Do you know some tool that allow me to create several google accounts in batch mode?
I have Google for Education in my company and I will have to create 100 users account in order to allow them to use my Google Apps applications and forms.
I was wondering if there is a way to create these accounts programmatically or some tool could do that.
Any tip I will be happy to hear!!
Cheers,
Fernando
The Google Admin SDK Directory API allows you to create users programmatically.
You'll need either domain-wide authorization of a service account (established via a Google Console API project) or OAuth2 creds from an admin user in order to successfully make the API calls.
Related
I'm building an app using which the users registered(from the IAM page) for the project can access the resources of that project. I need the authentication when the URL is hit. Is there a way to achieve this?
Is it possible to provide IAM roles specific for a user request (assuming that the user will login using his email id) to access the resources based on IAM level permissions?
In the early days of AppEngine it was pretty easy to do some basic auth/access-control, but lately they're moving it to something called IAP.
From your wording I am assuming you are trying to abstract administrative tasks of a GCP project to lesser privileged administrators.
Questions 1 and 2 can be quickly solved by defining privileges in IAM using a pre-built roles or creating a custom role if you need to be more specific. Hereby you can use GSuite, GMail, Google Group accounts and let them sign into console.cloud.google.com. They will consequently only be able to see and act upon what you've assigned to them to in IAM.
If you still want to go through with building it yourself, every product does provide an API including authentication. Best practice for your use case is to instead of assigning an individual user access to a resource, you rather create a service account and then allow the user to call that service account. For this GCP has the Service Account Actor Role described well in the official documentation and also Salmaan Rashid provides a good practical insight on medium.
I'm using passport-azure-ad library to authenticate people into our app. We are using v2.0 endpoint. I have created multiple applications in Microsoft app registration portal. And have a lot of redirect url's because we have a lot of different environment apps. It was registered under my Microsoft employee account. Now I need to transfer ownership to another developer. How can I do it? Do I need to recreate all this apps in another account? I assume that this will create a new app id's and thus will ask for permissions for all users again. Is there a way to transfer ownership and not recreate all apps again?
Assuming you created your applications using your Azure Active Directory account (like your Microsoft Employee Account) you will have access to an "Owners" field where you can add new owners to the application which are in the same tenant as you.
If you are trying to transfer an application to a user from a different Tenant or using an MSA account, that is not currently supported, but something that is being considered for the future.
If you need to create a new application id, you will not be able to transfer the consent that you had from the first app over to this second one. That is just not really possible nor something we would look to support due to the security implications.
I have an node.js application with a working server2server GMail API communication via an service_account.
Everything works fine.
To be able to communicate with a users account, the G Suite Admin has to grant API Acess to the Client ID of my service_account manually.
As described here:
Impersonating list of users with Google Service Account
with a Marketplace App it would be possible, to grant access only to specific organizationals units (OUs) and it would be more fancy to use (enabling a marketing place app is more user friendly than configuring API Access for ClientID and Scope manually like here:
)
Now my question: Is it possible to provide a Marketplace App only for the purpose to grant API access for my application automatically? Will it get through the review when it has no other purpose? Any other hints on this?
Yes it is a working way to create a marketplace application to grant the API access automatically when the G Suite Admin installs this application.
The only restriction is, that your actual application has to support Google SSO to make it through the review process. So the user must be able to log into your Web Application by clicking on the icon in his G Suite account. If the user has no account in your web app, an account has to be created automatically (trial-account is sufficient)
I have an appengine application that allows users to register themselves. These users must be able to send e-mail from a google apps domain. To do this, I want the appengine application to use the provisioning API to create new users in the apps domain.
I could of course create a custom administrative account for the apps domain. Then I could use a normal gdata.apps.client.ClientLogin. However, that would also mean that the userid and password are stored in source code or in the application.
Is it possible to tell the apps domain that the appengine's service account (its app_identity account) is an administrator for the apps domain?
If that's not possible, any tips on how I can secure the userid and password in the appengine application?
Hans Then
As far as I can tell what I want is not possible. I'll have to setup a userid and password in my apps account and login using that.
You'll need to use 3 legged oauth for authentication with provisioning api. Here's some docs https://developers.google.com/gdata/docs/auth/oauth#Examples
I would like to ask how to use the Google Apps Account instead of a Google Account if I use the
users.create_login_url()
function to generate the login page.
Google automatically ask me to login with a Google Account.
If I am running my application with a Google Apps for a specific domain, I have created users within that domain, is there any way that I can let my users to login using the created domain?
for example: hoang#abc.com
and abc.com is the domain managed by Google Apps.
I am an administrator for abc.com, and I have created multiple users within this domain.
Please advice!
Thank you!
You have to specify at the time you create the app whether you want to use Google Accounts for authentication, or Google Apps. If you selected Google Accounts for your app, you'll need to create a new app with the authentication setting set correctly in order to use it.