<!doctype html> <html lang="en" dir="ltr"> <head> <meta name="google-signin-client-id" content="721724668570-nbkv1cfusk7kk4eni4pjvepaus73b13t.apps.googleusercontent.com"> <meta name="google-signin-scope" content="profile email https://www.googleapis.com/auth/developerprofiles https://www.googleapis.com/auth/developerprofiles.award https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/webhistory"> <meta property="og:site_name" content="Google Cloud"> <meta property="og:type" content="website"><meta name="theme-color" content="#039be5"><meta charset="utf-8"> <meta content="IE=Edge" http-equiv="X-UA-Compatible"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="manifest" href="/_pwa/cloud/manifest.json" crossorigin="use-credentials"> <link rel="preconnect" href="//www.gstatic.com" crossorigin> <link rel="preconnect" href="//fonts.gstatic.com" crossorigin> <link rel="preconnect" href="//fonts.googleapis.com" crossorigin> <link rel="preconnect" href="//apis.google.com" crossorigin> <link rel="preconnect" href="//www.google-analytics.com" crossorigin><link rel="stylesheet" href="//fonts.googleapis.com/css?family=Google+Sans:400,500,700|Google+Sans+Text:400,400italic,500,500italic,700,700italic|Roboto:400,400italic,500,500italic,700,700italic|Roboto+Mono:400,500,700&display=swap"> <link rel="stylesheet" href="//fonts.googleapis.com/css2?family=Material+Icons&family=Material+Symbols+Outlined&display=block"><link rel="stylesheet" href="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/css/app.css"> <link rel="shortcut icon" href="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/favicon.ico"> <link rel="apple-touch-icon" href="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/super_cloud.png"><link rel="canonical" href="https://cloud.google.com/iam/docs/workforce-identity-federation"><link rel="search" type="application/opensearchdescription+xml" title="Google Cloud" href="https://cloud.google.com/s/opensearch.xml"> <link rel="alternate" hreflang="en" href="https://cloud.google.com/iam/docs/workforce-identity-federation" /><link rel="alternate" hreflang="x-default" href="https://cloud.google.com/iam/docs/workforce-identity-federation" /><link rel="alternate" hreflang="zh-Hans" href="https://cloud.google.com/iam/docs/workforce-identity-federation?hl=zh-cn" /><link rel="alternate" hreflang="fr" href="https://cloud.google.com/iam/docs/workforce-identity-federation?hl=fr" /><link rel="alternate" hreflang="de" href="https://cloud.google.com/iam/docs/workforce-identity-federation?hl=de" /><link rel="alternate" hreflang="id" href="https://cloud.google.com/iam/docs/workforce-identity-federation?hl=id" /><link rel="alternate" hreflang="it" href="https://cloud.google.com/iam/docs/workforce-identity-federation?hl=it" /><link rel="alternate" hreflang="ja" href="https://cloud.google.com/iam/docs/workforce-identity-federation?hl=ja" /><link rel="alternate" hreflang="ko" href="https://cloud.google.com/iam/docs/workforce-identity-federation?hl=ko" /><link rel="alternate" hreflang="pt-BR" href="https://cloud.google.com/iam/docs/workforce-identity-federation?hl=pt-br" /><link rel="alternate" hreflang="es-419" href="https://cloud.google.com/iam/docs/workforce-identity-federation?hl=es-419" /><title>Workforce Identity Federation &nbsp;|&nbsp; IAM Documentation &nbsp;|&nbsp; Google Cloud</title> <meta property="og:title" content="Workforce Identity Federation &nbsp;|&nbsp; IAM Documentation &nbsp;|&nbsp; Google Cloud"><meta property="og:url" content="https://cloud.google.com/iam/docs/workforce-identity-federation"><meta property="og:image" content="https://cloud.google.com/_static/cloud/images/social-icon-google-cloud-1200-630.png"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="630"><meta property="og:locale" content="en"><meta name="twitter:card" content="summary_large_image"><script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Article", "headline": "Workforce Identity Federation" } </script><script type="application/ld+json"> { "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [{ "@type": "ListItem", "position": 1, "name": "IAM", "item": "https://cloud.google.com/iam" },{ "@type": "ListItem", "position": 2, "name": "Documentation", "item": "https://cloud.google.com/iam/docs" },{ "@type": "ListItem", "position": 3, "name": "Workforce Identity Federation", "item": "https://cloud.google.com/iam/docs/workforce-identity-federation" }] } </script> <link rel="stylesheet" href="/extras.css"></head> <body class="" template="page" theme="cloud-theme" type="article" layout="docs" free-trial display-toc pending> <devsite-progress type="indeterminate" id="app-progress"></devsite-progress> <a href="#main-content" class="skip-link button"> Skip to main content </a> <section class="devsite-wrapper"> <devsite-cookie-notification-bar></devsite-cookie-notification-bar><cloudx-track userCountry="SG"></cloudx-track> <cloudx-utils-init></cloudx-utils-init> <devsite-header keep-tabs-visible> <div class="devsite-header--inner nocontent"> <div class="devsite-top-logo-row-wrapper-wrapper"> <div class="devsite-top-logo-row-wrapper"> <div class="devsite-top-logo-row"> <button type="button" id="devsite-hamburger-menu" class="devsite-header-icon-button button-flat material-icons gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Navigation menu button" visually-hidden aria-label="Open menu"> </button> <div class="devsite-product-name-wrapper"> <a href="/" class="devsite-site-logo-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Site logo" track-type="globalNav" track-name="googleCloud" track-metadata-position="nav" track-metadata-eventDetail="nav"> <picture> <img src="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/cloud-logo.svg" class="devsite-site-logo" alt="Google Cloud"> </picture> </a> <span class="devsite-product-name"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item devsite-has-google-wordmark"> </li> </ul> </span> </div> <div class="devsite-top-logo-row-middle"> <div class="devsite-header-upper-tabs"> <cloudx-tabs-nav class="upper-tabs"> <nav class="devsite-tabs-wrapper" aria-label="Upper tabs"> <tab class="devsite-active"> <a href="https://cloud.google.com/docs" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/docs" track-type="nav" track-metadata-position="nav - docs-home" track-metadata-module="primary nav" aria-label="Documentation, selected" data-category="Site-Wide Custom Events" data-label="Tab: Documentation" track-name="docs-home" track-link-column-type="single-column" > Documentation </a> </tab> <tab class="devsite-dropdown devsite-clickable "> <a href="https://cloud.google.com/docs/tech-area-overviews" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/docs/tech-area-overviews" track-type="nav" track-metadata-position="nav - technology-areas" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" > Technology areas </a> <button aria-haspopup="menu" aria-expanded="false" aria-label="Dropdown menu for Technology areas" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/tech-area-overviews" track-metadata-position="nav - technology-areas" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" class="devsite-tabs-dropdown-toggle devsite-icon devsite-icon-arrow-drop-down"></button> <div class="devsite-tabs-dropdown" role="menu" aria-label="submenu" hidden> <button class="devsite-tabs-close-button material-icons button-flat gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close dropdown menu" aria-label="Close dropdown menu" track-type="nav" track-name="close" track-metadata-eventdetail="#" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav">close</button> <div class="devsite-tabs-dropdown-content"> <div class="devsite-tabs-dropdown-column "> <ul class="devsite-tabs-dropdown-section "> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/ai-ml" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/ai-ml" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> AI and ML </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/application-development" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/application-development" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Application development </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/application-hosting" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/application-hosting" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Application hosting </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/compute-area" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/compute-area" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Compute </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/data" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/data" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Data analytics and pipelines </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/databases" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/databases" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Databases </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/dhm-cloud" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/dhm-cloud" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Distributed, hybrid, and multicloud </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/generative-ai" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/generative-ai" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Generative AI </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/industry" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/industry" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Industry solutions </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/networking" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/networking" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Networking </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/observability" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/observability" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Observability and monitoring </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/security" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/security" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Security </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/storage" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/storage" track-metadata-position="nav - technology-areas" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Storage </div> </a> </li> </ul> </div> </div> </div> </tab> <tab class="devsite-dropdown devsite-clickable "> <a href="https://cloud.google.com/docs/cross-product-overviews" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/docs/cross-product-overviews" track-type="nav" track-metadata-position="nav - crossproduct" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" > Cross-product tools </a> <button aria-haspopup="menu" aria-expanded="false" aria-label="Dropdown menu for Cross-product tools" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/cross-product-overviews" track-metadata-position="nav - crossproduct" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" class="devsite-tabs-dropdown-toggle devsite-icon devsite-icon-arrow-drop-down"></button> <div class="devsite-tabs-dropdown" role="menu" aria-label="submenu" hidden> <button class="devsite-tabs-close-button material-icons button-flat gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close dropdown menu" aria-label="Close dropdown menu" track-type="nav" track-name="close" track-metadata-eventdetail="#" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav">close</button> <div class="devsite-tabs-dropdown-content"> <div class="devsite-tabs-dropdown-column "> <ul class="devsite-tabs-dropdown-section "> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/access-resources" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/access-resources" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Access and resources management </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/costs-usage" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/costs-usage" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Costs and usage management </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/devtools" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/devtools" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud SDK, languages, frameworks, and tools </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/iac" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/iac" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Infrastructure as code </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/docs/migration" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/docs/migration" track-metadata-position="nav - crossproduct" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Migration </div> </a> </li> </ul> </div> </div> </div> </tab> <tab class="devsite-dropdown devsite-clickable "> <a href="https://cloud.google.com/" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/" track-type="nav" track-metadata-position="nav - related-sites" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" > Related sites </a> <button aria-haspopup="menu" aria-expanded="false" aria-label="Dropdown menu for Related sites" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/" track-metadata-position="nav - related-sites" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" class="devsite-tabs-dropdown-toggle devsite-icon devsite-icon-arrow-drop-down"></button> <div class="devsite-tabs-dropdown" role="menu" aria-label="submenu" hidden> <button class="devsite-tabs-close-button material-icons button-flat gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close dropdown menu" aria-label="Close dropdown menu" track-type="nav" track-name="close" track-metadata-eventdetail="#" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav">close</button> <div class="devsite-tabs-dropdown-content"> <div class="devsite-tabs-dropdown-column "> <ul class="devsite-tabs-dropdown-section "> <li class="devsite-nav-item"> <a href="https://cloud.google.com/" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Home </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/free" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/free" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Free Trial and Free Tier </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/architecture" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/architecture" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Architecture Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/blog" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/blog" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Blog </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/contact" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/contact" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Contact Sales </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/developers" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/developers" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Developer Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://developers.google.com/" track-type="nav" track-metadata-eventdetail="https://developers.google.com/" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Developer Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://console.cloud.google.com/marketplace" track-type="nav" track-metadata-eventdetail="https://console.cloud.google.com/marketplace" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Marketplace </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/marketplace/docs" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/marketplace/docs" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Marketplace Documentation </div> </a> </li> <li class="devsite-nav-item"> <a href="https://www.cloudskillsboost.google/paths" track-type="nav" track-metadata-eventdetail="https://www.cloudskillsboost.google/paths" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Skills Boost </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/solutions" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/solutions" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Solution Center </div> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/support-hub" track-type="nav" track-metadata-eventdetail="https://cloud.google.com/support-hub" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Support </div> </a> </li> <li class="devsite-nav-item"> <a href="https://www.youtube.com/@googlecloudtech" track-type="nav" track-metadata-eventdetail="https://www.youtube.com/@googlecloudtech" track-metadata-position="nav - related-sites" track-metadata-module="tertiary nav" tooltip > <div class="devsite-nav-item-title"> Google Cloud Tech Youtube Channel </div> </a> </li> </ul> </div> </div> </div> </tab> </nav> </cloudx-tabs-nav> </div> <devsite-search enable-signin enable-search enable-suggestions project-name="IAM Documentation" tenant-name="Google Cloud" project-scope="/iam/docs" url-scoped="https://cloud.google.com/s/results/iam/docs" > <form class="devsite-search-form" action="https://cloud.google.com/s/results" method="GET"> <div class="devsite-search-container"> <button type="button" search-open class="devsite-search-button devsite-header-icon-button button-flat material-icons" aria-label="Open search"></button> <div class="devsite-searchbox"> <input aria-activedescendant="" aria-autocomplete="list" aria-label="Search" aria-expanded="false" aria-haspopup="listbox" autocomplete="off" class="devsite-search-field devsite-search-query" name="q" placeholder="Search" role="combobox" type="text" value="" > <div class="devsite-search-image material-icons" aria-hidden="true"> </div> <div class="devsite-search-shortcut-icon-container" aria-hidden="true"> <kbd class="devsite-search-shortcut-icon">/</kbd> </div> </div> </div> </form> <button type="button" search-close class="devsite-search-button devsite-header-icon-button button-flat material-icons" aria-label="Close search"></button> </devsite-search> </div> <devsite-language-selector> <ul role="presentation"> <li role="presentation"> <a role="menuitem" lang="en" >English</a> </li> <li role="presentation"> <a role="menuitem" lang="de" >Deutsch</a> </li> <li role="presentation"> <a role="menuitem" lang="es_419" >Español – América Latina</a> </li> <li role="presentation"> <a role="menuitem" lang="fr" >Français</a> </li> <li role="presentation"> <a role="menuitem" lang="id" >Indonesia</a> </li> <li role="presentation"> <a role="menuitem" lang="it" >Italiano</a> </li> <li role="presentation"> <a role="menuitem" lang="pt_br" >Português – Brasil</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_cn" >中文 – 简体</a> </li> <li role="presentation"> <a role="menuitem" lang="ja" >日本語</a> </li> <li role="presentation"> <a role="menuitem" lang="ko" >한국어</a> </li> </ul> </devsite-language-selector> <devsite-user enable-profiles fp-auth id="devsite-user"> <span class="button devsite-top-button" aria-hidden="true" visually-hidden>Sign in</span> </devsite-user> </div> </div> </div> <div class="devsite-collapsible-section "> <div class="devsite-header-background"> <div class="devsite-product-id-row" hidden> <div class="devsite-product-description-row"> </div> </div> <div class="devsite-doc-set-nav-row"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item "> <a href="https://cloud.google.com/iam" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Lower Header" data-value="1" track-type="globalNav" track-name="breadcrumb" track-metadata-position="1" track-metadata-eventdetail="IAM" > IAM </a> </li> </ul> <cloudx-tabs-nav class="lower-tabs"> <nav class="devsite-tabs-wrapper" aria-label="Lower tabs"> <tab class="devsite-active"> <a href="https://cloud.google.com/iam/docs/overview" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/iam/docs/overview" track-type="nav" track-metadata-position="nav - guides" track-metadata-module="primary nav" aria-label="Guides, selected" data-category="Site-Wide Custom Events" data-label="Tab: Guides" track-name="guides" > Guides </a> </tab> <tab > <a href="https://cloud.google.com/iam/docs/apis" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/iam/docs/apis" track-type="nav" track-metadata-position="nav - reference" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Reference" track-name="reference" > Reference </a> </tab> <tab > <a href="https://cloud.google.com/iam/docs/samples" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/iam/docs/samples" track-type="nav" track-metadata-position="nav - samples" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Samples" track-name="samples" > Samples </a> </tab> <tab > <a href="https://cloud.google.com/iam/docs/resources" class="devsite-tabs-content gc-analytics-event " track-metadata-eventdetail="https://cloud.google.com/iam/docs/resources" track-type="nav" track-metadata-position="nav - resources" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Resources" track-name="resources" > Resources </a> </tab> </nav> </cloudx-tabs-nav> <div class="devsite-product-button-row"> <a href="https://cloud.google.com/contact" class="cta-button-secondary button " data-overflow="devsite-tabs-wrapper" track-name="sales" data-overflow-container="left" track-metadata-eventDetail="nav" track-metadata-position="nav" data-overflow-wrapper="tab" track-type="contact" >Contact Us</a> <a href="//console.cloud.google.com/freetrial" class="cloud-free-trial-button cta-button-primary button-primary button cloud-button cloud-button--primary " data-overflow-class="devsite-header-link devsite-top-button button cloud-free-trial-button cloud-free-trial-enabled cloud-button cloud-button--primary" track-metadata-position="nav" track-type="freeTrial" data-overflow="devsite-top-logo-row" track-name="gcpCta" data-overflow-container="right" referrerpolicy="no-referrer-when-downgrade" track-metadata-eventDetail="nav" >Start free</a> </div> </div> </div> </div> </div> </devsite-header> <devsite-book-nav scrollbars > <div class="devsite-book-nav-filter" > <span class="filter-list-icon material-icons" aria-hidden="true"></span> <input type="text" placeholder="Filter" aria-label="Type to filter" role="searchbox"> <span class="filter-clear-button hidden" data-title="Clear filter" aria-label="Clear filter" role="button" tabindex="0"></span> </div> <nav class="devsite-book-nav devsite-nav nocontent" aria-label="Side menu"> <div class="devsite-mobile-header"> <button type="button" id="devsite-close-nav" class="devsite-header-icon-button button-flat material-icons gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close navigation" aria-label="Close navigation"> </button> <div class="devsite-product-name-wrapper"> <a href="/" class="devsite-site-logo-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Site logo" track-type="globalNav" track-name="googleCloud" track-metadata-position="nav" track-metadata-eventDetail="nav"> <picture> <img src="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/cloud-logo.svg" class="devsite-site-logo" alt="Google Cloud"> </picture> </a> <span class="devsite-product-name"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item devsite-has-google-wordmark"> </li> </ul> </span> </div> </div> <div class="devsite-book-nav-wrapper"> <div class="devsite-mobile-nav-top"> <ul class="devsite-nav-list"> <li class="devsite-nav-item"> <a href="/docs" class="devsite-nav-title gc-analytics-event devsite-nav-active" data-category="Site-Wide Custom Events" data-label="Tab: Documentation" track-name="docs-home" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Documentation" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Documentation </span> </a> <ul class="devsite-nav-responsive-tabs"> <li class="devsite-nav-item"> <a href="/iam/docs/overview" class="devsite-nav-title gc-analytics-event devsite-nav-has-children devsite-nav-active" data-category="Site-Wide Custom Events" data-label="Tab: Guides" track-name="guides" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Guides" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip menu="_book"> Guides </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="_book"> </span> </a> </li> <li class="devsite-nav-item"> <a href="/iam/docs/apis" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Reference" track-name="reference" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Reference" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Reference </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> <li class="devsite-nav-item"> <a href="/iam/docs/samples" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Samples" track-name="samples" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Samples" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Samples </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> <li class="devsite-nav-item"> <a href="/iam/docs/resources" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Resources" track-name="resources" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Resources" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Resources </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> </ul> </li> <li class="devsite-nav-item"> <a href="/docs/tech-area-overviews" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Technology areas" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Technology areas </span> </a> <ul class="devsite-nav-responsive-tabs devsite-nav-has-menu "> <li class="devsite-nav-item"> <span class="devsite-nav-title" tooltip data-category="Site-Wide Custom Events" data-label="Tab: Technology areas" track-name="technology-areas" track-link-column-type="single-column" > <span class="devsite-nav-text" tooltip menu="Technology areas"> More </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="Technology areas"> </span> </span> </li> </ul> </li> <li class="devsite-nav-item"> <a href="/docs/cross-product-overviews" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Cross-product tools" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Cross-product tools </span> </a> <ul class="devsite-nav-responsive-tabs devsite-nav-has-menu "> <li class="devsite-nav-item"> <span class="devsite-nav-title" tooltip data-category="Site-Wide Custom Events" data-label="Tab: Cross-product tools" track-name="crossproduct" track-link-column-type="single-column" > <span class="devsite-nav-text" tooltip menu="Cross-product tools"> More </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="Cross-product tools"> </span> </span> </li> </ul> </li> <li class="devsite-nav-item"> <a href="/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Related sites" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Related sites </span> </a> <ul class="devsite-nav-responsive-tabs devsite-nav-has-menu "> <li class="devsite-nav-item"> <span class="devsite-nav-title" tooltip data-category="Site-Wide Custom Events" data-label="Tab: Related sites" track-name="related-sites" track-link-column-type="single-column" > <span class="devsite-nav-text" tooltip menu="Related sites"> More </span> <span class="devsite-nav-icon material-icons" data-icon="forward" menu="Related sites"> </span> </span> </li> </ul> </li> <li class="devsite-nav-item"> <a href="//console.cloud.google.com/" class="devsite-nav-title gc-analytics-event " track-metadata-eventDetail="nav" track-type="globalNav" track-name="console" track-metadata-position="nav" referrerpolicy="no-referrer-when-downgrade" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Console" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Console </span> </a> </li> <li class="devsite-nav-item"> <a href="/contact" class="cta-button-secondary button" data-overflow="devsite-tabs-wrapper" track-name="sales" data-overflow-container="left" track-metadata-eventDetail="nav" track-metadata-position="nav" data-overflow-wrapper="tab" track-type="contact" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Contact Us" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Contact Us </span> </a> </li> <li class="devsite-nav-item"> <a href="//console.cloud.google.com/freetrial" class="cloud-free-trial-button cta-button-primary button-primary button cloud-button cloud-button--primary" data-overflow-class="devsite-header-link devsite-top-button button cloud-free-trial-button cloud-free-trial-enabled cloud-button cloud-button--primary" track-metadata-position="nav" track-type="freeTrial" data-overflow="devsite-top-logo-row" track-name="gcpCta" data-overflow-container="right" referrerpolicy="no-referrer-when-downgrade" track-metadata-eventDetail="nav" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Start free" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Start free </span> </a> </li> </ul> </div> <div class="devsite-mobile-nav-bottom"> <ul class="devsite-nav-list" menu="_book"> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Discover</span> </div></li> <li class="devsite-nav-item"><a href="/iam/docs/overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/overview" ><span class="devsite-nav-text" tooltip>Product overview</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Get started</span> </div></li> <li class="devsite-nav-item"><a href="/iam/docs/grant-role-console" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/grant-role-console" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/grant-role-console" ><span class="devsite-nav-text" tooltip>Grant roles in the Google Cloud console</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/write-policy-client-libraries" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/write-policy-client-libraries" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/write-policy-client-libraries" ><span class="devsite-nav-text" tooltip>Grant roles using client libraries</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/iam-security-architecture" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/iam-security-architecture" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/iam-security-architecture" ><span class="devsite-nav-text" tooltip>IAM and your security architecture</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/google-identities" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/google-identities" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/google-identities" ><span class="devsite-nav-text" tooltip>Identity management for Google Cloud</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Configure identities for users</span> </div></li> <li class="devsite-nav-item"><a href="/iam/docs/user-identities" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/user-identities" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/user-identities" ><span class="devsite-nav-text" tooltip>Identities for users</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/groups-in-cloud-console" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/groups-in-cloud-console" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/groups-in-cloud-console" ><span class="devsite-nav-text" tooltip>Create and manage Google groups in the Google Cloud console</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/groups-best-practices" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/groups-best-practices" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/groups-best-practices" ><span class="devsite-nav-text" tooltip>Best practices for using Google groups</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Federate identities for users</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/workforce-identity-federation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workforce-identity-federation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workforce-identity-federation" ><span class="devsite-nav-text" tooltip>Workforce identity federation</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Configure Workforce Identity Federation</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/workforce-sign-in-microsoft-entra-id" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workforce-sign-in-microsoft-entra-id" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workforce-sign-in-microsoft-entra-id" ><span class="devsite-nav-text" tooltip>Microsoft Entra ID</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workforce-sign-in-okta" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workforce-sign-in-okta" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workforce-sign-in-okta" ><span class="devsite-nav-text" tooltip>Okta</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/configuring-workforce-identity-federation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/configuring-workforce-identity-federation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/configuring-workforce-identity-federation" ><span class="devsite-nav-text" tooltip>Other OIDC or SAML 2.0</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workforce-sign-in-power-bi" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workforce-sign-in-power-bi" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workforce-sign-in-power-bi" ><span class="devsite-nav-text" tooltip>Access BigQuery data in Power BI with Microsoft Entra</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/iam/docs/workforce-obtaining-short-lived-credentials" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workforce-obtaining-short-lived-credentials" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workforce-obtaining-short-lived-credentials" ><span class="devsite-nav-text" tooltip>Obtain short-lived credentials for Workforce Identity Federation</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/manage-workforce-identity-pools-providers" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/manage-workforce-identity-pools-providers" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/manage-workforce-identity-pools-providers" ><span class="devsite-nav-text" tooltip>Manage workforce identity pools and providers</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workforce-delete-user-data" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workforce-delete-user-data" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workforce-delete-user-data" ><span class="devsite-nav-text" tooltip>Delete Workforce Identity Federation users and their data</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workforce-console-sso" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workforce-console-sso" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workforce-console-sso" ><span class="devsite-nav-text" tooltip>Set up user access to console (federated)</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Integrate OAuth applications</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/workforce-oauth-app" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workforce-oauth-app" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workforce-oauth-app" ><span class="devsite-nav-text" tooltip>OAuth application integration overview</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workforce-manage-oauth-app" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workforce-manage-oauth-app" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workforce-manage-oauth-app" ><span class="devsite-nav-text" tooltip>Manage OAuth applications</span></a></li></ul></div></li></ul></div></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Configure identities for workloads</span> </div></li> <li class="devsite-nav-item"><a href="/iam/docs/workload-identities" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workload-identities" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workload-identities" ><span class="devsite-nav-text" tooltip>Identities for workloads</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Create and manage service accounts</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>About service accounts</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/service-account-overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-account-overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-account-overview" ><span class="devsite-nav-text" tooltip>Service accounts</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-account-creds" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-account-creds" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-account-creds" ><span class="devsite-nav-text" tooltip>Service account credentials</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-account-impersonation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-account-impersonation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-account-impersonation" ><span class="devsite-nav-text" tooltip>Service account impersonation</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-account-types" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-account-types" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-account-types" ><span class="devsite-nav-text" tooltip>Service account types</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-account-permissions" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-account-permissions" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-account-permissions" ><span class="devsite-nav-text" tooltip>Roles for service account authentication</span></a></li></ul></div></li><li class="devsite-nav-item devsite-nav-preview"><a href="/iam/docs/create-service-agents" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/create-service-agents" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/create-service-agents" ><span class="devsite-nav-text" tooltip>Create and grant roles to service agents</span><span class="devsite-nav-icon material-icons" data-icon="preview" data-title="Preview" aria-hidden="true"></span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-accounts-create" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-accounts-create" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-accounts-create" ><span class="devsite-nav-text" tooltip>Create service accounts</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Manage service accounts</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/service-accounts-list-edit" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-accounts-list-edit" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-accounts-list-edit" ><span class="devsite-nav-text" tooltip>List and edit service accounts</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-accounts-disable-enable" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-accounts-disable-enable" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-accounts-disable-enable" ><span class="devsite-nav-text" tooltip>Disable and enable service accounts</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-accounts-delete-undelete" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-accounts-delete-undelete" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-accounts-delete-undelete" ><span class="devsite-nav-text" tooltip>Delete and undelete service accounts</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-accounts-tags" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-accounts-tags" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-accounts-tags" ><span class="devsite-nav-text" tooltip>Manage tags for service accounts</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/iam/docs/attach-service-accounts" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/attach-service-accounts" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/attach-service-accounts" ><span class="devsite-nav-text" tooltip>Attach service accounts to resources</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-accounts-custom-constraints" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-accounts-custom-constraints" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-accounts-custom-constraints" ><span class="devsite-nav-text" tooltip>Use custom organization policies for service accounts and keys</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Service account best practices</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/best-practices-service-accounts" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/best-practices-service-accounts" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/best-practices-service-accounts" ><span class="devsite-nav-text" tooltip>Best practices for using service accounts</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/best-practices-for-using-service-accounts-in-deployment-pipelines" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/best-practices-for-using-service-accounts-in-deployment-pipelines" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/best-practices-for-using-service-accounts-in-deployment-pipelines" ><span class="devsite-nav-text" tooltip>Best practices for using service accounts in deployment pipelines</span></a></li></ul></div></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable devsite-nav-preview"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Create managed workload identities</span><span class="devsite-nav-icon material-icons" data-icon="preview" data-title="Preview" aria-hidden="true"></span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item devsite-nav-preview"><a href="/iam/docs/managed-workload-identity" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/managed-workload-identity" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/managed-workload-identity" ><span class="devsite-nav-text" tooltip>About managed workload identities</span><span class="devsite-nav-icon material-icons" data-icon="preview" data-title="Preview" aria-hidden="true"></span></a></li><li class="devsite-nav-item devsite-nav-preview"><a href="/iam/docs/create-managed-workload-identities" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/create-managed-workload-identities" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/create-managed-workload-identities" ><span class="devsite-nav-text" tooltip>Create managed workload identities</span><span class="devsite-nav-icon material-icons" data-icon="preview" data-title="Preview" aria-hidden="true"></span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Federate identities for external workloads</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/workload-identity-federation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workload-identity-federation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workload-identity-federation" ><span class="devsite-nav-text" tooltip>Workload Identity Federation</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Configure Workload Identity Federation</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/workload-identity-federation-with-other-clouds" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workload-identity-federation-with-other-clouds" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workload-identity-federation-with-other-clouds" ><span class="devsite-nav-text" tooltip>AWS or Azure</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workload-identity-federation-with-active-directory" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workload-identity-federation-with-active-directory" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workload-identity-federation-with-active-directory" ><span class="devsite-nav-text" tooltip>Active Directory</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workload-identity-federation-with-deployment-pipelines" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workload-identity-federation-with-deployment-pipelines" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workload-identity-federation-with-deployment-pipelines" ><span class="devsite-nav-text" tooltip>Deployment pipelines</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workload-identity-federation-with-kubernetes" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workload-identity-federation-with-kubernetes" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workload-identity-federation-with-kubernetes" ><span class="devsite-nav-text" tooltip>Kubernetes</span></a></li><li class="devsite-nav-item devsite-nav-preview"><a href="/iam/docs/workload-identity-federation-with-x509-certificates" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workload-identity-federation-with-x509-certificates" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workload-identity-federation-with-x509-certificates" ><span class="devsite-nav-text" tooltip>Workloads with X.509 certificates</span><span class="devsite-nav-icon material-icons" data-icon="preview" data-title="Preview" aria-hidden="true"></span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workload-identity-federation-with-other-providers" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workload-identity-federation-with-other-providers" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workload-identity-federation-with-other-providers" ><span class="devsite-nav-text" tooltip>Other identity providers</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/iam/docs/manage-workload-identity-pools-providers" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/manage-workload-identity-pools-providers" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/manage-workload-identity-pools-providers" ><span class="devsite-nav-text" tooltip>Manage workload identity pools and providers</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/best-practices-for-using-workload-identity-federation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/best-practices-for-using-workload-identity-federation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/best-practices-for-using-workload-identity-federation" ><span class="devsite-nav-text" tooltip>Best practices for using Workload Identity Federation</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/use-workload-identity-federation-to-let-customers-access-their-cloud-resources" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/use-workload-identity-federation-to-let-customers-access-their-cloud-resources" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/use-workload-identity-federation-to-let-customers-access-their-cloud-resources" ><span class="devsite-nav-text" tooltip>Let customers access their Google Cloud resources from your product or service</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/workload-download-cred-and-grant-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/workload-download-cred-and-grant-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/workload-download-cred-and-grant-access" ><span class="devsite-nav-text" tooltip>Download credential configuration and grant access</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/tutorial-cloud-run-workload-id-federation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/tutorial-cloud-run-workload-id-federation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/tutorial-cloud-run-workload-id-federation" ><span class="devsite-nav-text" tooltip>Integrate Cloud Run and Workload Identity Federation</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Create and manage service account keys</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/migrate-from-service-account-keys" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/migrate-from-service-account-keys" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/migrate-from-service-account-keys" ><span class="devsite-nav-text" tooltip>Migrate from service account keys</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/key-rotation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/key-rotation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/key-rotation" ><span class="devsite-nav-text" tooltip>Service account key rotation</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/keys-create-delete" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/keys-create-delete" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/keys-create-delete" ><span class="devsite-nav-text" tooltip>Create and delete service account keys</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/keys-list-get" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/keys-list-get" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/keys-list-get" ><span class="devsite-nav-text" tooltip>List and get service account keys</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/keys-upload" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/keys-upload" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/keys-upload" ><span class="devsite-nav-text" tooltip>Upload a public key</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/keys-disable-enable" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/keys-disable-enable" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/keys-disable-enable" ><span class="devsite-nav-text" tooltip>Disable and enable service account keys</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/best-practices-for-managing-service-account-keys" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/best-practices-for-managing-service-account-keys" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/best-practices-for-managing-service-account-keys" ><span class="devsite-nav-text" tooltip>Best practices for managing service account keys</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/iam/docs/built-in-resource-identities" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/built-in-resource-identities" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/built-in-resource-identities" ><span class="devsite-nav-text" tooltip>Built-in identities for resources</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Control access to resources</span> </div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>About IAM access controls</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/roles-overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/roles-overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/roles-overview" ><span class="devsite-nav-text" tooltip>Roles and permissions</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/principals-overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/principals-overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/principals-overview" ><span class="devsite-nav-text" tooltip>Principals</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/policy-types" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/policy-types" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/policy-types" ><span class="devsite-nav-text" tooltip>Policy types</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/policies" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/policies" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/policies" ><span class="devsite-nav-text" tooltip>Allow policies</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/resource-hierarchy-access-control" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/resource-hierarchy-access-control" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/resource-hierarchy-access-control" ><span class="devsite-nav-text" tooltip>Allow policy inheritance</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/deny-overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/deny-overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/deny-overview" ><span class="devsite-nav-text" tooltip>Deny policies</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/principal-access-boundary-policies" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/principal-access-boundary-policies" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/principal-access-boundary-policies" ><span class="devsite-nav-text" tooltip>Principal access boundary policies</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/access-change-propagation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/access-change-propagation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/access-change-propagation" ><span class="devsite-nav-text" tooltip>Access change propagation</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/conditions-overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/conditions-overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/conditions-overview" ><span class="devsite-nav-text" tooltip>IAM Conditions</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Choose roles to grant</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/choose-predefined-roles" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/choose-predefined-roles" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/choose-predefined-roles" ><span class="devsite-nav-text" tooltip>Choose predefined roles</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/viewing-grantable-roles" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/viewing-grantable-roles" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/viewing-grantable-roles" ><span class="devsite-nav-text" tooltip>View grantable roles</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Roles for specific job functions</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/job-functions/billing" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/job-functions/billing" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/job-functions/billing" ><span class="devsite-nav-text" tooltip>Billing-related job functions</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/job-functions/networking" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/job-functions/networking" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/job-functions/networking" ><span class="devsite-nav-text" tooltip>Networking-related job functions</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/job-functions/auditing" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/job-functions/auditing" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/job-functions/auditing" ><span class="devsite-nav-text" tooltip>Auditing-related job functions</span></a></li></ul></div></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Create and manage custom roles</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/creating-custom-roles" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/creating-custom-roles" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/creating-custom-roles" ><span class="devsite-nav-text" tooltip>Create and manage custom roles</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/maintain-custom-roles-deployment-manager" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/maintain-custom-roles-deployment-manager" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/maintain-custom-roles-deployment-manager" ><span class="devsite-nav-text" tooltip>Use Deployment Manager to maintain custom roles</span></a></li></ul></div></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Grant access</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/granting-changing-revoking-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/granting-changing-revoking-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/granting-changing-revoking-access" ><span class="devsite-nav-text" tooltip>Manage access to projects, folders, and organizations</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/manage-access-service-accounts" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/manage-access-service-accounts" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/manage-access-service-accounts" ><span class="devsite-nav-text" tooltip>Manage access to service accounts</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/manage-access-other-resources" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/manage-access-other-resources" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/manage-access-other-resources" ><span class="devsite-nav-text" tooltip>Manage access to other resources</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/test-policy-changes" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/test-policy-changes" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/test-policy-changes" ><span class="devsite-nav-text" tooltip>Test allow policy changes</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Grant access conditionally</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/managing-conditional-role-bindings" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/managing-conditional-role-bindings" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/managing-conditional-role-bindings" ><span class="devsite-nav-text" tooltip>Manage conditional role bindings</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/configuring-temporary-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/configuring-temporary-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/configuring-temporary-access" ><span class="devsite-nav-text" tooltip>Configure temporary access</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/configuring-resource-based-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/configuring-resource-based-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/configuring-resource-based-access" ><span class="devsite-nav-text" tooltip>Configure resource-based access</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/tags-access-control" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/tags-access-control" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/tags-access-control" ><span class="devsite-nav-text" tooltip>Tags and conditional access</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/setting-limits-on-granting-roles" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/setting-limits-on-granting-roles" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/setting-limits-on-granting-roles" ><span class="devsite-nav-text" tooltip>Set limits on granting roles</span></a></li><li class="devsite-nav-item devsite-nav-alpha"><a href="/iam/docs/linting-policies" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/linting-policies" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/linting-policies" ><span class="devsite-nav-text" tooltip>Lint conditions in allow policies</span><span class="devsite-nav-icon material-icons" data-icon="alpha" data-title="Alpha" aria-hidden="true"></span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/iam/docs/deny-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/deny-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/deny-access" ><span class="devsite-nav-text" tooltip>Deny access</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Restrict the resources that a principal can access</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/principal-access-boundary-policies-create" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/principal-access-boundary-policies-create" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/principal-access-boundary-policies-create" ><span class="devsite-nav-text" tooltip>Create and apply principal access boundary policies</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/principal-access-boundary-policies-view" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/principal-access-boundary-policies-view" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/principal-access-boundary-policies-view" ><span class="devsite-nav-text" tooltip>View principal access boundary policies</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/principal-access-boundary-policies-edit" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/principal-access-boundary-policies-edit" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/principal-access-boundary-policies-edit" ><span class="devsite-nav-text" tooltip>Edit principal access boundary policies</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/principal-access-boundary-policies-remove" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/principal-access-boundary-policies-remove" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/principal-access-boundary-policies-remove" ><span class="devsite-nav-text" tooltip>Remove principal access boundary policies</span></a></li></ul></div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Temporary elevated access</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/temporary-elevated-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/temporary-elevated-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/temporary-elevated-access" ><span class="devsite-nav-text" tooltip>Temporary elevated access overview</span></a></li><li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Control temporary elevated access with PAM</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/pam-overview" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/pam-overview" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/pam-overview" ><span class="devsite-nav-text" tooltip>PAM overview</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/pam-permissions-and-setup" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/pam-permissions-and-setup" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/pam-permissions-and-setup" ><span class="devsite-nav-text" tooltip>Permissions and setup</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/pam-create-entitlements" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/pam-create-entitlements" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/pam-create-entitlements" ><span class="devsite-nav-text" tooltip>Create entitlements</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/pam-view-update-delete-entitlements" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/pam-view-update-delete-entitlements" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/pam-view-update-delete-entitlements" ><span class="devsite-nav-text" tooltip>View, update, and delete entitlements</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/pam-view-grants" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/pam-view-grants" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/pam-view-grants" ><span class="devsite-nav-text" tooltip>View grants</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/pam-revoke-grants" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/pam-revoke-grants" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/pam-revoke-grants" ><span class="devsite-nav-text" tooltip>Revoke grants</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/pam-audit-entitlement-events" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/pam-audit-entitlement-events" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/pam-audit-entitlement-events" ><span class="devsite-nav-text" tooltip>Audit entitlement and grant events</span></a></li></ul></div></li><li class="devsite-nav-item"><a href="/iam/docs/pam-request-temporary-elevated-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/pam-request-temporary-elevated-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/pam-request-temporary-elevated-access" ><span class="devsite-nav-text" tooltip>Request temporary elevated access with PAM</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/pam-approve-deny-grants" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/pam-approve-deny-grants" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/pam-approve-deny-grants" ><span class="devsite-nav-text" tooltip>Approve or deny grants with PAM</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/create-short-lived-credentials-direct" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/create-short-lived-credentials-direct" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/create-short-lived-credentials-direct" ><span class="devsite-nav-text" tooltip>Create short-lived credentials for a service account</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/create-short-lived-credentials-delegated" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/create-short-lived-credentials-delegated" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/create-short-lived-credentials-delegated" ><span class="devsite-nav-text" tooltip>Create short-lived credentials for multiple service accounts</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/downscoping-short-lived-credentials" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/downscoping-short-lived-credentials" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/downscoping-short-lived-credentials" ><span class="devsite-nav-text" tooltip>Restrict a credential&#39;s Cloud Storage permissions</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/migrating-to-credentials-api" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/migrating-to-credentials-api" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/migrating-to-credentials-api" ><span class="devsite-nav-text" tooltip>Migrate to the Service Account Credentials API</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/iam/docs/testing-permissions" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/testing-permissions" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/testing-permissions" ><span class="devsite-nav-text" tooltip>Test permissions for custom user interfaces</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/org-policy-custom-constraints" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/org-policy-custom-constraints" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/org-policy-custom-constraints" ><span class="devsite-nav-text" tooltip>Use custom organization policies for allow policies</span></a></li> <li class="devsite-nav-item"><a href="/solutions/help-secure-the-pipeline-from-your-data-lake-to-your-data-warehouse" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /solutions/help-secure-the-pipeline-from-your-data-lake-to-your-data-warehouse" track-type="bookNav" track-name="click" track-metadata-eventdetail="/solutions/help-secure-the-pipeline-from-your-data-lake-to-your-data-warehouse" ><span class="devsite-nav-text" tooltip>Use IAM to help prevent exfiltration from data pipelines</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Optimize your IAM configuration</span> </div></li> <li class="devsite-nav-item"><a href="/iam/docs/using-iam-securely" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/using-iam-securely" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/using-iam-securely" ><span class="devsite-nav-text" tooltip>Use IAM securely</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/policy-intelligence-tools" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/policy-intelligence-tools" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/policy-intelligence-tools" ><span class="devsite-nav-text" tooltip>Optimize IAM policies by using Policy Intelligence tools</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/secure-iam-vpc-sc" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/secure-iam-vpc-sc" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/secure-iam-vpc-sc" ><span class="devsite-nav-text" tooltip>Help secure IAM using VPC Service Controls</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Monitor</span> </div></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Audit logging</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/audit-logging" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/audit-logging" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/audit-logging" ><span class="devsite-nav-text" tooltip>IAM API audit logging</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/audit-logging/audit-logging-iamcreds" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/audit-logging/audit-logging-iamcreds" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/audit-logging/audit-logging-iamcreds" ><span class="devsite-nav-text" tooltip>Service Account Credentials API audit logging</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/audit-logging/audit-logging-pam" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/audit-logging/audit-logging-pam" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/audit-logging/audit-logging-pam" ><span class="devsite-nav-text" tooltip>Privileged Access Manager audit logging</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/audit-logging/audit-logging-sts" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/audit-logging/audit-logging-sts" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/audit-logging/audit-logging-sts" ><span class="devsite-nav-text" tooltip>Security Token Service API audit logging</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/audit-logging/examples-service-accounts" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/audit-logging/examples-service-accounts" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/audit-logging/examples-service-accounts" ><span class="devsite-nav-text" tooltip>Example logs for service accounts</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/audit-logging/examples-workforce-identity" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/audit-logging/examples-workforce-identity" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/audit-logging/examples-workforce-identity" ><span class="devsite-nav-text" tooltip>Example logs for Workforce Identity Federation</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/audit-logging/examples-oauth-clients" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/audit-logging/examples-oauth-clients" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/audit-logging/examples-oauth-clients" ><span class="devsite-nav-text" tooltip>Example logs for Workforce OAuth application integration</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/audit-logging/examples-workload-identity" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/audit-logging/examples-workload-identity" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/audit-logging/examples-workload-identity" ><span class="devsite-nav-text" tooltip>Example logs for Workload Identity Federation</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/iam/docs/analyze-access" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/analyze-access" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/analyze-access" ><span class="devsite-nav-text" tooltip>Analyze access to resources</span></a></li> <li class="devsite-nav-item devsite-nav-expandable"><div class="devsite-expandable-nav"> <a class="devsite-nav-toggle" aria-hidden="true"></a><div class="devsite-nav-title devsite-nav-title-no-path" tabindex="0" role="button"> <span class="devsite-nav-text" tooltip>Monitor service account usage</span> </div><ul class="devsite-nav-section"><li class="devsite-nav-item"><a href="/iam/docs/service-account-usage-tools" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-account-usage-tools" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-account-usage-tools" ><span class="devsite-nav-text" tooltip>Tools to understand service account usage</span></a></li><li class="devsite-nav-item"><a href="/iam/docs/service-account-monitoring" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/service-account-monitoring" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/service-account-monitoring" ><span class="devsite-nav-text" tooltip>Monitor usage patterns for service accounts and keys</span></a></li></ul></div></li> <li class="devsite-nav-item"><a href="/iam/docs/review-iam-policy-history" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/review-iam-policy-history" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/review-iam-policy-history" ><span class="devsite-nav-text" tooltip>Review allow policy history</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Troubleshoot</span> </div></li> <li class="devsite-nav-item"><a href="/iam/docs/troubleshoot-policies" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/troubleshoot-policies" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/troubleshoot-policies" ><span class="devsite-nav-text" tooltip>Troubleshoot allow and deny policies</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/troubleshoot-org-policies" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/troubleshoot-org-policies" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/troubleshoot-org-policies" ><span class="devsite-nav-text" tooltip>Troubleshoot organization policy errors for service accounts</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/troubleshooting-withcond" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/troubleshooting-withcond" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/troubleshooting-withcond" ><span class="devsite-nav-text" tooltip>Troubleshoot &#34;withcond&#34; in policies and role bindings</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/troubleshooting-workforce-identity-federation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/troubleshooting-workforce-identity-federation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/troubleshooting-workforce-identity-federation" ><span class="devsite-nav-text" tooltip>Troubleshoot Workforce Identity Federation</span></a></li> <li class="devsite-nav-item"><a href="/iam/docs/troubleshooting-workload-identity-federation" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/troubleshooting-workload-identity-federation" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/troubleshooting-workload-identity-federation" ><span class="devsite-nav-text" tooltip>Troubleshoot Workload Identity Federation</span></a></li> <li class="devsite-nav-item devsite-nav-heading"><div class="devsite-nav-title devsite-nav-title-no-path"> <span class="devsite-nav-text" tooltip>Samples</span> </div></li> <li class="devsite-nav-item"><a href="/iam/docs/samples" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /iam/docs/samples" track-type="bookNav" track-name="click" track-metadata-eventdetail="/iam/docs/samples" ><span class="devsite-nav-text" tooltip>All Identity and Access Management code samples</span></a></li> <li class="devsite-nav-item"><a href="/docs/samples" class="devsite-nav-title gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Book nav link, pathname: /docs/samples" track-type="bookNav" track-name="click" track-metadata-eventdetail="/docs/samples" ><span class="devsite-nav-text" tooltip>Code samples for all products</span></a></li> </ul> <ul class="devsite-nav-list" menu="Technology areas" aria-label="Side menu" hidden> <li class="devsite-nav-item"> <a href="/docs/ai-ml" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: AI and ML" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > AI and ML </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/application-development" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Application development" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Application development </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/application-hosting" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Application hosting" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Application hosting </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/compute-area" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Compute" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Compute </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/data" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Data analytics and pipelines" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Data analytics and pipelines </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/databases" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Databases" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Databases </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/dhm-cloud" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Distributed, hybrid, and multicloud" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Distributed, hybrid, and multicloud </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/generative-ai" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Generative AI" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Generative AI </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/industry" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Industry solutions" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Industry solutions </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/networking" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Networking" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Networking </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/observability" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Observability and monitoring" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Observability and monitoring </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/security" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Security" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Security </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/storage" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Storage" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Storage </span> </a> </li> </ul> <ul class="devsite-nav-list" menu="Cross-product tools" aria-label="Side menu" hidden> <li class="devsite-nav-item"> <a href="/docs/access-resources" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Access and resources management" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Access and resources management </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/costs-usage" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Costs and usage management" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Costs and usage management </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/devtools" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud SDK, languages, frameworks, and tools" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud SDK, languages, frameworks, and tools </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/iac" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Infrastructure as code" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Infrastructure as code </span> </a> </li> <li class="devsite-nav-item"> <a href="/docs/migration" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Migration" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Migration </span> </a> </li> </ul> <ul class="devsite-nav-list" menu="Related sites" aria-label="Side menu" hidden> <li class="devsite-nav-item"> <a href="/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Home" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Home </span> </a> </li> <li class="devsite-nav-item"> <a href="/free" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Free Trial and Free Tier" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Free Trial and Free Tier </span> </a> </li> <li class="devsite-nav-item"> <a href="/architecture" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Architecture Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Architecture Center </span> </a> </li> <li class="devsite-nav-item"> <a href="https://cloud.google.com/blog" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Blog" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Blog </span> </a> </li> <li class="devsite-nav-item"> <a href="/contact" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Contact Sales" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Contact Sales </span> </a> </li> <li class="devsite-nav-item"> <a href="/developers" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Developer Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Developer Center </span> </a> </li> <li class="devsite-nav-item"> <a href="https://developers.google.com/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Developer Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Developer Center </span> </a> </li> <li class="devsite-nav-item"> <a href="https://console.cloud.google.com/marketplace" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Marketplace" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Marketplace </span> </a> </li> <li class="devsite-nav-item"> <a href="/marketplace/docs" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Marketplace Documentation" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Marketplace Documentation </span> </a> </li> <li class="devsite-nav-item"> <a href="https://www.cloudskillsboost.google/paths" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Skills Boost" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Skills Boost </span> </a> </li> <li class="devsite-nav-item"> <a href="/solutions" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Solution Center" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Solution Center </span> </a> </li> <li class="devsite-nav-item"> <a href="/support-hub" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Support" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Support </span> </a> </li> <li class="devsite-nav-item"> <a href="https://www.youtube.com/@googlecloudtech" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Google Cloud Tech Youtube Channel" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Google Cloud Tech Youtube Channel </span> </a> </li> </ul> </div> </div> </nav> </devsite-book-nav> <section id="gc-wrapper"> <main role="main" id="main-content" class="devsite-main-content" has-book-nav has-sidebar > <div class="devsite-sidebar"> <div class="devsite-sidebar-content"> <devsite-toc class="devsite-nav" role="navigation" aria-label="On this page" depth="2" scrollbars ></devsite-toc> <devsite-recommendations-sidebar class="nocontent devsite-nav"> </devsite-recommendations-sidebar> </div> </div> <devsite-content> <article class="devsite-article"> <div class="devsite-article-meta nocontent" role="navigation"> <ul class="devsite-breadcrumb-list" aria-label="Breadcrumb"> <li class="devsite-breadcrumb-item "> <a href="https://cloud.google.com/" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="1" track-type="globalNav" track-name="breadcrumb" track-metadata-position="1" track-metadata-eventdetail="Google Cloud" > Home </a> </li> <li class="devsite-breadcrumb-item "> <div class="devsite-breadcrumb-guillemet material-icons" aria-hidden="true"></div> <a href="https://cloud.google.com/iam" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="2" track-type="globalNav" track-name="breadcrumb" track-metadata-position="2" track-metadata-eventdetail="IAM" > IAM </a> </li> <li class="devsite-breadcrumb-item "> <div class="devsite-breadcrumb-guillemet material-icons" aria-hidden="true"></div> <a href="https://cloud.google.com/iam/docs" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="3" track-type="globalNav" track-name="breadcrumb" track-metadata-position="3" track-metadata-eventdetail="IAM Documentation" > Documentation </a> </li> <li class="devsite-breadcrumb-item "> <div class="devsite-breadcrumb-guillemet material-icons" aria-hidden="true"></div> <a href="https://cloud.google.com/iam/docs/overview" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="4" track-type="globalNav" track-name="breadcrumb" track-metadata-position="4" track-metadata-eventdetail="" > Guides </a> </li> </ul> <devsite-thumb-rating position="header"> </devsite-thumb-rating> </div> <devsite-feedback position="header" project-name="IAM Documentation" product-id="717553" bucket="BYOID" context="" version="t-devsite-webserver-20250211-r00-rc00.466928320959134316" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="header" class="nocontent" project-icon="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/super_cloud.png" > <button> Send feedback </button> </devsite-feedback> <h1 class="devsite-page-title" tabindex="-1"> Workforce Identity Federation </h1> <devsite-feature-tooltip ack-key="AckCollectionsBookmarkTooltipDismiss" analytics-category="Site-Wide Custom Events" analytics-action-show="Callout Profile displayed" analytics-action-close="Callout Profile dismissed" analytics-label="Create Collection Callout" class="devsite-page-bookmark-tooltip nocontent" dismiss-button="true" id="devsite-collections-dropdown" dismiss-button-text="Dismiss" close-button-text="Got it"> <devsite-bookmark></devsite-bookmark> <span slot="popout-heading"> Stay organized with collections </span> <span slot="popout-contents"> Save and categorize content based on your preferences. </span> </devsite-feature-tooltip> <div class="devsite-page-title-meta"><devsite-view-release-notes></devsite-view-release-notes></div> <devsite-toc class="devsite-nav" depth="2" devsite-toc-embedded > </devsite-toc> <div class="devsite-article-body clearfix "> <p>This document describes the key concepts of Workforce Identity Federation.</p> <h2 id="what-is-wfif" data-text="What is Workforce Identity Federation?" tabindex="-1">What is Workforce Identity Federation?</h2> <p>Workforce Identity Federation lets you use an external identity provider (IdP) to authenticate and authorize a workforce—a group of <em>users</em>, such as employees, partners, and contractors—using IAM, so that the users can access Google Cloud services. With Workforce Identity Federation you don&#39;t need to synchronize user identities from your existing IdP to Google Cloud identities, as you would with Cloud Identity&#39;s <a href="https://tools.google.com/dlpage/dirsync/" class="external">Google Cloud Directory Sync (GCDS)</a>. Workforce Identity Federation extends Google Cloud&#39;s identity capabilities to support syncless, attribute-based single sign on.</p> <aside class="note"><strong>Note:</strong><span> In some IdPs, attributes are also known as claims or assertions.</span></aside> <p>After user authentication, information that is received from the IdP is used to determine the scope of access to the Google Cloud resources.</p> <p>You can use Workforce Identity Federation with any IdP that supports <a href="https://openid.net/connect/">OpenID Connect (OIDC)</a> or <a href="http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html">SAML 2.0</a>, such as Microsoft Entra ID, Active Directory Federation Services (AD FS), Okta, and others.</p> <aside class="note"><strong>Note:</strong><span> You can also use your IdP to authenticate <em>workloads</em> instead of workforce users. To learn more, see <a href="/iam/docs/workload-identity-federation">Workload Identity Federation</a>.</span></aside> <h2 id="workforce-identity-pools" data-text="Workforce identity pools" tabindex="-1">Workforce identity pools</h2> <p>Workforce identity pools let you manage groups of workforce identities and their access to Google Cloud resources.</p> <p>Pools let you do the following:</p> <ul> <li>Group user identities; for example, <code translate="no" dir="ltr">employees</code> or <code translate="no" dir="ltr">partners</code></li> <li>Grant IAM access to an entire pool or a subset thereof.</li> <li>Federate identities from one or more IdPs.</li> <li>Define policies on a group of users that require similar access permissions.</li> <li>Specify IdP-specific configuration information, including <a href="#attribute-mappings">attribute mapping</a> and <a href="#attribute-conditions">attribute conditions</a>.</li> <li>Enable the Google Cloud CLI and API access for third-party identities.</li> <li>Log access by users within a pool to Cloud Audit Logs, along with the pool ID.</li> </ul> <p>You can create multiple pools. For an example that describes one such approach, see <a href="#example-multiple-workforce-pools">Example: Multiple workforce identity pools</a>.</p> <p>Pools are configured at the <a href="/resource-manager/docs/cloud-platform-resource-hierarchy#organizations">Google Cloud organization level</a>. Because of this, pools are available across all projects and folders within the organization, as long as you have the appropriate IAM permissions to view the pool. When you first set up Workforce Identity Federation for your organization, you provide a name for the pool. In IAM allow policies, you reference the pool by its name. Because of this, we recommend that you name the pool so that it clearly describes the identities it contains.</p> <h2 id="workforce-identity-pool-providers" data-text="Workforce identity pool providers" tabindex="-1">Workforce identity pool providers</h2> <p>A workforce identity pool provider is an entity that describes a relationship between your Google Cloud organization and your IdP.</p> <p>Workforce Identity Federation follows the <a href="https://datatracker.ietf.org/doc/html/rfc8693">OAuth 2.0 Token Exchange specification (RFC 8693)</a>. You provide a credential from your external identity provider to the Security Token Service, which verifies the identity in the credential, and then returns a short-lived Google Cloud access token in exchange.</p> <h3 id="oidc-flow-types" data-text="OIDC flow types" tabindex="-1">OIDC flow types</h3> <p>For OIDC providers, Workforce Identity Federation supports both <a href="https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth" class="external">authorization code flow</a> and <a href="https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth" class="external">implicit flow</a>. Authorization code flow is considered to be the most secure, because tokens are returned from the IdP in a separate, secure backend transaction, directly from the IdP to Google Cloud, after users authenticate. As a result, code flow transactions can retrieve tokens of any size, so you can have more claims to use for attribute mapping and attribute condition. In implicit flow, by comparison, the ID Token is returned from the IdP to the browser. Tokens are subject to individual browser URL size limits.</p> <h2 id="console-federated" data-text="Google Cloud Workforce Identity Federation console" tabindex="-1">Google Cloud Workforce Identity Federation console</h2> <p>Users in a <a href="#workforce-identity-pools">workforce identity pool</a> can <a href="/iam/docs/workforce-console-sso">access the Google Cloud Workforce Identity Federation console, also known as the console (federated)</a>. The console provides these users with UI access to Google Cloud <a href="/iam/docs/federated-identity-supported-services">products that support Workforce Identity Federation</a>.</p> <h2 id="attribute-mappings" data-text="Attribute mappings" tabindex="-1">Attribute mappings</h2> <p>Your IdP provides attributes, referred to by some IdPs as <em>claims</em>. Attributes contain information about your users. You can map these attributes for use by Google Cloud using <a href="https://github.com/google/cel-spec" class="external">Common Expression Language (CEL)</a>.</p> <p>This section describes the set of required and optional attributes that Google Cloud provides.</p> <p>You can also define custom attributes in your IdP that can then be used by specific Google Cloud products; for example in IAM allow policies.</p> <p>The maximum size for attribute mappings is 4 KB.</p> <p>The attributes are as follows:</p> <ul> <li><p><code translate="no" dir="ltr">google.subject</code> (Required): a unique identifier for the authenticating user. It is <em>often the subject assertion of the JWT</em>, because Cloud Audit Logs logs record the contents of this field as the principal. You can use this field to configure IAM for authorization decisions. We recommend that you don&#39;t use a mutable value because if you change the value in your IdP&#39;s user directory, the user loses access.</p> <p>The maximum length is 127 bytes.</p></li> <li><p><code translate="no" dir="ltr">google.groups</code> (Optional): the collection of groups that the authenticating user is a member of. You can configure a logic expression using a subset of CEL that produces <em>an array of strings</em>. You can also use this field to configure IAM for authorization decisions. Limitations for <code translate="no" dir="ltr">google.groups</code> are as follows:</p> <ul> <li><p>We recommend that you limit the group name to 100 characters.</p></li> <li><p>If one user is associated with more than 100 groups, define a smaller set of groups, and only include those groups in assertions used to federate the user to Google Cloud. If one user belongs to more than 100 groups, authentication fails.</p></li> <li><p>If you use this attribute to grant access in IAM, every member in the mapped groups is granted access. Therefore, we recommend that you ensure that only authorized users in your organization can modify the membership of the mapped groups.</p></li> </ul></li> <li><p><code translate="no" dir="ltr">google.display_name</code> (Optional): attribute that is <em>used to set the name</em> of the signed-in user in the Google Cloud console. This attribute can&#39;t be used in IAM allow policies nor in the attribute condition.</p> <p>The maximum length is 100 bytes.</p></li> <li><p><code translate="no" dir="ltr">google.profile_photo</code> (Optional): a URL of the user&#39;s thumbnail photo. We recommend the photo to be 400x400 pixels. When this attribute is set, the image is visible as the user&#39;s profile picture in the Google Cloud console. If this value isn&#39;t set, or it can&#39;t be fetched, a generic user icon is displayed instead. This attribute can&#39;t be used in either IAM allow policies or in the attribute condition.</p></li> <li><p><code translate="no" dir="ltr">google.posix_username</code> (Optional): a unique POSIX-compliant username string used for the following:</p> <ul> <li><p><a href="/compute/docs/ssh-in-browser">SSH-in-browser</a>.</p></li> <li><p><a href="/compute/docs/oslogin/manage-oslogin-in-an-org#use_workforce_identity_federation_with_os_login">OS Login with Workforce Identity Federation</a> (<a href="/products#product-launch-stages">Preview</a>).</p></li> </ul> <p>This attribute can&#39;t be used in IAM allow policies or in the attribute condition. The maximum length is 32 characters.</p></li> <li><p><code translate="no" dir="ltr">google.email</code> (Optional): an attribute that is used to map email addresses of signed-in, federated users from the IdP to products that you integrate using <a href="/iam/docs/workforce-oauth-app">Workforce Identity Federation OAuth client integration</a>. This attribute can&#39;t be used in IAM allow policies or in the attribute condition.</p> <p>For example, to map email addresses from Okta using the OIDC protocol, include <code translate="no" dir="ltr">google.email=assertion.email</code> in your attribute mapping.</p> <p>Example Google Cloud products that support OAuth client integration include the following:</p> <ul> <li><a href="/iap/docs/use-workforce-identity-federation">Identity-Aware Proxy with Workforce Identity Federation</a></li> <li><a href="/secure-source-manager/docs/create-instance-federated-identities">Secure Source Manager with Workforce Identity Federation</a></li> </ul></li> <li><p><code translate="no" dir="ltr">attribute.<var translate="no">KEY</var></code> (Optional): an external IdP-defined attribute that is present in a user&#39;s IdP token. You can use the custom attribute to define your authorization strategy in an IAM allow policy.</p> <p>For example, in your IdP, you can choose to define an attribute such as the user&#39;s cost center as <code translate="no" dir="ltr">costcenter = &quot;1234&quot;</code>, and then refer to the principal in the following way:</p> <div></div><devsite-code><pre class="devsite-click-to-copy" translate="no" dir="ltr" is-upgraded><code translate="no" dir="ltr">principalSet://iam.googleapis.com/projects/<var translate="no">PROJECT_NUMBER</var>/locations/global/workloadIdentityPools/POOL_ID/attribute.costcenter/1234 </code></pre></devsite-code> <p>After you grant access on Google Cloud resources to this principal identifier, all identities that are configured in the IdP to have the <code translate="no" dir="ltr">costcenter</code> attribute set to <code translate="no" dir="ltr">1234</code> have access to the resources.</p> <p>You can configure a maximum of 50 custom attribute mapping rules. The maximum size of each such rule is 2048 characters.</p> <p>Although we don&#39;t have restrictions on the attributes you can map here, we strongly recommend that you choose attributes whose values are stable. For example, an attribute like <code translate="no" dir="ltr">attribute.job_description</code> might change for many reasons (such as improving its readability). As an alternative, consider using <code translate="no" dir="ltr">attribute.role</code>. Changes to the latter indicate a change of assigned responsibility and align with changes in the access granted to the user.</p></li> </ul> <p>You can transform attribute values using <a href="https://github.com/google/cel-spec/blob/master/doc/langdef.md">standard CEL functions</a>. You can also use the following custom functions:</p> <ul> <li><p><a href="https://pkg.go.dev/github.com/google/cel-go/ext#readme-split"><code translate="no" dir="ltr">split</code> function</a> splits a string on the provided separator value. For example, to extract the attribute <code translate="no" dir="ltr">username</code> from an email address attribute by splitting its value at the <code translate="no" dir="ltr">@</code> and using the first string, use the following attribute mapping: <div></div><devsite-code><pre translate="no" dir="ltr" is-upgraded> attribute.username=assertion.email.split(&quot;@&quot;)[0] </pre></devsite-code></p></li> <li><p><a href="https://pkg.go.dev/github.com/google/cel-go/ext#readme-join"><code translate="no" dir="ltr">join</code> function</a> joins a list of strings on the provided separator value. For example, to populates the custom attribute <code translate="no" dir="ltr">department</code> by concatenating a list of strings with <code translate="no" dir="ltr">.</code> as a separator, use the following attribute mapping: <div></div><devsite-code><pre translate="no" dir="ltr" is-upgraded> attribute.department=assertion.department.join(&quot;.&quot;) </pre></devsite-code></p></li> </ul> <h2 id="attribute-conditions" data-text="Attribute conditions" tabindex="-1">Attribute conditions</h2> <p>Attribute conditions are optional CEL expressions that let you set constraints on the identity attributes that Google Cloud accepts.</p> <p> <aside class="warning"> <b>Warning:</b> If your multi-tenant IdP has a single issuer URI, you must use <a href="/iam/docs/workforce-identity-federation#attribute-conditions">attribute conditions</a> to ensure that access is restricted to the correct tenant. For more information, see <a href="/iam/docs/workforce-identity-federation#use-attribute-conditions-multitenant">Use attribute conditions when federating with GitHub or other multi-tenant identity providers</a>. </aside> </p> <p>The benefits of using attribute conditions include the following:</p> <ul> <li>You can use attribute conditions to allow only a subset of external identities to authenticate to your Google Cloud project. For example, you might want to allow only those identities that are in a specific team to sign in, especially if you are using a public IdP. For another example, you might want to allow your accounting team to sign in, but not your engineering team.</li> <li>Attribute conditions let you prevent credentials intended for use with another platform from being used with Google Cloud, and vice-versa. This helps avoid the <a href="https://wikipedia.org/wiki/Confused_deputy_problem">confused deputy problem</a>.</li> </ul> <h3 id="use-attribute-conditions-multitenant" data-text="Use attribute conditions when federating with GitHub or other multi-tenant identity providers" tabindex="-1">Use attribute conditions when federating with GitHub or other multi-tenant identity providers</h3> <p>Workforce Identity Federation doesn&#39;t maintain a directory of user accounts; instead, it implements claims-based identities. As a result, when two tokens are issued by the same identity provider (IdP) and their claims map to the same <code translate="no" dir="ltr">google.subject</code> value, the two tokens are assumed to identify the same user. To find out which IdP issued a token, Workforce Identity Federation inspects and verifies the token&#39;s issuer URL.</p> <p>Multi-tenant IdPs, such as GitHub and Terraform Cloud, use a single issuer URL across all of their tenants. For these providers, the issuer URL identifies all of GitHub or Terraform Cloud, not a specific GitHub or Terraform Cloud organization.</p> <p>When you use these identity providers, it&#39;s insufficient to let Workforce Identity Federation check a token&#39;s issuer URL to ensure that it comes from a trusted source and that its claims can be trusted. If your multi-tenant IdP has a single issuer URL, we recommend that you must use attribute conditions to ensure that access is restricted to the correct tenant.</p> <h2 id="representing-workforce-users" data-text="Represent workforce pool users in IAM policies" tabindex="-1">Represent workforce pool users in IAM policies</h2> <p>The following table shows the principal identifiers that you use to grant roles to a single user, a group of users, users carrying a particular claim, or all users from a workforce pool.</p> <table> <thead> <tr> <th>Identities</th> <th>Identifier format</th> </tr> </thead> <tbody> <tr> <td>Single identity in a workforce identity pool</td> <td> <code translate="no" dir="ltr">principal://iam.googleapis.com/locations/global/workforcePools/<var translate="no">POOL_ID</var>/subject/<var translate="no">SUBJECT_ATTRIBUTE_VALUE</var></code> </td> </tr> <tr> <td>All workforce identities in a group</td> <td> <code translate="no" dir="ltr">principalSet://iam.googleapis.com/locations/global/workforcePools/<var translate="no">POOL_ID</var>/group/<var translate="no">GROUP_ID</var></code> </td> </tr> <tr> <td>All workforce identities with a specific attribute value</td> <td> <code translate="no" dir="ltr">principalSet://iam.googleapis.com/locations/global/workforcePools/<var translate="no">POOL_ID</var>/attribute.<var translate="no">ATTRIBUTE_NAME</var>/<var translate="no">ATTRIBUTE_VALUE</var></code> </td> </tr> <tr> <td>All identities in a workforce identity pool</td> <td> <code translate="no" dir="ltr">principalSet://iam.googleapis.com/locations/global/workforcePools/<var translate="no">POOL_ID</var>/*</code> </td> </tr> </tbody> </table> <h3 id="json-web-keys" data-text="JSON web keys" tabindex="-1">JSON web keys</h3> <p>The workforce pool provider can access <a href="https://www.rfc-editor.org/rfc/rfc7517">JSON web keys (JWKs)</a> that are provided by your IdP in the <code translate="no" dir="ltr">jwks_uri</code> field in the <code translate="no" dir="ltr">/.well-known/openid-configuration</code> document. If your OIDC provider doesn&#39;t provide this information, or your issuer is not publicly accessible, you can manually upload the JWKs when you create or update the OIDC provider.</p> <h2 id="restrict_cross-organization_access" data-text="Restrict cross-organization access" tabindex="-1">Restrict cross-organization access</h2> <p>Workforce identity pool principals can&#39;t directly access resources outside of the organization that they belong to. However, if a principal is given permission to <a href="/iam/docs/impersonating-service-accounts">impersonate a service account</a> within the organization, this constraint can be bypassed as service accounts aren&#39;t equally restricted.</p> <h2 id="workforce-pools-user-project" data-text="Workforce pools user project" tabindex="-1">Workforce pools user project</h2> <p>Most Google Cloud APIs charge billing and quota use to the project that contains the resource that your API request accesses. These APIs are called <em>resource-based APIs</em>. A few Google Cloud APIs charge to the project associated with the client; these are called <em>client-based APIs</em>. The project used for billing and quota purposes is called the <em>quota project</em>.</p> <p>When you create a Workforce Identity Federation configuration file, you specify a <em>workforce pools user project</em>. This project is used to identify your application to the Google APIs that it calls. The workforce pools user project is also used as the default quota project for client-based APIs, unless you use the gcloud CLI to initiate the API request. You must have the <code translate="no" dir="ltr">serviceusage.services.use</code> permission, which is included in the Service Usage Consumer (<code translate="no" dir="ltr">roles/serviceusage.serviceUsageConsumer</code>) role, for the project that you specify.</p> <p>For more information about the quota project, resource-based APIs, and client-based APIs, see <a href="/docs/quota/quota-project">Quota project overview</a>.</p> <h2 id="example-multiple-workforce-pools" data-text="Example: multiple workforce identity pools" tabindex="-1">Example: multiple workforce identity pools</h2> <p>This section contains an example that illustrates typical use of multiple pools.</p> <p>You can create one pool for employees and another for partners. Multinational organizations might create separate pools for different divisions in their organization. Pools allow for distributed management, in which different groups can independently manage their specific pool where roles are granted only to the identities in the pool.</p> <p>For example, suppose that a company named Enterprise Example Organization contracts a different company named Partner Example Organization Inc to provide Google Kubernetes Engine (GKE) DevOps services. For Partner Example Organization workforce to provide the services, their workforce must be allowed to access Google Kubernetes Engine (GKE) and other Google Cloud resources in Enterprise Example Organization&#39;s organization. Enterprise Example organization already has a workforce identity pool called <code translate="no" dir="ltr">enterprise-example-organization-employees</code>.</p> <p>To allow Partner Example Organization to manage access to Enterprise Example Organization&#39;s resources, Enterprise Example Organization creates a separate workforce pool for Partner Example Organization workforce users so that Partner Example Organization can manage it. Enterprise Example Organization provides the workforce pool to a Partner Example Organization administrator. Partner Example Organization&#39;s administrator uses their own IdP to grant access to their workforce.</p> <p>To do this, Enterprise Example Organization&#39;s Admin performs the following tasks:</p> <ol> <li><p>Create an identity such as <code translate="no" dir="ltr">partner-organization-admin@example.com</code> for the Partner Example Organization administrator in Enterprise Example Organization&#39;s IdP, which is already configured in the pool called <code translate="no" dir="ltr">enterprise-example-organization-employees</code>.</p></li> <li><p>Create a new workforce pool called <code translate="no" dir="ltr">example-organization-partner</code>.</p></li> <li><p>Create the following allow policy for the <code translate="no" dir="ltr">example-organization-partner</code> pool:</p> <div></div><devsite-code><pre class="devsite-click-to-copy" translate="no" dir="ltr" is-upgraded syntax="JSON"><code translate="no" dir="ltr"><span class="devsite-syntax-p">{</span> <span class="devsite-syntax-w"> </span><span class="devsite-syntax-nt">"bindings"</span><span class="devsite-syntax-p">:</span><span class="devsite-syntax-w"> </span><span class="devsite-syntax-p">[</span> <span class="devsite-syntax-w"> </span><span class="devsite-syntax-p">{</span> <span class="devsite-syntax-w"> </span><span class="devsite-syntax-nt">"role"</span><span class="devsite-syntax-p">:</span><span class="devsite-syntax-w"> </span><span class="devsite-syntax-s2">"roles/iam.workforcePoolEditor"</span><span class="devsite-syntax-p">,</span> <span class="devsite-syntax-w"> </span><span class="devsite-syntax-nt">"members"</span><span class="devsite-syntax-p">:</span><span class="devsite-syntax-w"> </span><span class="devsite-syntax-p">[</span> <span class="devsite-syntax-w"> </span><span class="devsite-syntax-s2">"principalSet://iam.googleapis.com/locations/global/workforcePools/enterprise-example-organization-employees/subject/partner-organization-admin@example.com"</span> <span class="devsite-syntax-w"> </span><span class="devsite-syntax-p">]</span> <span class="devsite-syntax-w"> </span><span class="devsite-syntax-p">}</span> <span class="devsite-syntax-w"> </span><span class="devsite-syntax-p">]</span> <span class="devsite-syntax-p">}</span> </code></pre></devsite-code></li> <li><p>Grant roles for <code translate="no" dir="ltr">example-organization-partner</code> pool on the resources they need access to in Enterprise Example Organization&#39;s organization.</p></li> </ol> <p>Partner Example Organization&#39;s administrator can now configure the <code translate="no" dir="ltr">example-organization-partner</code> pool to connect with their IdP. They can then allow Partner Example Organization workforce to sign in with Partner Example Organization&#39;s IdP credentials. After they sign in, Partner Example Organization workforce users can access Google Cloud resources, constrained by policies that are defined by Enterprise Example Organization.</p> <h2 id="easier_access_management" data-text="Easier access management" tabindex="-1">Easier access management</h2> <p>In large enterprises, IT administrators often create security groups as part of a best-practices access-control model. Security groups govern access to internal resources. Further, companies often create additional groups for employees and other groups for partners to extend this access-control model to cloud resources. This can result in proliferation of deeply nested groups that can become very difficult to manage.</p> <p>Your organization might also have policies that limit the number of groups that you can create so as to keep the user directory hierarchy reasonably flat. A better solution to prevent misconfiguration of IAM policies and limit growth of groups is to use multiple pools to create a broader separation of users from different organizational units and business units, and partner organizations. You can then reference these pools and groups contained within these pools to define IAM policies (see examples in the Configuring IAM step).</p> <h2 id="vpcsvcctl-limitations" data-text="VPC Service Controls limitations" tabindex="-1">VPC Service Controls limitations</h2> <p>Workforce Identity Federation administrative features, including workforce pool configuration APIs, and Security Token Service APIs don&#39;t support VPC Service Controls. However, Google Cloud products that support both <a href="/iam/docs/federated-identity-supported-services">Workforce Identity Federation</a> and <a href="/vpc-service-controls/docs/supported-products">VPC Service Controls</a> operate as documented and are subject to VPC Service Controls policy checks. Additionally, you can use <a href="/vpc-service-controls/docs/configure-identity-groups">third-party identities</a> such as workforce pool users and workload identities in the ingress or egress rules of VPC Service Controls.</p> <h2 id="essential-contacts" data-text="Workforce Identity Federation and Essential Contacts" tabindex="-1">Workforce Identity Federation and Essential Contacts</h2> <p>To receive important information about changes to your organization or Google Cloud products, you must provide <a href="/resource-manager/docs/managing-notification-contacts">Essential Contacts</a> when using Workforce Identity Federation. Cloud Identity users can be contacted through their Cloud Identity email address, but Workforce Identity Federation users are contacted using Essential Contacts.</p> <p>When you use the Google Cloud console to create or manage workforce identity pools, you will see a banner that asks you to configure an essential contact with the <strong>Legal</strong> and <strong>Suspension</strong> category. Alternatively, you can define a contact in the <strong>All</strong> category if you don&#39;t have separate contacts. Supplying the contacts will remove the banner.</p> <h2 id="whats_next" data-text="What's next" tabindex="-1">What's next</h2> <ul> <li>To learn how to set up Workforce Identity Federation, see <a href="/iam/docs/configuring-workforce-identity-federation">Configuring Workforce Identity Federation</a>. For IdP-specific instructions, see: <ul> <li><a href="/iam/docs/workforce-sign-in-microsoft-entra-id">Configure Workforce Identity Federation with Microsoft Entra ID and sign in users</a></li> <li><a href="/iam/docs/workforce-sign-in-okta">Configure Workforce Identity Federation with Okta and sign in users</a></li> </ul></li> <li><a href="/iam/docs/workforce-obtaining-short-lived-credentials">Obtain short-lived tokens for Workforce Identity Federation</a></li> <li><a href="/iam/docs/manage-workforce-identity-pools-providers">Manage workforce pools providers</a></li> <li><a href="/iam/docs/workforce-delete-user-data">Delete Workforce Identity Federation users and their data</a></li> <li><a href="/iam/docs/audit-logging/examples-workforce-identity">View Workforce Identity Federation audit logs</a></li> <li><a href="/iam/docs/federated-identity-supported-services">View products that support Workforce Identity Federation</a></li> <li><a href="/iam/docs/workforce-console-sso">Set up user access to console (federated)</a></li> </ul> <devsite-hats-survey class="nocontent" hats-id="Nd7nTix2o0eU5NUYprb0ThtUc5jf" listnr-id="83405"></devsite-hats-survey> </div> <devsite-thumb-rating position="footer"> </devsite-thumb-rating> <devsite-feedback position="footer" project-name="IAM Documentation" product-id="717553" bucket="BYOID" context="" version="t-devsite-webserver-20250211-r00-rc00.466928320959134316" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="footer" class="nocontent" project-icon="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/super_cloud.png" > <button> Send feedback </button> </devsite-feedback> <div class="devsite-floating-action-buttons"> </div> </article> <devsite-content-footer class="nocontent"> <p>Except as otherwise noted, the content of this page is licensed under the <a href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 License</a>, and code samples are licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0 License</a>. For details, see the <a href="https://developers.google.com/site-policies">Google Developers Site Policies</a>. Java is a registered trademark of Oracle and/or its affiliates.</p> <p>Last updated 2025-02-14 UTC.</p> </devsite-content-footer> <devsite-notification > </devsite-notification> <div class="devsite-content-data"> <template class="devsite-thumb-rating-feedback"> <devsite-feedback position="thumb-rating" project-name="IAM Documentation" product-id="717553" bucket="BYOID" context="" version="t-devsite-webserver-20250211-r00-rc00.466928320959134316" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="thumb-rating" class="nocontent" project-icon="https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/super_cloud.png" > <button> Need to tell us more? </button> </devsite-feedback> </template> <template class="devsite-content-data-template"> [[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-02-14 UTC."],[],[]] </template> </div> </devsite-content> </main> <devsite-footer-promos class="devsite-footer"> </devsite-footer-promos> <devsite-footer-linkboxes class="devsite-footer"> <nav class="devsite-footer-linkboxes nocontent" aria-label="Footer links"> <ul class="devsite-footer-linkboxes-list"> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Why Google</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/why-google-cloud/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-metadata-child_headline="why google"track-name="choosing google cloud"track-metadata-eventDetail="cloud.google.com/why-google-cloud/"track-metadata-module="footer"track-metadata-position="footer"track-type="footer link"> Choosing Google Cloud </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/trust-center/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-metadata-child_headline="why google"track-name="trust and security"track-metadata-eventDetail="cloud.google.com/security/"track-metadata-position="footer"track-type="footer link"track-metadata-module="footer"> Trust and security </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/modern-infrastructure/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-eventDetail="cloud.google.com/solutions/modern-infrastructure/"track-name="modern infrastructure cloud"track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="why google"track-metadata-position="footer"> Modern Infrastructure Cloud </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/multicloud/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-type="footer link"track-metadata-module="footer"track-name="multicloud"track-metadata-child_headline="why google"track-metadata-position="footer"track-metadata-eventDetail="cloud.google.com/multicloud/"> Multicloud </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/infrastructure/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="why google"track-name="global infrastructure"track-metadata-eventDetail="cloud.google.com/infrastructure/"track-metadata-position="footer"> Global infrastructure </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/customers/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-name="customers and case studies"track-metadata-eventDetail="cloud.google.com/customers/"track-metadata-module="footer"track-metadata-position="footer"track-metadata-child_headline="why google"track-type="footer link"> Customers and case studies </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/analyst-reports/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-metadata-child_headline="why google"track-metadata-position="footer"track-metadata-eventDetail="cloud.google.com/analyst-reports/"track-name="analyst reports"track-type="footer link"track-metadata-module="footer"> Analyst reports </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/whitepapers/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-metadata-module="footer"track-metadata-eventDetail="cloud.google.com/whitepapers/"track-type="footer link"track-name="whitepapers"track-metadata-child_headline="why google"track-metadata-position="footer"> Whitepapers </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//cloud.google.com/blog/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-metadata-eventDetail="cloud.google.com/blog/"track-metadata-position="footer"track-metadata-module="footer"track-metadata-child_headline="engage"track-type="footer link"track-name="blog"> Blog </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Products and pricing</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/pricing/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-metadata-eventDetail="cloud.google.com/pricing/"track-metadata-child_headline="products and pricing"track-metadata-module="footer"track-name="google cloud pricing"track-metadata-position="footer"track-type="footer link"> Google Cloud pricing </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//workspace.google.com/pricing.html" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-name="google workspace pricing"track-metadata-eventDetail="workspace.google.com/pricing.html"target="_blank"track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="products and pricing"track-metadata-position="footer"> Google Workspace pricing </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/products/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-type="footer link"track-metadata-position="footer"track-name="see all products"track-metadata-eventDetail="cloud.google.com/products/"track-metadata-child_headline="products and pricing"track-metadata-module="footer"> See all products </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Solutions</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/solutions/infrastructure-modernization/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-metadata-module="footer"track-name="infrastructure modernization"track-type="footer link"track-metadata-position="footer"track-metadata-child_headline="solutions"track-metadata-eventDetail="cloud.google.com/solutions/infrastructure-modernization/"> Infrastructure modernization </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/databases/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-metadata-eventDetail="cloud.google.com/solutions/databases"track-metadata-module="footer"track-metadata-child_headline="solutions"track-type="footer link"track-metadata-position="footer"track-name="databases"> Databases </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/application-modernization/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-type="footer link"track-metadata-child_headline="solutions"track-metadata-eventDetail="cloud.google.com/solutions/application-modernization/"track-metadata-position="footer"track-metadata-module="footer"track-name="application development"> Application modernization </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/smart-analytics/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-type="footer link"track-metadata-module="footer"track-name="smart analytics"track-metadata-eventDetail="cloud.google.com/solutions/smart-analytics/"track-metadata-position="footer"track-metadata-child_headline="solutions"> Smart analytics </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/ai/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" track-name="artificial intelligence"track-metadata-eventDetail="cloud.google.com/solutions/ai/"track-metadata-child_headline="solutions"track-metadata-position="footer"track-metadata-module="footer"track-type="footer link"> Artificial Intelligence </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/security/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-metadata-child_headline="solutions"track-metadata-module="footer"track-type="footer link"track-name="security"track-metadata-position="footer"track-metadata-eventDetail="cloud.google.com/solutions/security/"> Security </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://workspace.google.com/enterprise/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" target="_blank"track-metadata-eventDetail="workspace.google.com/enterprise/"track-metadata-position="footer"track-metadata-module="footer"track-metadata-child_headline="solutions"track-type="footer link"track-name="productivity and work transformation"> Productivity & work transformation </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/#industry-solutions" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-name="industry solutions"track-metadata-position="footer"track-type="footer link"track-metadata-child_headline="solutions"track-metadata-eventDetail="cloud.google.com/solutions/#industry-solutions"track-metadata-module="footer"> Industry solutions </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/devops/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-type="footer link"track-metadata-position="footer"track-name="devops solutions"track-metadata-eventDetail="cloud.google.com/solutions/devops/"track-metadata-child_headline="solutions"track-metadata-module="footer"> DevOps solutions </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/#section-14" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 10)" track-name="small business solutions"track-metadata-eventDetail="cloud.google.com/solutions/#section-14"track-metadata-position="footer"track-metadata-child_headline="solutions"track-type="footer link"track-metadata-module="footer"> Small business solutions </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/solutions/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 11)" track-type="footer link"track-metadata-module="footer"track-metadata-position="footer"track-metadata-child_headline="solutions"track-name="see all solutions"track-metadata-eventDetail="cloud.google.com/solutions/"> See all solutions </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Resources</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/affiliate-program/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-name="google cloud affiliate program"track-metadata-position="footer"track-metadata-child_headline="resources"track-metadata-module="footer"track-type="footer link"track-metadata-eventDetail="cloud.google.com/affiliate-program/"> Google Cloud Affiliate Program </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/docs/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-metadata-child_headline="resources"track-metadata-position="footer"track-type="footer link"track-metadata-module="footer"track-name="google cloud documentation"track-metadata-eventDetail="cloud.google.com/docs/"> Google Cloud documentation </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/docs/get-started/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-child_headline="resources"track-metadata-module="footer"track-type="footer link"track-metadata-eventDetail="cloud.google.com/docs/get-started/"track-name="google cloud quickstarts"track-metadata-position="footer"> Google Cloud quickstarts </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/marketplace/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-metadata-child_headline="resources"track-metadata-module="footer"track-metadata-position="footer"track-name="google cloud marketplace"track-type="footer link"track-metadata-eventDetail="cloud.google.com/marketplace/"> Google Cloud Marketplace </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/discover/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" track-metadata-eventDetail="learn/"track-metadata-module="footer"track-metadata-position="footer"track-name="learn about cloud computing"track-type="footer link"track-metadata-child_headline="resources"> Learn about cloud computing </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/support-hub/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-metadata-position="footer"track-name="support"track-metadata-child_headline="resources"track-metadata-module="footer"track-type="footer link"track-metadata-eventDetail="cloud.google.com/support-hub/"> Support </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/docs/samples" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-metadata-eventDetail="cloud.google.com/docs/samples"track-metadata-module="footer"track-name="code samples"track-metadata-position="footer"track-type="footer link"track-metadata-child_headline="resources"> Code samples </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/architecture/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-name="cloud architecture center"track-metadata-eventDetail="cloud.google.com/architecture/"track-metadata-child_headline="resources"track-metadata-position="footer"track-metadata-module="footer"track-type="footer link"> Cloud Architecture Center </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/learn/training/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" track-metadata-module="footer"track-name="training"track-type="footer link"track-metadata-child_headline="resources"track-metadata-eventDetail="cloud.google.com/training/"track-metadata-position="footer"> Training </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/learn/certification/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 10)" track-metadata-eventDetail="cloud.google.com/certification"track-name="certifications"track-metadata-module="footer"track-metadata-position="footer"track-type="footer link"track-metadata-child_headline="resources"> Certifications </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//developers.google.com" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 11)" track-metadata-eventDetail="developers.google.com"track-metadata-child_headline="resources"track-metadata-position="footer"target="_blank"track-metadata-module="footer"track-type="footer link"track-name="google developers"> Google for Developers </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/startup/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 12)" track-metadata-eventDetail="cloud.google.com/startup/"track-metadata-module="footer"track-metadata-child_headline="resources"track-type="footer link"track-metadata-position="footer"track-name="google cloud for startups"> Google Cloud for Startups </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//status.cloud.google.com" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 13)" target="_blank"track-metadata-position="footer"track-metadata-eventDetail="status.cloud.google.com"track-type="footer link"track-metadata-child_headline="resources"track-metadata-module="footer"track-name="system status"> System status </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/release-notes" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 14)" track-name="release notes"track-metadata-eventDetail="cloud.google.com/release-notes/"track-metadata-position="footer"track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="resources"> Release Notes </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Engage</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/contact/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" track-metadata-eventDetail="cloud.google.com/contact/"track-name="contact sales"track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="engage"track-metadata-position="footer"> Contact sales </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//cloud.google.com/find-a-partner" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" track-metadata-position="footer"target="_blank"track-metadata-eventDetail="cloud.google.com/find-a-partner"track-metadata-child_headline="engage"track-type="footer link"track-metadata-module="footer"track-name="find a partner"> Find a Partner </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/partners/become-a-partner/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 3)" track-metadata-position="footer"track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="engage"track-name="become a partner"track-metadata-eventDetail="cloud.google.com/partners/become-a-partner/"> Become a Partner </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/events/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 4)" track-name="events"track-metadata-eventDetail="cloud.withgoogle.com/events"track-metadata-position="footer"track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="engage"> Events </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/podcasts/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 5)" target="_blank"track-type="footer link"track-metadata-module="footer"track-metadata-position="footer"track-metadata-child_headline="engage"rel="noopener"track-name="podcasts"track-metadata-eventDetail="cloud.google.com/podcasts/"> Podcasts </a> </li> <li class="devsite-footer-linkbox-item"> <a href="/developers/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 6)" track-type="footer link"track-name="developer center"track-metadata-position="footer"track-metadata-eventDetail="cloud.google.com/developers/"track-metadata-child_headline="engage"track-metadata-module="footer"> Developer Center </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://www.googlecloudpresscorner.com/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 7)" track-metadata-position="footer"track-metadata-child_headline="engage"target="_blank"track-metadata-eventDetail="www.googlecloudpresscorner.com"track-metadata-module="footer"rel="noopener"track-name="press corner"track-type="footer link"> Press Corner </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//www.youtube.com/googlecloud" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 8)" track-metadata-eventDetail="www.youtube.com/googlecloud"track-metadata-module="footer"track-metadata-child_headline="engage"rel="noopener"target="_blank"track-type="footer link"track-metadata-position="footer"track-name="google cloud on youtube"> Google Cloud on YouTube </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//www.youtube.com/googlecloudplatform" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 9)" rel="noopener"track-type="footer link"track-name="google cloud tech on youtube"track-metadata-module="footer"track-metadata-eventDetail="www.youtube.com/googlecloudplatform"track-metadata-child_headline="engage"target="_blank"track-metadata-position="footer"> Google Cloud Tech on YouTube </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//x.com/googlecloud" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 10)" track-metadata-module="footer"rel="noopener"track-type="footer link"target="_blank"track-metadata-eventDetail="x.com/googlecloud"track-metadata-position="footer"track-name="follow on x"track-metadata-child_headline="engage"> Follow on X </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//userresearch.google.com/?reserved=1&amp;utm_source=website&amp;Q_Language=en&amp;utm_medium=own_srch&amp;utm_campaign=CloudWebFooter&amp;utm_term=0&amp;utm_content=0&amp;productTag=clou&amp;campaignDate=jul19&amp;pType=devel&amp;referral_code=jk212693" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 11)" target="_blank"track-metadata-module="footer"track-metadata-position="footer"track-type="footer link"track-name="join user research"track-metadata-eventDetail="userresearch.google.com/?reserved=1&amp;utm_source=website&amp;Q_Language=en&amp;utm_medium=own_srch&amp;utm_campaign=CloudWebFooter&amp;utm_term=0&amp;utm_content=0&amp;productTag=clou&amp;campaignDate=jul19&amp;pType=devel&amp;referral_code=jk212693"track-metadata-child_headline="engage"> Join User Research </a> </li> <li class="devsite-footer-linkbox-item"> <a href="//careers.google.com/cloud" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 12)" track-type="footer link"track-metadata-module="footer"track-metadata-child_headline="engage"target="_blank"track-name="we are hiring join google cloud"track-metadata-position="footer"track-metadata-eventDetail="careers.google.com/cloud"> We're hiring. Join Google Cloud! </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://www.googlecloudcommunity.com/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 13)" target="_blank"rel="noopener"track-name="google cloud community"track-type="footer link"track-metadata-child_headline="engage"track-metadata-eventDetail="www.googlecloudcommunity.com"track-metadata-module="footer"track-metadata-position="footer"> Google Cloud Community </a> </li> </ul> </li> </ul> </nav> </devsite-footer-linkboxes> <devsite-footer-utility class="devsite-footer"> <div class="devsite-footer-utility nocontent"> <nav class="devsite-footer-utility-links" aria-label="Utility links"> <ul class="devsite-footer-utility-list"> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="//about.google/" data-category="Site-Wide Custom Events" data-label="Footer About Google link" track-metadata-eventDetail="//about.google/" track-name="about google" track-metadata-position="footer" track-metadata-module="utility footer" track-type="footer link" target="_blank" > About Google </a> </li> <li class="devsite-footer-utility-item devsite-footer-privacy-link"> <a class="devsite-footer-utility-link gc-analytics-event" href="//policies.google.com/privacy" data-category="Site-Wide Custom Events" data-label="Footer Privacy link" track-metadata-module="utility footer" track-type="footer link" target="_blank" track-metadata-eventDetail="//policies.google.com/privacy" track-name="privacy" track-metadata-position="footer" > Privacy </a> </li> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="//www.google.com/intl/en/policies/terms/regional.html" data-category="Site-Wide Custom Events" data-label="Footer Site terms link" target="_blank" track-metadata-module="utility footer" track-type="footer link" track-metadata-position="footer" track-name="site terms" track-metadata-eventDetail="//www.google.com/intl/en/policies/terms/regional.html" > Site terms </a> </li> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="/product-terms/" data-category="Site-Wide Custom Events" data-label="Footer Google Cloud terms link" track-type="footer link" track-metadata-position="footer" track-name="google cloud terms" track-metadata-eventDetail="/product-terms/" track-metadata-module="utility footer" > Google Cloud terms </a> </li> <li class="devsite-footer-utility-item glue-cookie-notification-bar-control"> <a class="devsite-footer-utility-link gc-analytics-event" href="#" data-category="Site-Wide Custom Events" data-label="Footer Manage cookies link" aria-hidden="true" track-type="footer link" track-metadata-module="utility footer" track-metadata-eventDetail="#" track-name="Manage cookies" track-metadata-position="footer" > Manage cookies </a> </li> <li class="devsite-footer-utility-item devsite-footer-carbon-button"> <a class="devsite-footer-utility-link gc-analytics-event" href="/sustainability" data-category="Site-Wide Custom Events" data-label="Footer Our third decade of climate action: join us link" track-metadata-module="utility footer" track-type="footer link" track-name="Our third decade of climate action: join us" track-metadata-position="footer" track-metadata-eventDetail="/sustainability/" > Our third decade of climate action: join us </a> </li> <li class="devsite-footer-utility-item devsite-footer-utility-button"> <span class="devsite-footer-utility-description">Sign up for the Google Cloud newsletter</span> <a class="devsite-footer-utility-link gc-analytics-event" href="/newsletter/" data-category="Site-Wide Custom Events" data-label="Footer Subscribe link" track-metadata-eventDetail="/newsletter/" track-metadata-module="utility footer" track-metadata-position="footer" track-name="subscribe" track-type="footer link" > Subscribe </a> </li> </ul> <devsite-language-selector> <ul role="presentation"> <li role="presentation"> <a role="menuitem" lang="en" >English</a> </li> <li role="presentation"> <a role="menuitem" lang="de" >Deutsch</a> </li> <li role="presentation"> <a role="menuitem" lang="es_419" >Español – América Latina</a> </li> <li role="presentation"> <a role="menuitem" lang="fr" >Français</a> </li> <li role="presentation"> <a role="menuitem" lang="id" >Indonesia</a> </li> <li role="presentation"> <a role="menuitem" lang="it" >Italiano</a> </li> <li role="presentation"> <a role="menuitem" lang="pt_br" >Português – Brasil</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_cn" >中文 – 简体</a> </li> <li role="presentation"> <a role="menuitem" lang="ja" >日本語</a> </li> <li role="presentation"> <a role="menuitem" lang="ko" >한국어</a> </li> </ul> </devsite-language-selector> </nav> </div> </devsite-footer-utility> <devsite-panel></devsite-panel> </section></section> <devsite-sitemask></devsite-sitemask> <devsite-snackbar></devsite-snackbar> <devsite-tooltip ></devsite-tooltip> <devsite-heading-link></devsite-heading-link> <devsite-analytics> <script type="application/json" analytics>[]</script> <script type="application/json" tag-management>{&#34;at&#34;: &#34;True&#34;, &#34;ga4&#34;: [], &#34;ga4p&#34;: [], &#34;gtm&#34;: [{&#34;id&#34;: &#34;GTM-5CVQBG&#34;, &#34;purpose&#34;: 1}], &#34;parameters&#34;: {&#34;internalUser&#34;: &#34;False&#34;, &#34;language&#34;: {&#34;machineTranslated&#34;: &#34;False&#34;, &#34;requested&#34;: &#34;en&#34;, &#34;served&#34;: &#34;en&#34;}, &#34;pageType&#34;: &#34;article&#34;, &#34;projectName&#34;: &#34;IAM Documentation&#34;, &#34;signedIn&#34;: &#34;False&#34;, &#34;tenant&#34;: &#34;cloud&#34;, &#34;recommendations&#34;: {&#34;sourcePage&#34;: &#34;&#34;, &#34;sourceType&#34;: 0, &#34;sourceRank&#34;: 0, &#34;sourceIdenticalDescriptions&#34;: 0, &#34;sourceTitleWords&#34;: 0, &#34;sourceDescriptionWords&#34;: 0, &#34;experiment&#34;: &#34;&#34;}, &#34;experiment&#34;: {&#34;ids&#34;: &#34;&#34;}}}</script> </devsite-analytics> <devsite-badger></devsite-badger> <cloudx-user></cloudx-user> <cloudx-free-trial-eligible-store freeTrialEligible='true'></cloudx-free-trial-eligible-store> <cloudx-pricing-socket></cloudx-pricing-socket> <cloudx-experiments type="TestAACodivertedExperiment" path="/virtual/TestAACodivertedExperiment/configureExperiment" location="SG" variant="variant2" ></cloudx-experiments> <cloudx-experiment-ids userCountry="SG" devsiteExperimentIdList="[39300012, 39300021, 39300118, 39300195, 39300251, 39300319, 39300320, 39300325, 39300346, 39300354, 39300364, 39300373, 39300412, 39300421, 39300436, 39300469, 39300472, 39300487, 39300496, 39300498, 39300570]"> </cloudx-experiment-ids> <script nonce="R1gWNzDCwLPsqkvx9Nu7y/xleCkKfj"> (function(d,e,v,s,i,t,E){d['GoogleDevelopersObject']=i; t=e.createElement(v);t.async=1;t.src=s;E=e.getElementsByTagName(v)[0]; E.parentNode.insertBefore(t,E);})(window, document, 'script', 'https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/js/app_loader.js', '[2,"en",null,"/js/devsite_app_module.js","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud","https://cloud-dot-devsite-v2-prod.appspot.com",null,null,["/_pwa/cloud/manifest.json","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/images/video-placeholder.svg","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/favicons/onecloud/favicon.ico","https://www.gstatic.com/devrel-devsite/prod/v38a693baeb774512feb42f10aac8f755d8791ed41119b5be7a531f8e16f8279f/cloud/images/cloud-logo.svg","https://fonts.googleapis.com/css?family=Google+Sans:400,500,700|Google+Sans+Text:400,400italic,500,500italic,700,700italic|Roboto:400,400italic,500,500italic,700,700italic|Roboto+Mono:400,500,700&display=swap"],1,null,[1,6,8,12,14,17,21,25,50,52,63,70,75,76,80,87,91,92,93,97,98,100,101,102,103,104,105,107,108,109,110,112,113,117,118,120,122,124,125,126,127,129,130,131,132,133,134,135,136,138,140,141,147,148,149,151,152,156,157,158,159,161,163,164,168,169,170,179,180,182,183,186,191,193,196],"AIzaSyAP-jjEJBzmIyKR4F-3XITp8yM9T1gEEI8","AIzaSyB6xiKGDR5O3Ak2okS4rLkauxGUG7XP0hg","cloud.google.com","AIzaSyAQk0fBONSGUqCNznf6Krs82Ap1-NV6J4o","AIzaSyCCxcqdrZ_7QMeLCRY20bh_SXdAYqy70KY",null,null,null,["MiscFeatureFlags__enable_view_transitions","Search__enable_page_map","Search__enable_suggestions_from_borg","Concierge__enable_pushui","MiscFeatureFlags__enable_explain_this_code","Profiles__enable_release_notes_notifications","BookNav__enable_tenant_cache_key","Profiles__enable_recognition_badges","TpcFeatures__enable_unmirrored_page_left_nav","Profiles__enable_complete_playlist_endpoint","Profiles__enable_dashboard_curated_recommendations","EngEduTelemetry__enable_engedu_telemetry","DevPro__enable_cloud_innovators_plus","MiscFeatureFlags__developers_footer_image","Profiles__enable_page_saving","Cloud__enable_free_trial_server_call","Search__enable_dynamic_content_confidential_banner","Experiments__reqs_query_experiments","Profiles__enable_completecodelab_endpoint","Analytics__enable_clearcut_logging","Profiles__enable_completequiz_endpoint","Profiles__enable_public_developer_profiles","MiscFeatureFlags__enable_variable_operator","Cloud__enable_cloud_facet_chat","CloudShell__cloud_code_overflow_menu","Profiles__require_profile_eligibility_for_signin","Search__enable_ai_eligibility_checks","MiscFeatureFlags__emergency_css","Cloud__enable_cloud_shell","Profiles__enable_developer_profiles_callout","Cloud__enable_cloud_dlp_service","MiscFeatureFlags__developers_footer_dark_image","Search__enable_ai_search_summaries_restricted","Profiles__enable_stripe_subscription_management","Profiles__enable_profile_collections","MiscFeatureFlags__enable_firebase_utm","Search__enable_ai_search_summaries","Profiles__enable_join_program_group_endpoint","Cloud__enable_cloudx_ping","Cloud__enable_cloud_shell_fte_user_flow","Concierge__enable_concierge_restricted","TpcFeatures__enable_mirror_tenant_redirects","Profiles__enable_awarding_url","MiscFeatureFlags__enable_project_variables","DevPro__enable_developer_subscriptions","CloudShell__cloud_shell_button","Cloud__enable_llm_concierge_chat","Cloud__enable_cloudx_experiment_ids","Search__scope_to_project_tenant","Cloud__enable_legacy_calculator_redirect"],null,null,"AIzaSyBLEMok-5suZ67qRPzx0qUtbnLmyT_kCVE","https://developerscontentserving-pa.clients6.google.com","AIzaSyCM4QpTRSqP5qI4Dvjt4OAScIN8sOUlO-k","https://developerscontentsearch-pa.clients6.google.com",1,4,1,"https://developerprofiles-pa.clients6.google.com",[2,"cloud","Google Cloud","cloud.google.com",null,"cloud-dot-devsite-v2-prod.appspot.com",null,null,[1,1,null,null,null,null,null,null,null,null,null,[1],null,null,null,null,null,1,[1],[null,null,null,[1,20],"/terms/recommendations"],[1],null,[1],[1,null,1],[1,1,null,null,1,null,["/vertex-ai/"]]],null,[22,null,null,null,null,null,"/images/cloud-logo.svg","/images/favicons/onecloud/apple-icon.png",null,null,null,null,1,1,1,[6,5],[],null,null,[[],[],[],[],[],[],[],[]],null,1,null,null,null,null,[]],[],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,[6,1,14,15,22,23,29,37],null,[[null,null,null,null,null,null,[1,[["docType","Choose a content type",[["ApiReference",null,null,null,null,null,null,null,null,"API reference"],["Sample",null,null,null,null,null,null,null,null,"Code sample"],["ReferenceArchitecture",null,null,null,null,null,null,null,null,"Reference architecture"],["Tutorial",null,null,null,null,null,null,null,null,"Tutorial"]]],["category","Choose a topic",[["AiAndMachineLearning",null,null,null,null,null,null,null,null,"Artificial intelligence and machine learning (AI/ML)"],["ApplicationDevelopment",null,null,null,null,null,null,null,null,"Application development"],["BigDataAndAnalytics",null,null,null,null,null,null,null,null,"Big data and analytics"],["Compute",null,null,null,null,null,null,null,null,"Compute"],["Containers",null,null,null,null,null,null,null,null,"Containers"],["Databases",null,null,null,null,null,null,null,null,"Databases"],["HybridCloud",null,null,null,null,null,null,null,null,"Hybrid and multicloud"],["LoggingAndMonitoring",null,null,null,null,null,null,null,null,"Logging and monitoring"],["Migrations",null,null,null,null,null,null,null,null,"Migrations"],["Networking",null,null,null,null,null,null,null,null,"Networking"],["SecurityAndCompliance",null,null,null,null,null,null,null,null,"Security and compliance"],["Serverless",null,null,null,null,null,null,null,null,"Serverless"],["Storage",null,null,null,null,null,null,null,null,"Storage"]]]]]],[1],null,1],[[null,null,null,null,null,["GTM-5CVQBG"],null,null,null,null,null,[["GTM-5CVQBG",2]],1],null,null,null,null,null,1],"mwETRvWii0eU5NUYprb0Y9z5GVbc",4,null,null,null,null,null,null,null,null,null,null,null,null,null,"cloud.devsite.google"],null,"pk_live_5170syrHvgGVmSx9sBrnWtA5luvk9BwnVcvIi7HizpwauFG96WedXsuXh790rtij9AmGllqPtMLfhe2RSwD6Pn38V00uBCydV4m",1]') </script> <devsite-a11y-announce></devsite-a11y-announce> </body> </html>