Admin SDK
Admin SDK has 14 operations in gum's generated catalog. Start with search when you know the task, use describe to inspect request fields and scopes, then dispatch through the command that matches the operation risk class.
| Count | Value |
|---|---|
| Family | Workspace administration |
| Operations | 14 |
| Risk classes | 3 destructive, 6 read, 5 write |
| Auth strategies | 14 byo_oauth |
Start here
gum search "admin sdk"
gum describe admin.directory.groups.get
gum read admin.directory.groups.get --args '{"groupKey":"<groupKey>"}' --output jsonFor write-class operations, gum requires the write command and an explicit write gate:
gum describe admin.directory.groups.insert
gum write admin.directory.groups.insert --allow-write --args '{"email":"<email>"}'For destructive operations, run the call once for a confirmation envelope, review the target, then retry with the returned token:
gum destructive admin.directory.groups.delete --args '{"groupKey":"<groupKey>"}'
gum destructive admin.directory.groups.delete --args '{"groupKey":"<groupKey>"}' --confirmed --token '<confirmation_token>'Auth
Auth strategies in this service: 14 byo_oauth. Authenticate the strategy used by the operation you plan to call.
Bring-your-own OAuth
- In Google Cloud, enable Admin SDK API.
- Configure the OAuth consent screen. Add your Google account as a test user when the app is still in testing mode.
- Create an OAuth client ID with application type
Desktop app. - Add the scopes this service needs to the consent screen.
- Store the client in gum:
printf '%s' "$GOOGLE_OAUTH_CLIENT_SECRET" \
| gum auth use-oauth-client --client-id "$GOOGLE_OAUTH_CLIENT_ID" --secret-stdin- Authorize this service:
gum login --service admin- Verify the grant before dispatch:
gum auth status --scopes admin.directory.group,admin.directory.group.member,admin.directory.group.member.readonly,admin.directory.group.readonly,admin.directory.user,admin.directory.user.readonly
gum describe admin.directory.groups.getScopes used by these operations:
https://www.googleapis.com/auth/admin.directory.grouphttps://www.googleapis.com/auth/admin.directory.group.memberhttps://www.googleapis.com/auth/admin.directory.group.member.readonlyhttps://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/admin.directory.userhttps://www.googleapis.com/auth/admin.directory.user.readonly
Service setup notes: Admin SDK auth guide.
Operations
| Operation | Risk | Auth | Summary |
|---|---|---|---|
admin.directory.groups.delete |
destructive |
byo_oauth |
Delete a Workspace group. Destructive — requires confirmation per §6.1. |
admin.directory.groups.get |
read |
byo_oauth |
Fetch a single directory group by key (groupKey = id or email). |
admin.directory.groups.insert |
write |
byo_oauth |
Create a new Workspace group (args.body: email, name, description). |
admin.directory.groups.list |
read |
byo_oauth |
List the directory groups in the customer's Google Workspace. |
admin.directory.groups.update |
write |
byo_oauth |
Update a Workspace group by groupKey. |
admin.directory.members.delete |
destructive |
byo_oauth |
Remove a member from a Workspace group. Destructive — requires confirmation per §6.1. |
admin.directory.members.get |
read |
byo_oauth |
Fetch a single member of a Workspace directory group. |
admin.directory.members.insert |
write |
byo_oauth |
Add a member to a Workspace group (args.body: email, role). |
admin.directory.members.list |
read |
byo_oauth |
List the members of a Workspace directory group. |
admin.directory.users.delete |
destructive |
byo_oauth |
Delete a Workspace user account. Destructive — requires confirmation per §6.1. |
admin.directory.users.get |
read |
byo_oauth |
Fetch a single directory user account by key (userKey = id, primaryEmail, or alias). |
admin.directory.users.insert |
write |
byo_oauth |
Create a new Workspace user account (args.body: primaryEmail, name, password, …). |
admin.directory.users.list |
read |
byo_oauth |
List the directory user accounts in the customer's Google Workspace. |
admin.directory.users.update |
write |
byo_oauth |
Update a Workspace user account by userKey. |
Next
- Use API workflows for search, describe, invoke, and error handling.
- Use Auth guides for service-specific Google setup.
- Use Command index for CLI flags and generated help.