A WorkforcePoolSubject is automatically created the first time an external credential is exchanged for a Google Cloud credential using a mapped google.subject attribute. There is no endpoint to manually create a WorkforcePoolSubject.
For 30 days after a WorkforcePoolSubject is deleted, using the same google.subject attribute in token exchanges with Google Cloud STS fails.
Call subjects.undelete to undelete a WorkforcePoolSubject that has been deleted, within within 30 days of deleting it.
After 30 days, the WorkforcePoolSubject is permanently deleted. At this point, a token exchange with Google Cloud STS that uses the same mapped google.subject attribute automatically creates a new WorkforcePoolSubject that is unrelated to the previously deleted WorkforcePoolSubject but has the same google.subject value.
Required. The resource name of the WorkforcePoolSubject. Special characters, like / and :, must be escaped, because all URLs need to conform to the "When to Escape and Unescape" section of RFC3986.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-21 UTC."],[[["\u003cp\u003eThis endpoint deletes a \u003ccode\u003eWorkforcePoolSubject\u003c/code\u003e, which must not already be in a deleted state.\u003c/p\u003e\n"],["\u003cp\u003eA deleted \u003ccode\u003eWorkforcePoolSubject\u003c/code\u003e prevents token exchanges with the same \u003ccode\u003egoogle.subject\u003c/code\u003e attribute for 30 days.\u003c/p\u003e\n"],["\u003cp\u003eWithin 30 days of deletion, a \u003ccode\u003eWorkforcePoolSubject\u003c/code\u003e can be undeleted using the \u003ccode\u003esubjects.undelete\u003c/code\u003e call, after which, it is permanently deleted.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request for deleting a \u003ccode\u003eWorkforcePoolSubject\u003c/code\u003e is a \u003ccode\u003eDELETE\u003c/code\u003e request to a specific URL with the format \u003ccode\u003ehttps://iam.googleapis.com/v1/{name=locations/*/workforcePools/*/subjects/*}\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must be empty and it requires one of two OAuth scopes: \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e or \u003ccode\u003ehttps://www.googleapis.com/auth/iam\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,[]]