/{name=devices/*/deviceUsers/*}\r\nRetrieves the specified DeviceUser\r\nlist\r\nGET /v1/{parent=devices/*}/deviceUsers\r\nLists/Searches DeviceUsers.\r\nlookup\r\nGET /v1/{parent=devices/*/deviceUsers}:lookup\r\nLooks up resource names of the DeviceUsers associated with the caller's\r\ncredentials, as well as the properties provided in the request.\r\nwipe\r\nPOST /v1/{name=devices/*/deviceUsers/*}:wipe\r\nWipes the user's account on a device.\r\nREST Resource: v1.devices.deviceUsers.clientStates\r\nMethods\r\nget\r\nGET /v1/{name=devices/*/deviceUsers/*/clientStates/*}\r\nGets the client state for the device user\r\nlist\r\nGET /v1/{parent=devices/*/deviceUsers/*}/clientStates\r\nLists the client states for the given search query.\r\npatch\r\nPATCH /v1/{clientState.name=devices/*/deviceUsers/*/clientStates/*}\r\nUpdates the client state for the device user\r\nNote: This method is available only to customers who have one of the following\r\nSKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud\r\nIdentity Premium\r\nhttps://cloud.google.com/identity/docs/reference/rest\r\nPage 7 of 9\n\nREST Resource: v1.groups\r\nMethods\r\ncreate\r\nPOST /v1/groups\r\nCreates a Group.\r\ndelete\r\nDELETE /v1/{name=groups/*}\r\nDeletes a Group .\r\nget\r\nGET /v1/{name=groups/*}\r\nRetrieves a Group .\r\ngetSecuritySettings\r\nGET /v1/{name=groups/*/securitySettings}\r\nGet Security Settings\r\nlist\r\nGET /v1/groups\r\nLists the Group resources under a customer or namespace.\r\nlookup\r\nGET /v1/groups:lookup\r\nLooks up the resource name of a Group by its EntityKey .\r\npatch\r\nPATCH /v1/{resource.name=groups/*}\r\nUpdates a Group .\r\nsearch\r\nGET /v1/groups:search\r\nSearches for Group resources matching a specified query.\r\nupdateSecuritySettings\r\nPATCH /v1/{securitySettings.name=groups/*/securitySettings}\r\nUpdate Security Settings\r\nREST Resource: v1.groups.memberships\r\nMethods\r\ncheckTransitiveMembership\r\nGET /v1/{parent=groups/*}/memberships:checkTransitiveMembership\r\nCheck a potential member for membership in a group.\r\ncreate\r\nPOST /v1/{parent=groups/*}/memberships\r\nCreates a Membership .\r\ndelete\r\nDELETE /v1/{name=groups/*/memberships/*}\r\nDeletes a Membership .\r\nget\r\nGET /v1/{name=groups/*/memberships/*}\r\nRetrieves a Membership .\r\nhttps://cloud.google.com/identity/docs/reference/rest\r\nPage 8 of 9\n\nMethods\r\ngetMembershipGraph\r\nGET /v1/{parent=groups/*}/memberships:getMembershipGraph\r\nGet a membership graph of just a member or both a member and a group.\r\nlist\r\nGET /v1/{parent=groups/*}/memberships\r\nLists the Membership s within a Group .\r\nlookup\r\nGET /v1/{parent=groups/*}/memberships:lookup\r\nLooks up the resource name of a Membership by its EntityKey .\r\nmodifyMembershipRoles\r\nPOST /v1/{name=groups/*/memberships/*}:modifyMembershipRoles\r\nModifies the MembershipRole s of a Membership .\r\nsearchDirectGroups\r\nGET /v1/{parent=groups/*}/memberships:searchDirectGroups\r\nSearches direct groups of a member.\r\nsearchTransitiveGroups\r\nGET /v1/{parent=groups/*}/memberships:searchTransitiveGroups\r\nSearch transitive groups of a member.\r\nsearchTransitiveMemberships\r\nGET\r\n/v1/{parent=groups/*}/memberships:searchTransitiveMemberships\r\nSearch transitive memberships of a group.\r\nREST Resource: v1.inboundOidcSsoProfiles\r\nREST Resource: v1.inboundSamlSsoProfiles\r\nREST Resource: v1.inboundSamlSsoProfiles.idpCredentials\r\nREST Resource: v1.inboundSsoAssignments\r\nREST Resource: v1.policies\r\nMethods\r\nget\r\nGET /v1/{name=policies/*}\r\nGet a policy.\r\nlist\r\nGET /v1/policies\r\nList policies.\r\nSource: https://cloud.google.com/identity/docs/reference/rest\r\nhttps://cloud.google.com/identity/docs/reference/rest\r\nPage 9 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://cloud.google.com/identity/docs/reference/rest"
	],
	"report_names": [
		"rest"
	],
	"threat_actors": [],
	"ts_created_at": 1775434483,
	"ts_updated_at": 1775791230,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d4c8b713bb0eb660617f2cf5810a265a24bbf32b.pdf",
		"text": "https://archive.orkl.eu/d4c8b713bb0eb660617f2cf5810a265a24bbf32b.txt",
		"img": "https://archive.orkl.eu/d4c8b713bb0eb660617f2cf5810a265a24bbf32b.jpg"
	}
}