Cloud Identity API  |  Google Cloud Documentation
Archived: 2026-04-05 19:26:09 UTC
API for provisioning and managing identity resources.
Service: cloudidentity.googleapis.com
To call this service, we recommend that you use the Google-provided client libraries. If your application needs to
use your own libraries to call this service, use the following information when you make the API requests.
Discovery document
A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used
to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide
multiple discovery documents. This service provides the following discovery documents:
https://cloudidentity.googleapis.com/$discovery/rest?version=v1
https://cloudidentity.googleapis.com/$discovery/rest?version=v1beta1
Service endpoint
A service endpoint is a base URL that specifies the network address of an API service. One service might have
multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this
service endpoint:
https://cloudidentity.googleapis.com
REST Resource: v1beta1.customers.userinvitations
Methods
cancel
POST /v1beta1/{name=customers/*/userinvitations/*}:cancel
Cancels a UserInvitation that was already sent.
get
GET /v1beta1/{name=customers/*/userinvitations/*}
Retrieves a UserInvitation resource.
isInvitableUser
GET /v1beta1/{name=customers/*/userinvitations/*}:isInvitableUser
Verifies whether a user account is eligible to receive a UserInvitation (is an
unmanaged account).
list
GET /v1beta1/{parent=customers/*}/userinvitations
Retrieves a list of UserInvitation resources.
https://cloud.google.com/identity/docs/reference/rest
Page 1 of 9

Methods
send
POST /v1beta1/{name=customers/*/userinvitations/*}:send
Sends a UserInvitation to email.
REST Resource: v1beta1.devices
Methods
cancelWipe
POST /v1beta1/{name=devices/*}:cancelWipe
Cancels an unfinished device wipe.
create
POST /v1beta1/devices
Creates a device.
delete
DELETE /v1beta1/{name=devices/*}
Deletes the specified device.
get
GET /v1beta1/{name=devices/*}
Retrieves the specified device.
list
GET /v1beta1/devices
Lists/Searches devices.
wipe
POST /v1beta1/{name=devices/*}:wipe
Wipes all data on the specified device.
REST Resource: v1beta1.devices.deviceUsers
Methods
approve
POST /v1beta1/{name=devices/*/deviceUsers/*}:approve
Approves device to access user data.
block
POST /v1beta1/{name=devices/*/deviceUsers/*}:block
Blocks device from accessing user data
cancelWipe
POST /v1beta1/{name=devices/*/deviceUsers/*}:cancelWipe
Cancels an unfinished user account wipe.
delete
DELETE /v1beta1/{name=devices/*/deviceUsers/*}
Deletes the specified DeviceUser.
get
GET /v1beta1/{name=devices/*/deviceUsers/*}
Retrieves the specified DeviceUser
https://cloud.google.com/identity/docs/reference/rest
Page 2 of 9

Methods
list
GET /v1beta1/{parent=devices/*}/deviceUsers
Lists/Searches DeviceUsers.
lookup
GET /v1beta1/{parent=devices/*/deviceUsers}:lookup
Looks up resource names of the DeviceUsers associated with the caller's
credentials, as well as the properties provided in the request.
wipe
POST /v1beta1/{name=devices/*/deviceUsers/*}:wipe
Wipes the user's account on a device.
REST Resource: v1beta1.devices.deviceUsers.clientStates
Methods
get
GET /v1beta1/{name=devices/*/deviceUsers/*/clientStates/*}
Gets the client state for the device user
patch
PATCH
/v1beta1/{clientState.name=devices/*/deviceUsers/*/clientStates/*}
Updates the client state for the device user
Note: This method is available only to customers who have one of the following
SKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud
Identity Premium
REST Resource: v1beta1.groups
Methods
create
POST /v1beta1/groups
Creates a Group .
delete
DELETE /v1beta1/{name=groups/*}
Deletes a Group .
get
GET /v1beta1/{name=groups/*}
Retrieves a Group .
getSecuritySettings
GET /v1beta1/{name=groups/*/securitySettings}
Get Security Settings
https://cloud.google.com/identity/docs/reference/rest
Page 3 of 9

Methods
list
GET /v1beta1/groups
Lists the Group resources under a customer or namespace.
lookup
GET /v1beta1/groups:lookup
Looks up the resource name of a Group by its EntityKey .
patch
PATCH /v1beta1/{resource.name=groups/*}
Updates a Group .
search
GET /v1beta1/groups:search
Searches for Group resources matching a specified query.
updateSecuritySettings
PATCH /v1beta1/{securitySettings.name=groups/*/securitySettings}
Update Security Settings
REST Resource: v1beta1.groups.memberships
Methods
checkTransitiveMembership
GET
/v1beta1/{parent=groups/*}/memberships:checkTransitiveMembership
Check a potential member for membership in a group.
create
POST /v1beta1/{parent=groups/*}/memberships
Creates a Membership .
delete
DELETE /v1beta1/{name=groups/*/memberships/*}
Deletes a Membership .
get
GET /v1beta1/{name=groups/*/memberships/*}
Retrieves a Membership .
getMembershipGraph
GET /v1beta1/{parent=groups/*}/memberships:getMembershipGraph
Get a membership graph of just a member or both a member and a group.
list
GET /v1beta1/{parent=groups/*}/memberships
Lists the Membership s within a Group .
lookup
GET /v1beta1/{parent=groups/*}/memberships:lookup
Looks up the resource name of a Membership by its EntityKey .
modifyMembershipRoles
POST /v1beta1/{name=groups/*/memberships/*}:modifyMembershipRoles
Modifies the MembershipRole s of a Membership .
https://cloud.google.com/identity/docs/reference/rest
Page 4 of 9

Methods
searchDirectGroups
GET /v1beta1/{parent=groups/*}/memberships:searchDirectGroups
Searches direct groups of a member.
searchTransitiveGroups
GET /v1beta1/{parent=groups/*}/memberships:searchTransitiveGroups
Search transitive groups of a member.
searchTransitiveMemberships
GET
/v1beta1/{parent=groups/*}/memberships:searchTransitiveMemberships
Search transitive memberships of a group.
REST Resource: v1beta1.inboundOidcSsoProfiles
REST Resource: v1beta1.inboundSamlSsoProfiles
REST Resource: v1beta1.inboundSamlSsoProfiles.idpCredentials
REST Resource: v1beta1.inboundSsoAssignments
REST Resource: v1beta1.orgUnits.memberships
Methods
list
GET /v1beta1/{parent=orgUnits/*}/memberships
List OrgMembership resources in an OrgUnit treated as 'parent'.
move
POST /v1beta1/{name=orgUnits/*/memberships/*}:move
Move an OrgMembership to a new OrgUnit.
REST Resource: v1beta1.policies
Methods
create
POST /v1beta1/policies
Create a policy.
delete
DELETE /v1beta1/{name=policies/*}
Delete a policy.
get
GET /v1beta1/{name=policies/*}
Get a policy.
list
GET /v1beta1/policies
List policies.
https://cloud.google.com/identity/docs/reference/rest
Page 5 of 9

Methods
patch
PATCH /v1beta1/{policy.name=policies/*}
Update a policy.
REST Resource: v1.customers.userinvitations
Methods
cancel
POST /v1/{name=customers/*/userinvitations/*}:cancel
Cancels a UserInvitation that was already sent.
get
GET /v1/{name=customers/*/userinvitations/*}
Retrieves a UserInvitation resource.
isInvitableUser
GET /v1/{name=customers/*/userinvitations/*}:isInvitableUser
Verifies whether a user account is eligible to receive a UserInvitation (is an
unmanaged account).
list
GET /v1/{parent=customers/*}/userinvitations
Retrieves a list of UserInvitation resources.
send
POST /v1/{name=customers/*/userinvitations/*}:send
Sends a UserInvitation to email.
REST Resource: v1.devices
Methods
cancelWipe
POST /v1/{name=devices/*}:cancelWipe
Cancels an unfinished device wipe.
create
POST /v1/devices
Creates a device.
delete
DELETE /v1/{name=devices/*}
Deletes the specified device.
get
GET /v1/{name=devices/*}
Retrieves the specified device.
list
GET /v1/devices
Lists/Searches devices.
wipe
POST /v1/{name=devices/*}:wipe
Wipes all data on the specified device.
https://cloud.google.com/identity/docs/reference/rest
Page 6 of 9

REST Resource: v1.devices.deviceUsers
Methods
approve
POST /v1/{name=devices/*/deviceUsers/*}:approve
Approves device to access user data.
block
POST /v1/{name=devices/*/deviceUsers/*}:block
Blocks device from accessing user data
cancelWipe
POST /v1/{name=devices/*/deviceUsers/*}:cancelWipe
Cancels an unfinished user account wipe.
delete
DELETE /v1/{name=devices/*/deviceUsers/*}
Deletes the specified DeviceUser.
get
GET /v1/{name=devices/*/deviceUsers/*}
Retrieves the specified DeviceUser
list
GET /v1/{parent=devices/*}/deviceUsers
Lists/Searches DeviceUsers.
lookup
GET /v1/{parent=devices/*/deviceUsers}:lookup
Looks up resource names of the DeviceUsers associated with the caller's
credentials, as well as the properties provided in the request.
wipe
POST /v1/{name=devices/*/deviceUsers/*}:wipe
Wipes the user's account on a device.
REST Resource: v1.devices.deviceUsers.clientStates
Methods
get
GET /v1/{name=devices/*/deviceUsers/*/clientStates/*}
Gets the client state for the device user
list
GET /v1/{parent=devices/*/deviceUsers/*}/clientStates
Lists the client states for the given search query.
patch
PATCH /v1/{clientState.name=devices/*/deviceUsers/*/clientStates/*}
Updates the client state for the device user
Note: This method is available only to customers who have one of the following
SKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud
Identity Premium
https://cloud.google.com/identity/docs/reference/rest
Page 7 of 9

REST Resource: v1.groups
Methods
create
POST /v1/groups
Creates a Group.
delete
DELETE /v1/{name=groups/*}
Deletes a Group .
get
GET /v1/{name=groups/*}
Retrieves a Group .
getSecuritySettings
GET /v1/{name=groups/*/securitySettings}
Get Security Settings
list
GET /v1/groups
Lists the Group resources under a customer or namespace.
lookup
GET /v1/groups:lookup
Looks up the resource name of a Group by its EntityKey .
patch
PATCH /v1/{resource.name=groups/*}
Updates a Group .
search
GET /v1/groups:search
Searches for Group resources matching a specified query.
updateSecuritySettings
PATCH /v1/{securitySettings.name=groups/*/securitySettings}
Update Security Settings
REST Resource: v1.groups.memberships
Methods
checkTransitiveMembership
GET /v1/{parent=groups/*}/memberships:checkTransitiveMembership
Check a potential member for membership in a group.
create
POST /v1/{parent=groups/*}/memberships
Creates a Membership .
delete
DELETE /v1/{name=groups/*/memberships/*}
Deletes a Membership .
get
GET /v1/{name=groups/*/memberships/*}
Retrieves a Membership .
https://cloud.google.com/identity/docs/reference/rest
Page 8 of 9

Methods
getMembershipGraph
GET /v1/{parent=groups/*}/memberships:getMembershipGraph
Get a membership graph of just a member or both a member and a group.
list
GET /v1/{parent=groups/*}/memberships
Lists the Membership s within a Group .
lookup
GET /v1/{parent=groups/*}/memberships:lookup
Looks up the resource name of a Membership by its EntityKey .
modifyMembershipRoles
POST /v1/{name=groups/*/memberships/*}:modifyMembershipRoles
Modifies the MembershipRole s of a Membership .
searchDirectGroups
GET /v1/{parent=groups/*}/memberships:searchDirectGroups
Searches direct groups of a member.
searchTransitiveGroups
GET /v1/{parent=groups/*}/memberships:searchTransitiveGroups
Search transitive groups of a member.
searchTransitiveMemberships
GET
/v1/{parent=groups/*}/memberships:searchTransitiveMemberships
Search transitive memberships of a group.
REST Resource: v1.inboundOidcSsoProfiles
REST Resource: v1.inboundSamlSsoProfiles
REST Resource: v1.inboundSamlSsoProfiles.idpCredentials
REST Resource: v1.inboundSsoAssignments
REST Resource: v1.policies
Methods
get
GET /v1/{name=policies/*}
Get a policy.
list
GET /v1/policies
List policies.
Source: https://cloud.google.com/identity/docs/reference/rest
https://cloud.google.com/identity/docs/reference/rest
Page 9 of 9