-
Notifications
You must be signed in to change notification settings - Fork 473
Cloud Identity Groups
Cloud Identity Group commands operate against regular Google Groups but offer additional functionality such as dynamic groups and group restrictions.
gam create cigroup <email> [name <name>] [description <description>] [dynamic <query>] [makeowner]
Creates a Cloud Identity group. The email argument specifies the email of the group. The name and description arguments specify additional details about the group. The dynamic argument specifies a CEL query which will determine the group membership. Dynamic groups is a premium feature not available to all SKUs. By default the group will be empty. You can add the makeowner argument to add the admin GAM is running with as the group owner.
This example creates a Cloud Identity group
gam create cigroup [email protected] name "Engineer Team" description "all engineers"
This example creates a dynamic group. Any user with Sales as their department will be a member of the group
gam create cigroup [email protected] name "Sales (dynamic)" description "members of Sales dept" dynamic "user.organizations.exists(org, org.department=='Sales')"
gam update cigroup <email> [name <name>] [description <description>] [security] [dynamic <query>] [memberrestriction]
Updates settings for a group. The name and description arguments update group details. The security argument marks the group as a Google Security group. MARKING A GROUP AS A SECURITY GROUP CANNOT BE UNDONE. Security groups is a premium feature not available to all SKUs. The dynamic argument changes the CEL query for an existing group. The memberrestriction argument specifies a CEL query which will limit the types of members allowed in the group. Member restrictions is a premium feature not available to all SKUs.
This example makes a group a security group. This is a one-way operation.
gam update cigroup [email protected] security
This example restricts group membership to internal users only. Other groups, external email addresses and service accounts cannot be added or join the group.
gam update cigroup [email protected] memberrestriction "member.type == 1 && member.customer_id == groupCustomerId()"
gam info cigroup <email> [nousers] [nojoindate] [showupdatedate] [membertree] [nosecuritysettings]
Shows information about a given Cloud Identity group. The optional arguments nousers, nojoindate and nosecuritysettings limit what data is output. The optional argument showupdatedate includes additional details about when the members status was last updated. The optional argument membertree displays a tree of inherited group memberships (only available to premium Workspace/Cloud Identity SKUs).
This example displays information about a group.
gam info cigroup [email protected]
gam delete cigroup <email>
Deletes the given group.
This example deletes a group.
gam delete cigroup [email protected]
Need more help? Ask on the GAM Discussion Group
GAM Basics
GAM Tutorials
- Managing Users, Groups, Aliases, Domains, Mobile and Chrome Devices, and Resource Calendars
- Group Settings
- Data Transfers
- Print Users, Groups, Aliases, Mobile and Chrome OS devices, OUs, Licenses and Reports
- Managing Custom User Schemas
- User Email Settings
- User Security Settings
- Managing Classroom
- Managing Devices
- Chrome Policy Settings
- Chrome Browser Management
- Calendar Settings
- Unmanaged Users and Invitations
- Google Drive Management
- Inbound SSO Settings
- Managing Admins
- Domain Verification
- Printers
- Managing Product Licenses
- Context Aware Access levels
- Managing Organizations
- OAuth Authentication Related Commands
- Vault / Takeout Commands
- Bulk Operations
GAM Command Reference
Resources
- Questions? Visit the GAM Discussion Forum
- How to run GAM on Chromebooks / Chrome OS and Android devices.
- Setting up GAM on Google Cloud Platform (GCP)
- Running GAM on Google Compute Engine (GCE) VMs Securly
- Using GAM with a Delegated Admin Service Account (DASA)
- Use a YubiKey for Service Account Authentication
- Verify a GAM Install is Official and Legimate