I have created a YouTube API key, but when I try to use it I get an error message that the key is not enabled. When I try to enable the key in the Google Cloud Console, I get the error message:
IAM: you have insufficient permissions to enable or disable services
and APIs for this project. Contact a project owner to request
permissions.
I can't seem to find a way to set the project owner. I created this project myself, so I should be the project owner. I'm not sure if it's relevant, but the account is managed via G-Suite.
Update: per the documentation, I logged on to G-Suite as an administrator and went to Apps > Additional Google services, but "Web & App Activity" is not listed as an option.
Your gsuite admin can activate the API or remove a restriction on it.
To add an owner for a project, first select the project in the dropdown at the top of the screen. Then go to "IAM and Admin" in the navigation bar, then go to the IAM page. Click on "Add" at the top, and then you can add Project->Owner.
It can be confusing because even if somebody is an organization administrator, they aren't necessarily the owner of a project yet.
Related
The problem: I'm getting errors from Google while attempting SSO through Azure AD and can't even begin to guess why or how to go about debugging the issue.
The story:
My org is looking at leveraging Microsoft's nonprofit benefits by setting up Azure for web hosting and Sharepoint to start with, which also entails using Active Directory. As it stands right now, we've successfully gotten our website running and accessible to the world on our custom domain, and our AD is populated with a copy of what's in our Google Workspace directory so we can use Active Directory as our authoritative directory.
We've been trying to implement SSO with the Azure/Gsuite connector, to have them auth with their Azure credentials to get into GMail, Docs, Drive, etc, but Google Workspace seems to choke. I have gone over the setup instructions repeatedly, ensured we're using all of the proper URLs in the Connector's SAML settings and in Workspace's "SSO with third party IDPs" settings, the proper certificate is in place... Provisioning is set up but not active, and I have successfully provision-on-demanded my account and an unprivileged test account.
Here are my settings in Azure:
Here are my settings in Google:
And to test this here's what I've done:
I open up a fresh InPrivate/Incognito window.
I go to https://myapplications.microsoft.com/ and am prompted to login. I use my unprivileged test account credentials.
Upon auth I click on the Connector app to attempt to go to my Gmail inbox.
After a wait on a white screen, I get a Google error screen with "Invalid Email - We are unable to process your request at this time, please try again later."
If I disable the SSO settings for my org in Google Admin, I'm able to log into the account just fine with Google, get to the gmail inbox, etc.
Conversely, if I attempt the same steps with my admin account, I get a similar page with a slightly different message, "Server Error - We are unable to process your request at this time, please try again later."
I have been bashing my head against this for two whole nights and can't make any headway. What gives? I can't even figure out how to debug these errors.
Somebody (me) failed their perception check repeatedly because the problem was that the Unique User Identifier SAML claim in Azure was set to user.mail instead of user.userprincipalname as it should have been as per the tutorial.
I'll see myself out now.
I'm trying to use the googleapiclient Python SDK to create a domain mapping for my App Engine app. I'm using the "App Engine default service account" to authenticate, which works (I can get the list of domain mappings). However, when I try to create a mapping, I get the following error:
Caller is not authorized to administer the domain 'abc.[mydomain]'. If you own 'abc.[mydomain]', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=abc.[mydomain]. We recommend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').
The same call works in the API Explorer without any issues.
I tried giving the service account the Owner role in the IAM console, to no avail.
(I haven't tried running it from within App Engine; presumably that works, but I'd really like to be able to test this part of my app locally.)
Thanks to John Hanley for pointing me in the right direction.
Go to the Google Search Console and sign in
Navigate to "Settings" (towards the bottom of the menu)
Select "Users and Permissions"
Click the "more" (three vertical dots) button next to your email address, then "Manage property owners"
Choose your domain from the list
Click "Add an owner" at the bottom of the page
Using adal.js v1.0.17 and Web API via JavaScript.
Running a custom tab within Microsoft Teams and getting this error when trying to authenticate.
Looked at the app registration within Azure portal and not seen anything there that could help. Tried to edit the manifest file and change the value of oauth2AllowImplicitFlow to true but still getting error.
Found the solution.
Need to access the Azure portal using Chrome.
Go to Azure Active Directory and choose App Registrations (Preview).
Open up the app registration and choose Authentication on the left.
Under Advanced Settings, Implicit grant check the box "ID tokens".
That will add the property oauth2AllowIdTokenImplicitFlow to the manifest file with the value set to "true".
you can try by enabling the 'ID Token'
I am trying to add my client as owner on my Google Cloud Console Project, but I am getting the following error: An email address does not belong to an active account
Here I create Google account for him(related to his custom domain), but I also found difficulties in granting him as the owner of the project.
You will have to register an account at google developer with your non-gmail address first. And then go to Permissions in the Google Developers Console, add a Member with the non-gmail account as owner. After that you will be able to select the non-gmail email address in Consent screen Link
You can add a user to your project using the Google Cloud Platform Console. When you add a user to your Google Compute Engine project, it gives the user some amount of access to Google Compute Engine resources in that project, determined by the roles such as viewer, editor, or owner. For example, if you add a user as an owner, they will be able to add and modify Google Compute Engine resources in the project, connect to the project's instances using SSH, and change the project's membership.
To add or delete users, or to change their permissions:
Go to the Permissions page in the console.
To add a new team member, click the Add Member button.
To delete a team member, check the box next to their account and click Remove.
To change a user's permissions, select a different role in the Permission column.
You can choose from these three user roles:
Can View - provide READ access
Can Edit - provides "Can View" access
Is Owner - provides "Can Edit" access
For more information check Managing your project's users, and this SO question.
We are using Google AppEngine for my site. Unfortunately I can't seem to get full owner admin access even though I am supposed to be a Super Admin according to my Google account.
When I go to Google Appengine (https://appengine.google.com/permissions....) using my Google account, it indicates I am a "developer". I believe I need full owner access in order to upload ssl certificate for the domain plus add or edit the permission. I've called Google support and they wash their hands saying the above is outside their core knowledge. Any suggestions would be most welcome.
Google Apps admin status does not give you "owner" status on AppEngine. Owner of the AppEngine app has to go to the "Permissions" tab in GAE console and grant you this status.