-
Notifications
You must be signed in to change notification settings - Fork 474
l Cloud Identity Groups
Cloud Identity Group commands operate against regular Google Groups but offer additional functionality such as dynamic groups and group restrictions.
gam create cigroup <email> [name <name>] [description <description>] [dynamic <query>] [makeowner]
Creates a Cloud Identity group. The email argument specifies the email of the group. The name and description arguments specify additional details about the group. The dynamic argument specifies a CEL query which will determine the group membership. Dynamic groups is a premium feature not available to all SKUs. By default the group will be empty. You can add the makeowner argument to add the admin GAM is running with as the group owner.
This example creates a Cloud Identity group
gam create cigroup eng@acme.com name "Engineer Team" description "all engineers"
This example creates a dynamic group. Any user with Sales as their department will be a member of the group
gam create cigroup dyn.sales@acme.com name "Sales (dynamic)" description "members of Sales dept" dynamic "user.organizations.exists(org, org.department=='Sales')"
gam update cigroup <email> [name <name>] [description <description>] [security] [dynamic <query>] [memberrestriction]
Updates settings for a group. The name and description arguments update group details. The security argument marks the group as a Google Security group. MARKING A GROUP AS A SECURITY GROUP CANNOT BE UNDONE. Security groups is a premium feature not available to all SKUs. The dynamic argument changes the CEL query for an existing group. The memberrestriction argument specifies a CEL query which will limit the types of members allowed in the group. Member restrictions is a premium feature not available to all SKUs.
This example makes a group a security group. This is a one-way operation.
gam update cigroup gcp-owners@acme.com security
This example restricts group membership to internal users only. Other groups, external email addresses and service accounts cannot be added or join the group.
gam update cigroup gcp-owners@acme.com memberrestriction "member.type == 1 && member.customer_id == groupCustomerId()"
gam info cigroup <email> [nousers] [nojoindate] [showupdatedate] [membertree] [nosecuritysettings]
Shows information about a given Cloud Identity group. The optional arguments nousers, nojoindate and nosecuritysettings limit what data is output. The optional argument showupdatedate includes additional details about when the members status was last updated. The optional argument membertree displays a tree of inherited group memberships (only available to premium Workspace/Cloud Identity SKUs).
This example displays information about a group.
gam info cigroup gcp-owners@acme.com
gam delete cigroup <email>
Deletes the given group.
This example deletes a group.
gam delete cigroup gcp-owners@acme.com
Need more help? Ask on the GAM Discussion Group
Update History
Installation
- How to Install GAM7
- How to Upgrade GAMADV-XTD3 to GAM7
- How to Upgrade Legacy GAM to GAM7
- How to Update GAM7
- Verifying a GAM7 Build is Legitimate and Official
- Install GAM as Python Library
- GAM7 on Chrome OS Devices
- GAM7 on Android Devices
- Google Network Addresses
- HTTPS Proxy
- SSL Root CA Certificates
- How to Uninstall GAM7
Configuration
- Authorization
- GAM Configuration
- Running GAM7 securely on a Google Compute Engine
- Using GAM7 with a delegated admin service account
- Using GAM7 with a YubiKey
- GAM with minimal GCP rights
Notes and Information
- Upgrade Benefits
- Questions? Visit the GAM Discussion Forum
- GAM Public Chat Room
- Scripts
- Other Resources
- Drive REST API v3
- BNF Syntax
- GAM Return Codes
- Python Regular Expressions
- Rclone
Definitions
Command Processing
- Bulk Processing
- Command Line Parsing
- Command Logging and Progress
- Command data from Google Docs/Sheets/Storage
- CSV Special Characters
- CSV Input Filtering
- CSV Output Filtering
- Meta Commands and File Redirection
- Permission matches
- Tag Replace
- Todrive
Collections
Client Access
- Addresses
- Administrators
- Alert Center
- Aliases
- Calendars
- Calendars - Access
- Calendars - Events
- Chrome Auto Update Expiration Counts
- Chrome Browser Cloud Management
- Chrome Device Needs Attention Counts
- Chrome Installed Apps
- Chrome Policies
- Chrome Printers
- Chrome Profile Management
- Chrome Version Counts
- Chrome Version History
- ChromeOS Devices
- Classroom - Courses
- Classroom - Guardians
- Classroom - Invitations
- Classroom - Membership
- Cloud Channel
- Cloud Identity Devices
- Cloud Identity Groups
- Cloud Identity Groups - Membership
- Cloud Identity Policies
- Cloud Storage
- Context Aware Access Levels
- Customer
- Domains
- Domains - Verification
- Domain People - Contacts & Profiles
- Domain Shared Contacts - Global Address List
- Email Audit Monitor
- Find File Owner
- Google Data Transfers
- Groups
- Groups - Membership
- Inbound SSO
- Licenses
- Mobile Devices
- Organizational Units
- Reports
- Reseller
- Resources
- Send Email
- Schemas
- Shared Drives
- Sites
- Users
- Unmanaged Accounts
- Users - Signout and Turn off 2-Step Verification
- Vault - Takeout
- Version and Help
Special Service Account Access
Service Account Access
- Users - Analytics Admin
- Users - Application Specific Passwords
- Users - Backup Verification Codes
- Users - Calendars
- Users - Calendars - Access
- Users - Calendars - Events
- Users - Chat
- Users - Classification Labels
- Users - Classroom - Profile
- Users - Deprovision
- Users - Contacts
- Users - Contacts - Delegates
- Users - Drive - File Selection
- Users - Drive - Activity/Settings
- Users - Drive - Cleanup
- Users - Drive - Comments
- Users - Drive - Copy/Move
- Users - Drive - Files-Display
- Users - Drive - Files-Manage
- Users - Drive - Orphans
- Users - Drive - Ownership
- Users - Drive - Permissions
- Users - Drive - Query
- Users - Drive - Revisions
- Users - Drive - Shortcuts
- Users - Drive - Transfer
- Users - Forms
- Users - Gmail - Client Side Encryption
- Users - Gmail - Delegates
- Users - Gmail - Filters
- Users - Gmail - Forwarding
- Users - Gmail - Labels
- Users - Gmail - Messages/Threads
- Users - Gmail - Profile
- Users - Gmail - S/MIME
- Users - Gmail - SendAs/Signature/Vacation
- Users - Gmail - Settings
- Users - Group Membership
- Users - Keep
- Users - Looker Studio
- Users - Meet
- Users - Classroom - Profile
- Users - People - Contacts & Profiles
- Users - Photo
- Users - Profile Sharing
- Users - Shared Drives
- Users - Spreadsheets
- Users - Tasks
- Users - Tokens
- Users - YouTube
GAM Tutorials
- Account Auditing
- Calendar Settings
- Chat Bot commands
- Chrome Browser Management
- Chrome Policy Settings
- Context Aware Access levels
- Data Transfers
- Domain Verification
- Google Drive Management
- Group Settings
- Inbound SSO Settings
- Managing Admins
- Managing Classroom
- Managing Custom User Schemas
- Managing Devices
- Managing Organizations
- Managing Product Licenses
- Managing Users, Groups, Aliases, Domains, Mobile and Chrome Devices, and Resource Calendars
- OAuth Authentication Related Commands
- Print Users, Groups, Aliases, Mobile and Chrome OS devices, OUs, Licenses and Reports
- Printers
- Unmanaged Users and Invitations
- User Email Settings
- User Security Settings