I am admin of a Google Workspace account (free license) but I will cancel subscription (because google will kill these free licenses) and move to a self-hosted mail service.
I will export data of my users by "google-export" (like mail, drive, contacts, calendar, ...).
How can my users keep their other data (youtube account, play store account, bought apps, etc.)?
Related
thank you for your interest in helping with my question,
Currently, I have a normal google account with the brand name of my company ( Gmail + Youtube + Google Sites ) this same account is used in the google cloud platform & I had set up a billing account when asked for (currently GCP is in the trial but I intend to be using paid services when the trial ends) .
I was wondering if I get a google workspace subscription will this account be transferred ( Youtube + Gmail + sites + cloud) to the newly Workspace account or not?.
No, only the management of your account formerly Gmail to Google Workspace will be migrated.
The rest, you will have to manually migrate over to your new Google Workspace account.
You will need these for migrations:
Email
Sites, you will need to copy the file from your Gmail account to your GW one and map it to your domain
YouTube
Also, If you are using a consumer Google account with a domain email address I would recommend creating the Google Workspace with a different email address from the same domain and then use the transfer tool to send a request to manage all the consumer accounts needed. Here is the list of restrictions:
You need to make sure that the users accept the transfer as well, otherwise the accounts will not be migrated and they will have to rename the account to a gmail.com.
Be aware that this transfer tool only works for domain accounts
If you do decide to move forward with this, you can contact Google Workspace Support for guidance.
I wanted to implement similar feature for azure as mentioned in below aws url-
https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-federation-with-azure-ad-single-sign-on-and-amazon-appstream-2-0/
I want to register external user on the fly to access azure portal with limited access and a expiry. Can someone help me figuring out a workaround for same.
You can use RBAC(Role-based access control ) for this.
RBAC allows the flexibility of owning one Azure subscription managed by the administrator account (service administrator role at a subscription level) and have multiple users invited to work under the same subscription but without any administrative rights for it.
There are two common examples when RBAC is used (but not limited to):
Having external users from the organizations (not part of the admin
user's Azure Active Directory tenant) invited to manage certain
resources or the whole subscription.
Working with users inside the organization (they are part of the
user's Azure Active Directory tenant) but part of different teams or
groups that need granular access either to the whole subscription or
to certain resource groups or resource scopes in the environment.
Follow the step by step instruction to Grant access at a subscription level for a user outside of Azure Active Directory.
Hope this will help.
For your requirement :
Consider Add Azure Active Directory B2B collaboration users in the Azure portal
In this a user who is assigned any of the limited administrator directory roles, can use the Azure portal to invite B2B collaboration users. You can invite guest users to the directory, to a group, or to an application.After you add a guest user to the directory, you can either send the guest user a direct link to a shared app, or the guest user can click the redemption URL in the invitation email.
Also consider Add Google as an identity provider for B2B guest users
By setting up federation with Google, you can allow invited users to sign in to your shared apps and resources with their own Google accounts, without having to create Microsoft Accounts (MSAs) or Azure AD accounts.
I want to create a user account for contacting developers using their own email addresses, not a new Gmail user in my account. Google Cloud Platform seems to let me create the users, but they never receive an email and hence can't complete the account creation.
As it happens, they are Google Docs users with their own Google accounts, but naturally they'd rather not have yet another email address. Is this even possible or does Google tie Google Cloud Platform into Google Docs? It seems a major limitation of Google Cloud Platform if they do.
Google Cloud Platform, G Suite (formerly "Google Docs") and all other Google services share an identity system. The identity system requires humans to have user accounts while software|machines have service accounts. One Google user account equals one user.
There are 2 flavors of (Google) user accounts: [your-name]#gmail.com and those created by an organization for its users someone#acme.com. For example, Google uses Google identity internally and so Googlers have emails [their-name]#google.com.
When you create a Google Cloud Platform project, anyone with a Google account may be added to it. Whether their Google account is something#gmail.com or an account created by their employer for them.
The only time your users will receive an email from you when you add them to a Google Cloud Platform project is if you make them project owners. This is because, ownership requires acceptance of Google's Terms of Service. Other types of users will be added without receiving an email (from Google about it) but will be able to access your project's resources.
I suspect your users have been added correctly and you're ready to go!
the most simple is to share a directory with those off-domain email addresses
this is possible, because Google Docs is backed by Google Drive as storage.
setting them up with IAM would only add complexity, which is not required
(at least, unless you won't have to grant them access to GCP resources).
I created a google cloud instance for a client and handed over the details to them but now, they don't know the google console email address. They know the IP because the app deployed there is still running. It may be time to pay soon and not knowing the console detail means they will not be able to pay.
Is there a way to get the details from the IP address of the console instance?
Without being able to login to the Google Cloud Console, you will have problems.
Note: I am listing contact Google Support as a last example because you do not have paid Google Support. Google Support only offers billing question support for free. Since you cannot sign into the Google Cloud Console, you cannot sign up to pay for support. However, losing your login might qualify as billing support since you need to pay for your services to keep them running.
Techniques:
If you have access to a computer that has logged into the Google Cloud Console, try. A list of Google Accounts will be displayed to choose from. No guarantee, but usually people do not delete old accounts from Google Accounts. Try each one to access the Google Console. If you / they have forgotten the password, go thru the lost password process.
When you sign up for Google Cloud, emails are sent to the account email address. Have everyone do a search for Google Cloud. My welcome email came from CloudPlatform-noreply#google.com.
If you have created a Service Account, the json file will have the Project ID. This is globally unique and Google could lookup the account holder and send that person an email. Contact Google Support in this case.
If you have a system that you setup the gcloud tools on for this project, run the command gcloud auth list. This will display the authenticated accounts. Usually one of them is a Google Accounts account that can login to the Google Console.
Google Support can map the public IP address to an account. Contact Google Support in this case.
I am developing a tool to automate the transfer of ownership of Google Drive documents from one user to another using Admin SDK which is run by the admin. I used the Data transfer API for the ownership transfer. I wanted to validate the transfer by checking the size/number of the google drive documents before and after the transfer for which the admin account must be able to access the Google Drive contents of all the users in the domain. Is there a way to do that? Or is there a better way to validate the data transfer?
I tried using the Drive API service for validating purposes by setting the 'key' to the target user account. All my attempts with the Drive API so far retrieved the Admin's Drive contents.
Files.list will retrieve all the user's files, in this case it will get all your own files. In order for that query to work would be only if that user is also owner one of your files.
HTTP request
GET https://www.googleapis.com/drive/v2/files
Even as an admin you cannot access users files directly.
To access other user's files, as an admin you need to impersonate the users and then perform actions in their behalf.
This is achieved by using a service account with domain wide delegation of authority.
Typically, an application uses a service account when the application uses Google APIs to work with its own data rather than a user's data. For example, an application that uses Google Cloud Datastore for data persistence would use a service account to authenticate its calls to the Google Cloud Datastore API.
Google Apps domain administrators can also grant service accounts domain-wide authority to access user data on behalf of users in the domain.
Here's a related SO ticket, discuss the most efficient process for transferring of users files: Most efficient process for transferring ownership of all of a user's files using the Google Drive API
Use Google Vault, Matters, Search Drive, Source All Data, Entitiy Specific Accounts, (User Account) put in the account you want to pull up. Then search.
You will see a list of all the documents the user has accessed with a date/time stamp.