To create a security group, callgroups.create()with
an instance of the new group. The group instance must include agroupKey,Parent, andlabelsset tocloudidentity.googleapis.com/groups.securityandcloudidentity.googleapis.com/groups.discussion_forum
Python
The following example shows a helper function to create a Google Group using
the Python client library:
defcreate_google_group(service,customer_id,group_id,group_display_name,group_description):group_key={"id":group_id}group={"parent":"customers/"+customer_id,"description":group_description,"displayName":group_display_name,"groupKey":group_key,# Set the label to specify creation of a Google Group."labels":{"cloudidentity.googleapis.com/groups.security":"","cloudidentity.googleapis.com/groups.discussion_forum":""}}try:request=service.groups().create(body=group)request.uri+="&initialGroupConfig=WITH_INITIAL_OWNER"response=request.execute()print(response)exceptExceptionase:print(e)
Updating a Google Group to a security group
REST
To update a Google Group to a security group, callgroups.patch()withupdateMaskset tocloudidentity.googleapis.com/groups.securityandcloudidentity.googleapis.com/groups.discussion_forum.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis page explains the process of creating new security groups or updating existing Google Groups to security groups.\u003c/p\u003e\n"],["\u003cp\u003eSecurity groups can only contain users, service accounts, or other security groups within the domain, and this label can not be applied to Google groups that do not meet these requirements.\u003c/p\u003e\n"],["\u003cp\u003eOnly predefined Super Admins or Group Admins have the authority to manage and update security groups.\u003c/p\u003e\n"],["\u003cp\u003eCreating a new security group involves using the \u003ccode\u003egroups.create()\u003c/code\u003e API method, while updating a Google Group requires the \u003ccode\u003egroups.patch()\u003c/code\u003e method, setting specific labels.\u003c/p\u003e\n"],["\u003cp\u003eUpdating a Google Group to a security group is a permanent change and cannot be reversed.\u003c/p\u003e\n"]]],[],null,["# Creating security groups\n========================\n\nThis page explains how to create [security groups](/identity/docs/groups#group-types). You can create a new security\ngroup or update a Google group to a security group.\n\nBefore you begin\n----------------\n\n| **Note:** Before you use any of the Cloud Identity APIs, you must set up Cloud Identity. See [Setting up Cloud Identity](/identity/docs/set-up-cloud-identity-admin) for instructions.\n\nPerform the following tasks before proceeding with the information on this page:\n\n- Read the [Groups API overview](/identity/docs/groups).\n\n- [Set up the Groups API](/identity/docs/how-to/setup).\n\nSecurity group requirements\n---------------------------\n\nSecurity groups can only contain the following:\n\n- Users inside or outside of your domain (while associated with a Google service)\n- Service accounts inside or outside of your domain\n- Security groups inside of your domain\n\nYou can't apply the security group label to a Google Group that doesn't meet\nthese conditions.\n\nOnly\n[predefined Super Admins or Groups Admins](https://support.google.com/a/answer/2405986)\nhave the permissions to update security groups.\n\nCreating a new security group\n-----------------------------\n\n### REST\n\nTo create a security group, call\n[`groups.create()`](/identity/docs/reference/rest/v1/groups/create) with\nan instance of the new group. The group instance must include a `groupKey`,\n`Parent`, and `labels` set to `cloudidentity.googleapis.com/groups.security`\nand `cloudidentity.googleapis.com/groups.discussion_forum`\n\n### Python\n\nThe following example shows a helper function to create a Google Group using\nthe Python client library: \n\n def create_google_group(service, customer_id, group_id, group_display_name, group_description):\n group_key = {\"id\": group_id}\n group = {\n \"parent\": \"customers/\" + customer_id,\n \"description\": group_description,\n \"displayName\": group_display_name,\n \"groupKey\": group_key,\n # Set the label to specify creation of a Google Group.\n \"labels\": {\n \"cloudidentity.googleapis.com/groups.security\": \"\",\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\"\n }\n }\n\n try:\n request = service.groups().create(body=group)\n request.uri += \"&initialGroupConfig=WITH_INITIAL_OWNER\"\n response = request.execute()\n print(response)\n except Exception as e:\n print(e)\n\nUpdating a Google Group to a security group\n-------------------------------------------\n\n**Warning:** A security group cannot be changed back to a Google Group. \n\n### REST\n\nTo update a Google Group to a security group, call\n[`groups.patch()`](/identity/docs/reference/rest/v1/groups/patch) with\n`updateMask` set to `cloudidentity.googleapis.com/groups.security` and\n`cloudidentity.googleapis.com/groups.discussion_forum`.\n\n**Sample request body** \n\n {\n \"labels\": {\n \"cloudidentity.googleapis.com/groups.security\": \"\",\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\"\n }\n }\n\n### Python\n\nThe following example shows a helper function to update a Google Group to a\nsecurity group using the Python client library: \n\n def add_security_label_to_group(service, group_name):\n group = {\n \"labels\": {\n \"cloudidentity.googleapis.com/groups.security\": \"\",\n \"cloudidentity.googleapis.com/groups.discussion_forum\": \"\"\n }\n }\n try:\n request = service.groups().patch(name=group_name, body=group)\n request.uri = request.uri + '&updateMask=labels'\n response = request.execute()\n print(response)\n except Exception as e:\n print(e)"]]
