User Permissions to invite and remove members of their organization


I am representing a B2B SaaS company and we are currently looking to onboard entire customer organizations with their complete setup in Google.

Administration: Ideally, we envision a user management system where a corporate admin can grant or revoke access to users. Any member of the organization should be able to invite new users.

Login: Only users who are set up in the system should be able to log in, with others receiving an error message.

My Question: How can I implement this? I assume I need to create organizations and enable Google login for these organizations.

However, I haven’t found a way to give individual members of an organization API access to the User Management API, allowing them to invite (any member) or remove users (organization admins only) within their organization.

Currently, I can only create roles for my own APIs, but not for the User Management API.

I want to map this cleanly using permissions. As a fallback, I can think of calling the User Management from my own API on behalf of a general organization admin, but I am not very keen on this approach.

Any guidance or suggestions on how to achieve this would be greatly appreciated.

Thank you.

Forgot the screenshot. I can only add permissions for my own api, not for the user management api.