REST Resource: locations.workforcePools
Resource: WorkforcePool
Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.
| JSON representation |
|---|
{"name":string,"parent":string,"displayName":string,"description":string,"state":enum ( |
| Fields | |
|---|---|
name |
Identifier. The resource name of the pool. Format: |
parent |
Immutable. The resource name of the parent. Format: |
displayName |
Optional. A display name for the pool. Cannot exceed 32 characters. |
description |
Optional. A description of the pool. Cannot exceed 256 characters. |
state |
Output only. The state of the pool. |
disabled |
Optional. Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. |
sessionDuration |
Optional. Duration that the Google Cloud access tokens, console sign-in sessions, and Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If For SAML providers, the lifetime of the token is the minimum of the A duration in seconds with up to nine fractional digits, ending with ' |
expireTime |
Output only. Time after which the workforce pool will be permanently purged and cannot be recovered. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
accessRestrictions |
Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. |
State
The current state of the pool.
| Enums | |
|---|---|
STATE_UNSPECIFIED | State unspecified. |
ACTIVE | The pool is active and may be used in Google Cloud policies. |
DELETED | The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again. |
AccessRestrictions
Access related restrictions on the workforce pool.
| JSON representation |
|---|
{"allowedServices":[{object ( |
| Fields | |
|---|---|
allowedServices[] |
Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. |
disableProgrammaticSignin |
Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. SeeSecurity Token Service API. |
ServiceConfig
Configuration for a service.
| JSON representation |
|---|
{"domain":string} |
| Fields | |
|---|---|
domain |
Optional. Domain name of the service. Example: console.cloud.google |
Methods | |
|---|---|
| Creates a newWorkforcePool. |
| Deletes aWorkforcePool. |
| Gets an individualWorkforcePool. |
| Gets IAM policies on aWorkforcePool. |
| Lists all non-deletedWorkforcePools under the specified parent. |
| Updates an existingWorkforcePool. |
| Sets IAM policies on aWorkforcePool. |
| Returns the caller's permissions on theWorkforcePool. |
| Undeletes aWorkforcePool, as long as it was deleted fewer than 30 days ago. |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-25 UTC.