- NAME
-
- gcloud iam workforce-pools providers scim-tenants create - create an IAM workforce identity pool provider SCIM tenant
- SYNOPSIS
-
-
gcloud iam workforce-pools providers scim-tenants create(SCIM_TENANT:--location=LOCATION--provider=PROVIDER--workforce-pool=WORKFORCE_POOL)--claim-mapping= [KEY=VALUE, …] [--description=DESCRIPTION] [--display-name=DISPLAY_NAME] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
- Create a new SCIM tenant associated with a specific workforce identity pool
provider.
Upon successful creation, the command returns the created SCIM tenant resource.
- EXAMPLES
- To create a SCIM tenant with ID
my-tenantunder providermy-okta-providerin poolmy-poollocated inglobalwith claim mappings:gcloud iam workforce-pools providers scim-tenants create my-tenant --location = global --workforce-pool = my-pool --provider = my-okta-provider --claim-mapping = "google.subject=user.externalId,google.group=group.externalId"To create a SCIM tenant
sales-tenantunder providersalesforcein poolpartner-poollocated ineurope-west1with claim mappings:gcloud iam workforce-pools providers scim-tenants create sales-tenant --location = europe-west1 --workforce-pool = partner-pool --provider = salesforce --claim-mapping = "google.subject=user.externalId,google.group=group.externalId" - POSITIONAL ARGUMENTS
-
- Workforce pool provider scim tenant resource - The ID of the SCIM tenant to
create. Must be 4-32 characters, alphanumeric ([a-z0-9-]), and cannot start with
gcp-. The arguments in this group can be used to specify the attributes of this
resource.
This must be specified.
-
SCIM_TENANT - ID of the workforce pool provider scim tenant or fully qualified identifier for
the workforce pool provider scim tenant.
To set the
scim_tenantattribute:- provide the argument
scim_tenanton the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
- provide the argument
-
--location=LOCATION - The location for the workforce pool.
To set the
locationattribute:- provide the argument
scim_tenanton the command line with a fully specified name; - provide the argument
--locationon the command line.
- provide the argument
-
--provider=PROVIDER - The ID to use for the workforce pool provider, which becomes the final component
of the resource name. This value must be unique within the workforce pool, 4-32
characters in length, and may contain the characters [a-z0-9-]. The prefix
gcp-is reserved for use by Google, and may not be specified. To set theproviderattribute:- provide the argument
scim_tenanton the command line with a fully specified name; - provide the argument
--provideron the command line.
- provide the argument
-
--workforce-pool=WORKFORCE_POOL - The ID to use for the workforce pool, which becomes the final component of the
resource name. This value must be a globally unique string of 6 to 63 lowercase
letters, digits, or hyphens. It must start with a letter, and cannot have a
trailing hyphen. The prefix
gcp-is reserved for use by Google, and may not be specified. To set theworkforce-poolattribute:- provide the argument
scim_tenanton the command line with a fully specified name; - provide the argument
--workforce-poolon the command line.
- provide the argument
-
- Workforce pool provider scim tenant resource - The ID of the SCIM tenant to
create. Must be 4-32 characters, alphanumeric ([a-z0-9-]), and cannot start with
gcp-. The arguments in this group can be used to specify the attributes of this
resource.
- REQUIRED FLAGS
-
-
--claim-mapping=[KEY=VALUE,…] - A comma-separated list of KEY=VALUE pairs defining attribute mappings.
-
- OPTIONAL FLAGS
-
-
--description=DESCRIPTION - Optional, user-specified description for the SCIM tenant (max 256 characters).
-
--display-name=DISPLAY_NAME - Optional, user-specified display name for the SCIM tenant (max 32 characters).
-
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - API REFERENCE
- This command uses the
iam/v1API. The full documentation for this API can be found at: https://cloud.google.com/iam/ - NOTES
- These variants are also available:
gcloud alpha iam workforce-pools providers scim-tenants creategcloud beta iam workforce-pools providers scim-tenants create
gcloud iam workforce-pools providers scim-tenants create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.
