Stay organized with collections
Save and categorize content based on your preferences.
Policy API overview
The Cloud Identity Policy API is a read-only API that can be used to
programmatically view the settings that administrators can configure through the
Admin console for a Google Workspace domain.
The Cloud Identity Policy API provides a different view of policies than the Admin
console. For a given setting, the Admin console displays a
reduced setting value
for an organization unit or group, while the Cloud Identity Policy API provide
the underlying source of truth policies where a value has been explicitly set.
Only a super administrator can use the Cloud Identity Policy API.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe Cloud Identity Policy API is a read-only tool for programmatically viewing Google Workspace domain settings.\u003c/p\u003e\n"],["\u003cp\u003eIt offers a view of policies that differs from the Admin console, showing explicitly set values rather than reduced settings.\u003c/p\u003e\n"],["\u003cp\u003eOnly super administrators have the authority to use the Cloud Identity Policy API.\u003c/p\u003e\n"],["\u003cp\u003eThe Policy API allows users to see the underlying source of truth policies for settings within an organization or group.\u003c/p\u003e\n"]]],[],null,["# Policy API overview\n===================\n\nThe Cloud Identity Policy API is a read-only API that can be used to\nprogrammatically view the settings that administrators can configure through the\nAdmin console for a Google Workspace domain.\n\nThe Cloud Identity Policy API provides a different view of policies than the Admin\nconsole. For a given setting, the Admin console displays a\n[reduced setting value](/identity/docs/concepts/policy-api-concepts#terminology)\nfor an organization unit or group, while the Cloud Identity Policy API provide\nthe underlying source of truth policies where a value has been explicitly set.\n\nOnly a super administrator can use the Cloud Identity Policy API.\n\nWhat's next\n-----------\n\n- To set up Cloud Identity, see [Setting up Cloud Identity](/identity/docs/set-up-cloud-identity-admin).\n- To set up the Policy API, see [Setting up the Policy API](/identity/docs/how-to/setup-policies).\n- To list and get policies, see [Listing and getting policies](/identity/docs/how-to/list-get-policies).\n- To learn more about which settings are supported by the Policy API, see [Policy API supported settings](/identity/docs/concepts/supported-policy-api-settings)."]]