Google Workspace Cloud Identity CLI 管理指南：设备、群组与SSO配置

gws-cloudidentity by googleworkspace/cli

568 周安装量

22,300 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/googleworkspace/cli --skill gws-cloudidentity

自动化云服务安全

🇨🇳中文介绍

cloudidentity (v1)

前提条件： 请先阅读 ../gws-shared/SKILL.md 以了解认证、全局标志和安全规则。如果文件缺失，请运行 gws generate-skills 命令来创建它。

gws cloudidentity <resource> <method> [flags]

API 资源

customers

userinvitations — 对 'userinvitations' 资源执行的操作

devices

cancelWipe — 取消一个未完成的设备擦除操作。此操作可用于在擦除操作返回成功与设备被实际擦除之间的间隙取消设备擦除。当设备处于“待擦除”状态时，此操作才可能执行。当发出擦除设备命令但尚未发送到设备时，设备会进入“待擦除”状态。如果擦除命令已发送到设备，取消擦除将会失败。
create — 创建设备。只能创建公司拥有的设备。注意：此方法仅对拥有以下任一 SKU 的客户可用：Enterprise Standard、Enterprise Plus、Enterprise for Education 和 Cloud Identity Premium。

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

inboundOidcSsoProfiles

create — 为客户创建一个 InboundOidcSsoProfile。当目标客户启用了敏感操作的多方审批时，响应中的 Operation 将具有 "done": false，不会有响应体，并且元数据中将包含 "state": "awaiting-multi-party-approval"。
delete — 删除一个 InboundOidcSsoProfile。
get — 获取一个 InboundOidcSsoProfile。
list — 为 Google 企业客户列出 InboundOidcSsoProfile 对象。
patch — 更新一个 InboundOidcSsoProfile。当目标客户启用了敏感操作的多方审批时，响应中的 Operation 将具有 "done": false，不会有响应体，并且元数据中将包含 "state": "awaiting-multi-party-approval"。

inboundSamlSsoProfiles

create — 为客户创建一个 InboundSamlSsoProfile。当目标客户启用了敏感操作的多方审批时，响应中的 Operation 将具有 "done": false，不会有响应体，并且元数据中将包含 "state": "awaiting-multi-party-approval"。
delete — 删除一个 InboundSamlSsoProfile。
get — 获取一个 InboundSamlSsoProfile。
list — 为客户列出 InboundSamlSsoProfiles。
patch — 更新一个 InboundSamlSsoProfile。当目标客户启用了敏感操作的多方审批时，响应中的 Operation 将具有 "done": false，不会有响应体，并且元数据中将包含 "state": "awaiting-multi-party-approval"。
idpCredentials — 对 'idpCredentials' 资源执行的操作

inboundSsoAssignments

create — 为给定 Group 或 OrgUnit 下的 Customer 中的用户和设备创建一个 InboundSsoAssignment。
delete — 删除一个 InboundSsoAssignment。要禁用 SSO，请创建（或更新）一个 sso_mode 为 SSO_OFF 的分配。
get — 获取一个 InboundSsoAssignment。
list — 列出 Customer 的 InboundSsoAssignments。
patch — 更新一个 InboundSsoAssignment。此请求的正文是 inbound_sso_assignment 字段，update_mask 是相对于该字段的。例如：向 /v1/inboundSsoAssignments/0abcdefg1234567&update_mask=rank 发送一个 PATCH 请求，正文为 { "rank": 1 }，会将那个（大概是针对群组的）SSO 分配移动到最高优先级，并将任何其他针对群组的分配优先级降低。

get — 获取一个策略。
list — 列出策略。

在调用任何 API 方法之前，请先检查它：

# 浏览资源和方法
gws cloudidentity --help

# 检查方法的必需参数、类型和默认值
gws schema cloudidentity.<resource>.<method>

使用 gws schema 的输出内容来构建你的 --params 和 --json 标志。

🇺🇸English

cloudidentity (v1)

PREREQUISITE: Read ../gws-shared/SKILL.md for auth, global flags, and security rules. If missing, run gws generate-skills to create it.

gws cloudidentity <resource> <method> [flags]

API Resources

customers

userinvitations — Operations on the 'userinvitations' resource

devices

cancelWipe — Cancels an unfinished device wipe. This operation can be used to cancel device wipe in the gap between the wipe operation returning success and the device being wiped. This operation is possible when the device is in a "pending wipe" state. The device enters the "pending wipe" state when a wipe device command is issued, but has not yet been sent to the device. The cancel wipe will fail if the wipe command has already been issued to the device.
create — Creates a device. Only company-owned device may be created. Note : This method is available only to customers who have one of the following SKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity Premium
delete — Deletes the specified device.
get — Retrieves the specified device.
list — Lists/Searches devices.
wipe — Wipes all data on the specified device.
deviceUsers — Operations on the 'deviceUsers' resource

groups

create — Creates a Group.
delete — Deletes a Group.
get — Retrieves a Group.
getSecuritySettings — Get Security Settings
list — Lists the Group resources under a customer or namespace.
lookup — Looks up the resource name of a Group by its .

inboundOidcSsoProfiles

create — Creates an InboundOidcSsoProfile for a customer. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".
delete — Deletes an InboundOidcSsoProfile.
get — Gets an InboundOidcSsoProfile.
list — Lists InboundOidcSsoProfile objects for a Google enterprise customer.
patch — Updates an InboundOidcSsoProfile. When the target customer has enabled Multi-party approval for sensitive actions, the in the response will have , it will not have a response, and the metadata will have .

inboundSamlSsoProfiles

create — Creates an InboundSamlSsoProfile for a customer. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".
delete — Deletes an InboundSamlSsoProfile.
get — Gets an InboundSamlSsoProfile.
list — Lists InboundSamlSsoProfiles for a customer.
patch — Updates an InboundSamlSsoProfile. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have , it will not have a response, and the metadata will have .

inboundSsoAssignments

create — Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit.
delete — Deletes an InboundSsoAssignment. To disable SSO, Create (or Update) an assignment that has sso_mode == SSO_OFF.
get — Gets an InboundSsoAssignment.
list — Lists the InboundSsoAssignments for a Customer.
patch — Updates an InboundSsoAssignment. The body of this request is the field and the is relative to that. For example: a PATCH to with a body of moves that (presumably group-targeted) SSO assignment to the highest priority and shifts any other group-targeted assignments down in priority.

policies

get — Get a policy.
list — List policies.

Discovering Commands

Before calling any API method, inspect it:

# Browse resources and methods
gws cloudidentity --help

# Inspect a method's required params, types, and defaults
gws schema cloudidentity.<resource>.<method>

Use gws schema output to build your --params and --json flags.

Weekly Installs

568

Repository

googleworkspace/cli

GitHub Stars

22.2K

First Seen

Mar 4, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode553

codex553

gemini-cli551

github-copilot551

cursor551

kimi-cli550

Supabase Postgres 最佳实践指南 - 8大类别性能优化规则与SQL示例

54,100 周安装

patch — Updates a Group.

search — Searches for Group resources matching a specified query.

updateSecuritySettings — Update Security Settings

memberships — Operations on the 'memberships' resource

"state": "awaiting-multi-party-approval"

idpCredentials — Operations on the 'idpCredentials' resource

inbound_sso_assignment

/v1/inboundSsoAssignments/0abcdefg1234567&update_mask=rank

Google Workspace Cloud Identity CLI 管理指南：设备、群组与SSO配置

🇨🇳中文介绍

cloudidentity (v1)

API 资源

customers

devices

相关 Skills

groups

inboundOidcSsoProfiles

inboundSamlSsoProfiles

inboundSsoAssignments

policies

发现命令

🇺🇸English

cloudidentity (v1)

API Resources

customers

devices

groups

inboundOidcSsoProfiles

inboundSamlSsoProfiles

inboundSsoAssignments

policies

Discovering Commands

最新 Skills