I read this page: https://cloud.google.com/appengine/docs/ssl
What I'm wondering: When you create a Google Apps for Work account to get a certificate, does the same user need to 'own' the Google Cloud Platform account where the appengine is running?
And who should be the 'owner' of Cloud DNS?
In many cases, the programmer is not part of the company, so he doesn't have a google apps user account. Or is sharing access of the Cloud Platform enough to get SSL.
Regards, Peter
Note: GAE SSL on custom domains is about to break free of Google Apps, which may significantly change the context for your question and answer(s). See https://support.google.com/a/answer/2644334:
Currently the Google Apps SSL configs only map certificates to the custom domain URLs, regardless of those URLs being served by GAE apps or not, so app ownership identity shouldn't matter. But this needs to be done by a Google Apps Admin.
For now Google Apps Admins can still map custom domain URLs to GAE apps (unclear if they need to own the apps, the above note suggest they might not need to) - which will change after the migration to the Developer Console.
Both the Google Apps Admin or the GAE app owner can perform the app mapping to a custom domain URL (via the Apps Admin console or the Developer Console, respectively) provided they pass the domain ownership verification (the actual Cloud DNS owner doesn't matter technically).
The page you read links to a more detailed documentation for Google Apps, where you can find this :
To add your application to the Google Apps account, the account
administrator’s sign-in account (email address) should be an owner of
the app. This is set in the Google Cloud Platform documentation under
Permissions.
So the admin user who enables SSL on Google Apps must also be an owner of the Google Cloud Platform project.
Who owns the DNS settings (be it Google Cloud DNS or any other DNS service) is independent : it doesn't have to be the same person.
Related
I have registered a domain when I was registering Google App for business.
I'm just wondering if I could let that domain point to my server instead of Google site?
If not, how can I release the domain and register it(the same name) from some other domain name provider?
You can associate your purchased domain with your App Engine application. Go to the Admin Console and then Application Settings. You will see a Domain Setup section. Click on Add Domain and follow the steps. For further details, check out the instructions.
Yes, you can manage your DNS records even if you bought the domain as part of the Google Apps sign up. In case you don't want to host your website on Google App Engine or Google Sites you can access the DNS credentials for your assigned provider (Enom, GoDaddy) at Domains -> Advanced DNS Settings from there you should login to your provider console in order to change the settings.
https://support.google.com/a/answer/54693?hl=en
If you want to transfer to another provider, follow the standard procedure that each provider has, it usually requires so email confirmation back and forth. Also, make sure not to renew your domain automatically in the Google Apps admin console, otherwise you may be billed twice for the domain.
Now that Google is offering DNS-as-a-service in the Cloud Platform I wonder when they will end the partner DNS hosting and manage it themselves from end to end.
I'm unable to map a custom domain to my Google App Engine app. The steps I've already taken are:
I'm the admin of the Google Apps account
I'm the owner of the Google App Engine Account
I've added the domain to the "Domains" section of Google Apps
I've verified ownership of the domain within Google Apps
I've correctly setup the MX records of the domain
I've checked that the domain was correctly setup using: https://toolbox.googleapps.com/apps/checkmx/
However, for the last 3 days in the Domains section of Google Apps it says "MX records setup validation in progress".
Additionally, when I go to add the domain within the Application settings of the Google App Engine account I get redirected to a sign in page (despite already being signed in, and an admin within Google Apps, and the owner of the Google App Engine app). Either way when I go to sign in again I just get redirected back to the signin page and I'm not able to get any farther.
Also, I have billing enabled for the App Engine account. I've configured app engine domains numerous times before and never had these issues. Any help would be appreciated.
Update:
Following #presveva's suggestion I setup a new Google Apps account (despite already having an existing one) and the first page after creating a new Google App was a server error. After refreshing the page and verifying ownership of the domain I went to add the domain to App Engine.
On the "Please accept the Google App Engine terms and conditions to continue" page, first of all no terms even showed (numerous XMLHttpRequest errors on the page), and after submitting "I accept. Continue to add this service" the next page stated "An error occurred while trying to install this application. Please try again later."
This process is horribly broke and would be great if Google addressed this.
I know this this post is old but I ran into the same issue.
All ready running Google Apps for my primary domain.
Created a new app and registered a new domain name for that.
Don't want to get a new payed Google Apps account for the app domain.
#presveva is right but there is one way around it.
Use your current Google Apps account and add the app domain as a alias for your primary domain.
Make the admin account of your Google Apps domain owner of the Google App Engine (GAE) application.
Add the GAE app to your Google Apps account via the Google Apps admin interface.
Setup a custom domain name for the domain alias, your new app domain.
Note: If you use Google Sites for your domain you can't use www. Disable sites if you want to use GAE.
For now, the only one way for using custom domain in GAE is signup a Google Apps account (domains article).
Notice that the domain need to be the primary domain of account, a new account for domain.
The docs I have linked mentions a free single-user account but it has been replaced by a 50$ credit for a business Google Apps account (forum annunce)
Looking for the best current approach for admins of a Google Apps domain to modify the permissions of a Google Drive object owned by other users. I'll be developing the app on Google App Engine.
It was straightforward using 2 legged OAuth and the Google Documents List API: https://developers.google.com/gdata/docs/auth/oauth#2LeggedOAuth but now that Google Drive SDK is the live API, I see that service accounts are the encouraged method: Does google Drive api support 2 legged oauth? and https://developers.google.com/accounts/docs/OAuth2ServiceAccount . So I'm following an example that uses this approach and the Prediction API: https://developers.google.com/appengine/articles/prediction_service_accounts and you cannot use the GAE service account in the Team section of the API console. Get an error: "User xxx#appspot.gserviceaccount.com may not be added to project "New Proj Name". Only members from domain myappsdomain.com may be added.
So, I'm basically asking:
1) How do you use service accounts with Google Drive SDK for admin tasks like changing permissions
2) And any working GAE service account tutorials using the Drive API that work with non-domain users.
The documentation about Service Accounts and user impersonation has just been added:
https://developers.google.com/drive/service-accounts
https://developers.google.com/drive/user-impersonation
Unfortunately, App Engine Service Accounts are not supported by Google Drive yet.
So now Google released the multi-tenant feature for gae.
Assuming i am going to implement a google app engine application and put it on google apps market place.
suppose www.doma.com and www.domb.com bought the application.
can usera from doma and userb from domb authenticate to this application with their google apps domain username (in other words) can usera#doma and userb#domb use authenticate with gae?
Thanks in advance
Google does not limit users when they go through OpenID or Google Accounts authentication procedure, your code should do this. After user is authenticated control is handed back to your code - at this point you should check users data and decide to pass the request through or not.
Also, if you want to use doma.com and domb.com as your domain names on GAE you need to own this domains and create separate Google Apps account for each of them. This means that random user cannot have user#doma.com email address (unless you manually created an account for them on Google Apps).
I'm having trouble getting my domain pointed to my website hosted with google app engine. Here's the background... take care to separate the concepts of "google apps" (domain hosting, email, etc.) and "google app engine" (website framework).
I have a domain that's using Google Apps for Your Domain, let's call it company.com. So my login for my google apps account is bob#company.com. I have a different domain that is aliased back to my google apps account, let's call it mycompany.com. It's been successfully aliased and registered with my primary google apps account using the cname method, and has updated mx records. We have a ton of domains, and I only want to use one "google apps" account to maintain them all.
Now I have a website I've built using google app engine, and the url is effectively mycompany.appspot.com. I want to get mycompany.com to point to my website that currently resides at mycompany.appspot.com.
There's a spot in the google app engine dashboard under application settings where you can add a domain. So I click there and enter mycompany.com and I get an error message saying that domain is not using google apps.
If I back up to the page I submitted, there's a note saying I need to register the domain with google apps. So I click the link to do that and enter mycompany.com and I get an error message saying the domain has been registered and is in the process of ownership verification. But that process is already finished.
So... what do I do? Does google app engine not support a domain that is only aliased to a primary google apps account? Does mycompany.com need to have its own primary google apps account?
I ran into this problem setting up my domain. It's a little counter-intuitive, but you'll want to add (in your example) company.com to your appengine account. Once you add company.com, you'll see a dropdown listing all of the domains that belong to your hosted google apps account, including mycompany.com.