I am trying to setup a multi-tenant app using Google Cloud Identity Platform. So far I have successfully setup a small app that can create a tenant and a user in said tenant. When you create a tenant you pass it a displayName. In my testing I noticed that it would create multiple tenants all with the exact same display name. I started to consider how I might create a validation to prevent it from doing this by doing a lookup to see if a tenant with this displayName already existed. However in looking at the documentation I found here (https://cloud.google.com/identity-platform/docs/multi-tenancy-managing-tenants#tenant_management) I only see a way to list all of the tenants. I was hoping for a way to query the list on displayName. Is there some other way I can prevent the duplicate tenants?
Related
I've been googling around, reading the google cloud platform docs but can't find the answer to bulk deleting users from the Identity Platform.
We have a dev application that we use for testing. We want to remove all authenticated users and start fresh. See below the image where I multi select and get no option to delete all the users.
I've searched for gcloud cli commands to do this but with no luck, the documentation on this functionality is not well surfaced.
I would be happy with answers to:
Bulk delete through the G cloud UI
Delete ALL authenticated users through gcloud cli
Delete all users per tenant
You can make use of the Identity Toolkit API for bulk deleting users.
If you read through the Admin APIs guide for Identity Platform on Google Cloud, you will also notice that they recommend using the Admin APIs for user management.
What you are looking for is:
projects.accounts.lookup for looking up all users (or projects.tenants.accounts.lookup if you want to look up for a specific tenant).
projects.accounts.bachDelete for bulk-deleting users in your project (or projects.tenants.accounts.batchDelete if you want to target a specific tenant).
There are many OAuth 2.0 Client IDs in my GCP project, and I would like to programmatically list them, along with their attributes (name, creation date, type, client ID).
However, the only API method I have been able to find is the one for listing service accounts.
Is there an equivalent to list OAuth 2.0 Client IDs?
Please don't tell me to check them one by one by hand in the cloud console :)
Thanks!
I have not used this API before but here are several links to help you get started. Google calls the OAuth Clients brands as in the brand of product.
gcloud alpha iap oauth-brands list
Programmatically creating OAuth clients for IAP
REST API: ListBrandsRequest
I need to organize users in WSO2 IS 5.9 in several user stores (secondaries). Can I do this using the WSO2 IS internal LDAP? I do not have any other external user store (ldap, ad, ...)
About this way to organize users, is there another way to group users in the primary user store, so that I can use a specific user store/group with a defined service provider?
About the first question, the answer is no. Internal embedded LDAP is the primary user store. You cannot use that as the secondary user store. Also, it is not recommended to use embedded LDAP in production. So it will be good to set up an external LDAP server so you can connect to that using identity server and make it the user store. [1]
About the second question, my suggestion is when creating an SP there is a hybrid role that creates automatically for that service provider. You can assign that role to users that you need to group based on the service provider. [2]
[1]. https://is.docs.wso2.com/en/5.9.0/setup/configuring-secondary-user-stores/
[2]. https://is.docs.wso2.com/en/5.9.0/learn/configuring-roles-and-permissions-for-a-service-provider/
This is not a straight answer to your question. But just mentioning in case if it helps.
You may want to check tenancy in WSO2 IS. It internally uses the same LDAP, but creates isolated OUs for each tenant within the LDAP.
I'm trying to build a Bot-as-a-Service platform and I will be using Dialogflow for NLP. One key thing that is giving me headaches is the possibility to create a new Dialogflow agent whenever a user signs up to my service (and therefore configure their FAQs, etc...). From my research I know that each agent is associated with one project, so I must create a project first, but here's the big thing: To create a project I need to authenticate accordingly to Google Cloud Authentication and therefore supply my credentials in case of OAuth2 (I don't want my user's to log in with my user account) and it's not possible to programmatically create API keys for new projects link here
I want to access Google Compute Engine Instances, then I active Google Compute Engine API, but how to retrieve an API key, between server key and browser key, which one should I create ?
If you're using OAuth to authenticate, there're different kind of credentials that you can use, such as web server applications, installed apps, client-sid apps, etc. You need to find out which one you need.
In the Developers Console, you can create the credentials that you might need. At the provided links you can find more information.
There are multiple methods when it comes to authenticate your project to Google API's, You will find the details in page [1] below. Logging to a Compute Engine instance using the UI will use the third method 'Service Account Key' where you don't have to put any action as by default it will use your Compute Engine default service account.
[1] https://cloud.google.com/docs/authentication/api-keys#creating_an_api_key