Admin SDK API

Name: Admin SDK API API
Brand: Admin SDK API
Availability: InStock

✓ Official Vendor SpecIdentity AuthDirectory Servicesoauth2123 EndpointsREST

For Agents

Manage Google Workspace users, groups, organisational units, and devices through the Admin SDK Directory API so an agent can automate provisioning, deprovisioning, and device administration.

Quickstart

Get started with Admin SDK API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a google workspace user"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Admin SDK API API.

Provision and deprovision Workspace user accounts, including aliases, photos, and password updates

Manage groups and group memberships, with support for nested groups and dynamic membership signals

Move users between organisational units to apply policies based on team or location

List and command ChromeOS and mobile devices, including remote wipe and OS update enforcement

GET STARTED

Start building with Admin SDK API API

Explore with Jentic

View OpenAPI Spec

Use for: I need to create a new Workspace user with a temporary password, List all groups in the marketing organisational unit, Add a user to the engineering-leads@example.com group, Suspend a user account immediately when an offboarding ticket is filed

Not supported: Does not handle Gmail message access, Drive file content, or Google Cloud IAM grants — use for Workspace directory, device, and role-assignment management only.

The Admin SDK API gives Google Workspace administrators programmatic control over their domains. The Directory surface manages users, groups, group members, organisational units, role assignments, mobile devices, ChromeOS devices, building and resource calendars, and domain aliases. Companion surfaces (Reports and Data Transfer) provide audit and usage reports and orchestrate user-data hand-offs during offboarding. Workspace ops teams use it to automate joiner-mover-leaver workflows, enforce device policies, and feed identity data into downstream HR and security tooling.

Use Cases

Patterns agents use Admin SDK API API for, with concrete tasks.

★ Joiner-Mover-Leaver Automation

An IT team automates the full Workspace lifecycle from a central HR signal. Users.insert provisions accounts, members.insert adds them to the right groups, users.update.orgUnitPath moves them between OUs, and users.update with suspended=true deprovisions on exit. Each step is idempotent so reruns recover gracefully when an HR webhook is delivered twice.

Given an HR offboarding event for jane@example.com, set the user to suspended=true, remove from all groups, transfer Drive ownership to her manager, and revoke OAuth tokens.

ChromeOS Fleet Management

A school district manages thousands of ChromeOS devices through the Admin SDK. The chromeosdevices endpoints list devices, move them between OUs, and issue commands such as REMOTE_POWERWASH or DEVICE_FETCH_LOGS, letting central IT respond to lost devices and incident tickets without classroom visits.

List ChromeOS devices in OU /Students that have not synced in 14 days, and issue a DEVICE_FETCH_LOGS command on each.

Group Membership Audits

A security team audits sensitive groups (such as billing-admins@example.com) every week. Groups.list and members.list enumerate group composition, and the team compares the result against an HR system of record to flag stale memberships and missing approvals.

List all members of billing-admins@example.com, diff against the approved roster in HR, and emit a Slack message naming members that should be removed.

Calendar Resource Provisioning

A facilities team registers new meeting rooms and shared resources so they appear in Google Calendar. The resources.calendars and resources.buildings endpoints define each room's name, capacity, features, and parent building so users can book them directly from Calendar.

Create a calendar resource 'Helsinki-Sauna' under building HEL with capacity 4, then add the feature 'sauna' and verify the resource appears in /admin/directory/v1/customer/my_customer/resources/calendars.

AI Agent Workspace Operations

An AI agent embedded in the IT helpdesk handles common Workspace tasks through Jentic. The agent processes tickets such as 'reset my colleague's password' or 'add me to the analytics group', calling the Admin SDK with scoped credentials and replying with the change confirmation.

Given the ticket 'add bob@example.com to data-readers', call members.insert with groupKey=data-readers@example.com and email=bob@example.com, then reply with the new member ID.

Key Endpoints

123 endpoints — the admin sdk api gives google workspace administrators programmatic control over their domains.

METHOD

PATH

DESCRIPTION

GET

/admin/directory/v1/users

List Workspace users in the customer domain

POST

/admin/directory/v1/users

Create a new Workspace user

GET

/admin/directory/v1/groups

List groups in the customer domain

POST

/admin/directory/v1/groups/{groupKey}/members

Add a member to a group

POST

/admin/directory/v1/customer/{customerId}/devices/chromeos/{deviceId}:issueCommand

Issue a command (e.g., remote powerwash) to a ChromeOS device

GET

/admin/directory/v1/users

List Workspace users in the customer domain

POST

/admin/directory/v1/users

Create a new Workspace user

GET

/admin/directory/v1/groups

List groups in the customer domain

POST

/admin/directory/v1/groups/{groupKey}/members

Add a member to a group

POST

/admin/directory/v1/customer/{customerId}/devices/chromeos/{deviceId}:issueCommand

Issue a command (e.g., remote powerwash) to a ChromeOS device

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth 2.0 credentials with domain-wide delegation are stored encrypted in the Jentic vault (MAXsystem) and exchanged for short-lived access tokens at request time. The agent never sees the service-account key directly.

Intent-based discovery

Agents search by intent (e.g., 'create google workspace user') and Jentic returns the matching users.insert, members.insert, or chromeosdevices.action operation with its input schema.

Time to first call

Direct integration: 3-7 days for OAuth setup, domain-wide delegation, and scope-by-scope review by a Workspace super-admin. Through Jentic: under 2 hours — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Alternative

Cloud Identity API

Newer Google API that supersedes Admin SDK for groups and memberships

Choose Cloud Identity for new builds that focus on group and membership lifecycle — the Admin SDK Directory remains the canonical surface for user, OU, device, and role-assignment operations.

Complementary

Groups Settings API

Manage per-group settings such as who can post, view, or join

Use Groups Settings alongside the Admin SDK to configure access controls on groups created via members.insert.

Complementary

Google Cloud IAM API

Bind Workspace users and groups to GCP roles for cloud resources

Use IAM after provisioning a Workspace user to grant them roles on Google Cloud projects.

FAQs

Specific to using Admin SDK API API through Jentic.

What authentication does the Admin SDK API use?

It uses Google OAuth 2.0 with directory-specific scopes such as https://www.googleapis.com/auth/admin.directory.user and admin.directory.group. Most operations require a delegated credential bound to a super-admin in the Workspace domain, typically via a service account with domain-wide delegation. Jentic stores the credential in its encrypted vault and exchanges it for short-lived access tokens at request time.

Can I create a user with a temporary password through the API?

Yes. POST /admin/directory/v1/users accepts a password field and a changePasswordAtNextLogin boolean. Set changePasswordAtNextLogin=true so the user is forced to rotate the password on first login, which keeps the temporary password out of long-term storage.

What are the rate limits for the Admin SDK Directory API?

The default per-user, per-100-seconds quota is 1,500 queries, with a per-project default of 2,400 queries per minute. Bulk operations should use batch HTTP and exponential back-off — 429 responses include a Retry-After header that the client must honour.

How do I provision a new Workspace user through Jentic?

Run jentic search 'create google workspace user', load the users.insert operation, and execute it with the primaryEmail, name, and password fields. The agent receives the created user resource with its ID and aliases, ready to feed into a follow-up members.insert call to add the user to groups.

Can I issue a remote wipe on a ChromeOS device through the API?

Yes. POST /admin/directory/v1/customer/{customerId}/devices/chromeos/{deviceId}:issueCommand accepts a commandType such as REMOTE_POWERWASH or WIPE_USERS. The response returns a commandId that you can poll on /commands/{commandId} for status until the device acknowledges.