Home/安全与合规/gws-cloudidentity
G

gws-cloudidentity

by @googleworkspacev
4.9(6)

Provides Google Workspace Cloud Identity management, supporting operations on identity resources while adhering to shared authentication and security rules.

Google Cloud IdentityIdentity ManagementSSOAccess ManagementCloud SecurityGitHub
Installation
npx skills add googleworkspace/cli --skill gws-cloudidentity
compare_arrows

Before / After Comparison

1
Before

Manually managing user invitations, devices, and identity settings in the Google Cloud console is complex and inefficient, especially in large-scale user management scenarios.

After

Using the `gws cloudidentity` command to manage Cloud Identity resources via the command-line interface, such as canceling device wipes or listing user invitations, improves management efficiency and automation capabilities.

description SKILL.md

gws-cloudidentity

cloudidentity (v1)

PREREQUISITE: Read ../gws-shared/SKILL.md for auth, global flags, and security rules. If missing, run gws generate-skills to create it.

gws cloudidentity <resource> <method> [flags]

API Resources

customers

  • userinvitations — Operations on the 'userinvitations' resource

devices

  • cancelWipe — Cancels an unfinished device wipe. This operation can be used to cancel device wipe in the gap between the wipe operation returning success and the device being wiped. This operation is possible when the device is in a "pending wipe" state. The device enters the "pending wipe" state when a wipe device command is issued, but has not yet been sent to the device. The cancel wipe will fail if the wipe command has already been issued to the device.

  • create — Creates a device. Only company-owned device may be created. Note: This method is available only to customers who have one of the following SKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity Premium

  • delete — Deletes the specified device.

  • get — Retrieves the specified device.

  • list — Lists/Searches devices.

  • wipe — Wipes all data on the specified device.

  • deviceUsers — Operations on the 'deviceUsers' resource

groups

  • create — Creates a Group.

  • delete — Deletes a Group.

  • get — Retrieves a Group.

  • getSecuritySettings — Get Security Settings

  • list — Lists the Group resources under a customer or namespace.

  • lookup — Looks up the resource name of a Group by its EntityKey.

  • patch — Updates a Group.

  • search — Searches for Group resources matching a specified query.

  • updateSecuritySettings — Update Security Settings

  • memberships — Operations on the 'memberships' resource

inboundOidcSsoProfiles

  • create — Creates an InboundOidcSsoProfile for a customer. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".

  • delete — Deletes an InboundOidcSsoProfile.

  • get — Gets an InboundOidcSsoProfile.

  • list — Lists InboundOidcSsoProfile objects for a Google enterprise customer.

  • patch — Updates an InboundOidcSsoProfile. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".

inboundSamlSsoProfiles

  • create — Creates an InboundSamlSsoProfile for a customer. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".

  • delete — Deletes an InboundSamlSsoProfile.

  • get — Gets an InboundSamlSsoProfile.

  • list — Lists InboundSamlSsoProfiles for a customer.

  • patch — Updates an InboundSamlSsoProfile. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".

  • idpCredentials — Operations on the 'idpCredentials' resource

inboundSsoAssignments

  • create — Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit.

  • delete — Deletes an InboundSsoAssignment. To disable SSO, Create (or Update) an assignment that has sso_mode == SSO_OFF.

  • get — Gets an InboundSsoAssignment.

  • list — Lists the InboundSsoAssignments for a Customer.

  • patch — Updates an InboundSsoAssignment. The body of this request is the inbound_sso_assignment field and the update_mask is relative to that. For example: a PATCH to /v1/inboundSsoAssignments/0abcdefg1234567&update_mask=rank with a body of { "rank": 1 } moves that (presumably group-targeted) SSO assignment to the highest priority and shifts any other group-targeted assignments down in priority.

policies

  • get — Get a policy.

  • list — List policies.

Discovering Commands

Before calling any API method, inspect it:

# Browse resources and methods
gws cloudidentity --help

# Inspect a method's required params, types, and defaults
gws schema cloudidentity.<resource>.<method>

Use gws schema output to build your --params and --json flags. Weekly Installs568Repositorygoogleworkspace/cliGitHub Stars21.4KFirst Seen14 days agoSecurity AuditsGen Agent Trust HubPassSocketPassSnykPassInstalled onopencode553codex553gemini-cli551github-copilot551cursor551kimi-cli550

forumUser Reviews (0)

Write a Review

Effect
Usability
Docs
Compatibility

No reviews yet

Statistics

Installs396
Rating4.9 / 5.0
Version
Updated2026年3月17日
Comparisons1

User Rating

4.9(6)
5
0%
4
0%
3
0%
2
0%
1
0%

Rate this Skill

0.0

Compatible Platforms

🔧Claude Code
🔧OpenClaw
🔧OpenCode
🔧Codex
🔧Gemini CLI
🔧GitHub Copilot
🔧Amp
🔧Kimi CLI

Timeline

Created2026年3月17日
Last Updated2026年3月17日