REST Resource: locations.workforcePools.providers.scimTenants

Resource: WorkforcePoolProviderScimTenant

Gemini Enterprise only. Represents a SCIM tenant. Used for provisioning and managing identity data (such as Users and Groups) in cross-domain environments.

JSON representation 
{
  "name": string,
  "baseUri": string,
  "state": enum (State),
  "description": string,
  "displayName": string,
  "claimMapping": {
    string: string,
    ...
  },
  "purgeTime": string,
  "serviceAgent": string
}
Fields
name

string

Identifier. Gemini Enterprise only. The resource name of the SCIM Tenant.

Format: locations/{location}/workforcePools/{workforcePool}/providers/ {workforcePoolProvider}/scimTenants/{scim_tenant}
baseUri

string

Output only. Gemini Enterprise only. Represents the base URI as defined in RFC 7644, Section 1.3. Clients must use this as the root address for managing resources under the tenant.

Format: https://iamscim.googleapis.com/{version}/{tenantId}/
state

enum (State)

Output only. Gemini Enterprise only. The state of the tenant.
description

string

Optional. Gemini Enterprise only. The description of the SCIM tenant.

Cannot exceed 256 characters.
displayName

string

Optional. Gemini Enterprise only. The display name of the SCIM tenant.

Cannot exceed 32 characters.
claimMapping

map (key: string, value: string)

Required. Immutable. Agentspace only. Maps SCIM attributes to Cloud de Confiance attributes.

This mapping is used to associate the attributes synced via SCIM with the Cloud de Confiance attributes used in IAM policies for Workforce Identity Federation. SCIM-managed user and group attributes are mapped to google.subject and google.group respectively.

Each key must be a string specifying the Cloud de Confiance IAM attribute to map to. The supported keys are as follows:

  • google.subject: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes.

  • google.group: Group the authenticating user belongs to. You can grant group access to resources using an IAM principalSet binding; access applies to all members of the group.

Each value must be a Common Expression Language expression that maps SCIM user or group attribute to the normalized attribute specified by the corresponding map key.

Example: To map the SCIM user's externalId to google.subject and the SCIM group's externalId to google.group:

{
  "google.subject": "user.externalId",
  "google.group": "group.externalId"
}

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
purgeTime

string (Timestamp format)

Output only. Gemini Enterprise only. The timestamp that represents the time when the SCIM tenant is purged.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
serviceAgent

string

Output only. Service Agent created by SCIM Tenant API. SCIM tokens created under this tenant will be attached to this service agent.

State

Gemini Enterprise only. The current state of the SCIM tenant.

Enums
STATE_UNSPECIFIED Gemini Enterprise only. State unspecified.
ACTIVE Gemini Enterprise only. The tenant is active and may be used to provision users and groups.
DELETED Gemini Enterprise only. The tenant is soft-deleted. Soft-deleted tenants are permanently deleted after approximately 30 days.

Methods

create

 The method google.iam.admin.v1.WorkforcePools.CreateWorkforcePoolProviderScimTenant is not available in Cloud de Confiance by S3NS.

delete

 The method google.iam.admin.v1.WorkforcePools.DeleteWorkforcePoolProviderScimTenant is not available in Cloud de Confiance by S3NS.

get

 The method google.iam.admin.v1.WorkforcePools.GetWorkforcePoolProviderScimTenant is not available in Cloud de Confiance by S3NS.

list

 The method google.iam.admin.v1.WorkforcePools.ListWorkforcePoolProviderScimTenants is not available in Cloud de Confiance by S3NS.

patch

 The method google.iam.admin.v1.WorkforcePools.UpdateWorkforcePoolProviderScimTenant is not available in Cloud de Confiance by S3NS.

undelete

 The method google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProviderScimTenant is not available in Cloud de Confiance by S3NS.