diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto
index d9508c7..c20c4f2 100644
--- a/temporal/api/cloud/cloudservice/v1/request_response.proto
+++ b/temporal/api/cloud/cloudservice/v1/request_response.proto
@@ -21,6 +21,21 @@ import "temporal/api/cloud/usage/v1/message.proto";
 import "temporal/api/cloud/connectivityrule/v1/message.proto";
 import "temporal/api/cloud/auditlog/v1/message.proto";
 
+message GetCurrentIdentityRequest {
+}
+
+message GetCurrentIdentityResponse {
+    // The authenticated principal making the request
+    oneof principal {
+        // The user is a regular user
+        temporal.api.cloud.identity.v1.User user = 1;
+        // The user is a service account
+        temporal.api.cloud.identity.v1.ServiceAccount service_account = 2;
+    }
+    // The API key info used to authenticate the request, if any
+    temporal.api.cloud.identity.v1.ApiKey principal_api_key = 3;
+}
+
 message GetUsersRequest {
     // The requested size of the page to retrieve - optional.
     // Cannot exceed 1000. Defaults to 100.
diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto
index 3f4ca69..bb446d3 100644
--- a/temporal/api/cloud/cloudservice/v1/service.proto
+++ b/temporal/api/cloud/cloudservice/v1/service.proto
@@ -55,6 +55,19 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
 // WARNING: This service is currently experimental and may change in
 // incompatible ways.
 service CloudService {
+
+    // Get information about the current authenticated user or service account principal
+    rpc GetCurrentIdentity(GetCurrentIdentityRequest) returns (GetCurrentIdentityResponse) {
+        option (google.api.http) = {
+            get: "/cloud/current-identity",
+        };
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            tags: ["Account"];
+            summary: "Get current identity";
+            description: "Returns information about the currently authenticated user or service account principal";
+        };
+    }
+
     // Gets all known users
     rpc GetUsers(GetUsersRequest) returns (GetUsersResponse) {
         option (google.api.http) = {