How do I install gws-cloudidentity?

Run `npx skills add https://github.com/googleworkspace/cli --skill gws-cloudidentity` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does gws-cloudidentity support?

gws-cloudidentity works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is gws-cloudidentity free to use?

Yes. gws-cloudidentity is free to install and use. It is available from the open explainx.ai skill registry published by googleworkspace.

Where can I read ratings and reviews for gws-cloudidentity?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

Cloud

gws-cloudidentity▌

googleworkspace/cli · updated Apr 8, 2026

$npx skills add https://github.com/googleworkspace/cli --skill gws-cloudidentity

0 commentsdiscussion

summary

Manage Google Cloud Identity groups, devices, memberships, and inbound SSO profiles via CLI.

›Covers six resource categories: customers, devices, groups, inbound OIDC/SAML SSO profiles, and SSO assignments
›Device operations include creation, deletion, wiping, and user management; group operations support CRUD, search, lookup, and security settings
›SSO profile management supports OIDC and SAML configurations with multi-party approval workflows for sensitive actions
›Requires Google W

skill.md

cloudidentity (v1)

PREREQUISITE: Read ../gws-shared/SKILL.md for auth, global flags, and security rules. If missing, run gws generate-skills to create it.

gws cloudidentity <resource> <method> [flags]

API Resources

customers

userinvitations — Operations on the 'userinvitations' resource

devices

cancelWipe — Cancels an unfinished device wipe. This operation can be used to cancel device wipe in the gap between the wipe operation returning success and the device being wiped. This operation is possible when the device is in a "pending wipe" state. The device enters the "pending wipe" state when a wipe device command is issued, but has not yet been sent to the device. The cancel wipe will fail if the wipe command has already been issued to the device.
create — Creates a device. Only company-owned device may be created. Note: This method is available only to customers who have one of the following SKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity Premium
delete — Deletes the specified device.
get — Retrieves the specified device.
list — Lists/Searches devices.
wipe — Wipes all data on the specified device.
deviceUsers — Operations on the 'deviceUsers' resource

groups

create — Creates a Group.
delete — Deletes a Group.
get — Retrieves a Group.
getSecuritySettings — Get Security Settings
list — Lists the Group resources under a customer or namespace.
lookup — Looks up the resource name of a Group by its EntityKey.
patch — Updates a Group.
search — Searches for Group resources matching a specified query.
updateSecuritySettings — Update Security Settings
memberships — Operations on the 'memberships' resource

inboundOidcSsoProfiles

create — Creates an InboundOidcSsoProfile for a customer. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".
delete — Deletes an InboundOidcSsoProfile.
get — Gets an InboundOidcSsoProfile.
list — Lists InboundOidcSsoProfile objects for a Google enterprise customer.
patch — Updates an InboundOidcSsoProfile. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".

inboundSamlSsoProfiles

create — Creates an InboundSamlSsoProfile for a customer. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".
delete — Deletes an InboundSamlSsoProfile.
get — Gets an InboundSamlSsoProfile.
list — Lists InboundSamlSsoProfiles for a customer.
patch — Updates an InboundSamlSsoProfile. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".
idpCredentials — Operations on the 'idpCredentials' resource

inboundSsoAssignments

create — Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit.
delete — Deletes an InboundSsoAssignment. To disable SSO, Create (or Update) an assignment that has sso_mode == SSO_OFF.
get — Gets an InboundSsoAssignment.
list — Lists the InboundSsoAssignments for a Customer.
patch — Updates an InboundSsoAssignment. The body of this request is the inbound_sso_assignment field and the update_mask is relative to that. For example: a PATCH to /v1/inboundSsoAssignments/0abcdefg1234567&update_mask=rank with a body of { "rank": 1 } moves that (presumably group-targeted) SSO assignment to the highest priority and shifts any other group-targeted assignments down in priority.

policies

get — Get a policy.
list — List policies.

Discovering Commands

Before calling any API method, inspect it:

# Browse resources and methods
gws cloudidentity --help

# Inspect a method's required params, types, and defaults
gws schema cloudidentity.<resource>.<method>

Use gws schema output to build your --params and --json flags.

Discussion

Product Hunt–style comments (not star reviews)

No comments yet — start the thread.

general reviews

Ratings

4.7★★★★★40 reviews

★★★★★Pratham Ware· Dec 24, 2024
gws-cloudidentity is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Advait Thompson· Dec 24, 2024
We added gws-cloudidentity from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Naina Huang· Dec 16, 2024
Useful defaults in gws-cloudidentity — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Chen Shah· Dec 12, 2024
gws-cloudidentity reduced setup friction for our internal harness; good balance of opinion and flexibility.
★★★★★Anaya Thompson· Nov 23, 2024
gws-cloudidentity is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Anika Nasser· Nov 15, 2024
Keeps context tight: gws-cloudidentity is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Kabir Thompson· Nov 3, 2024
Registry listing for gws-cloudidentity matched our evaluation — installs cleanly and behaves as described in the markdown.
★★★★★Li Wang· Oct 22, 2024
gws-cloudidentity fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
★★★★★Kofi Lopez· Oct 14, 2024
Useful defaults in gws-cloudidentity — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Anika Park· Oct 6, 2024
gws-cloudidentity has been reliable in day-to-day use. Documentation quality is above average for community skills.

showing 1-10 of 40

1 / 4