I've been googling around, reading the google cloud platform docs but can't find the answer to bulk deleting users from the Identity Platform.
We have a dev application that we use for testing. We want to remove all authenticated users and start fresh. See below the image where I multi select and get no option to delete all the users.
I've searched for gcloud cli commands to do this but with no luck, the documentation on this functionality is not well surfaced.
I would be happy with answers to:
Bulk delete through the G cloud UI
Delete ALL authenticated users through gcloud cli
Delete all users per tenant
You can make use of the Identity Toolkit API for bulk deleting users.
If you read through the Admin APIs guide for Identity Platform on Google Cloud, you will also notice that they recommend using the Admin APIs for user management.
What you are looking for is:
projects.accounts.lookup for looking up all users (or projects.tenants.accounts.lookup if you want to look up for a specific tenant).
projects.accounts.bachDelete for bulk-deleting users in your project (or projects.tenants.accounts.batchDelete if you want to target a specific tenant).
Related
Trying to find a way to add members to google group through google API but any search result always end up in using admin sdk for this. But for using Admin SDK it requires to sign up on Google workspace. Is there any other way to achieve the same without signing up on workspace through simple api call using OAuth.
You are not a Google Workspace user but a Consumer (gmail) user
You do not have access to the Admin SDK (apart from for publicly available methods)
In this case, you can retrieve Google Groups programmatically is via GroupsApp in Google Apps Script.
However, this only allows you to get group / user information, not to create new users.
Unfortunately the latter is a service that is only available for Google Workspace users.
I'm trying to create a Dialogflow Agent via API, It require a GCP project that also have to be created via API.
Actually both works well when the end user has already been once in the GCP console and accept the new terms and services.
The problem is that I would like to create the agent without the end user to have to perform any action on Google Cloud Platform.
Before it was possible, but it seems Google added a new terms of services for APIs on the GCP console that pop up the first time the user log in.
My question is, do you think there's any possibility to accepte those terms of services via Oauth or any other possibility?
Seems like Dialogflow still does it well.. so it should be possible :p
TY.
As stated by #John Hanley the user must login to accept the TOS so that the user-entity is bound to the Terms. Here you may find all the information regarding Google APIs Terms of Service.
I want to access Google Compute Engine Instances, then I active Google Compute Engine API, but how to retrieve an API key, between server key and browser key, which one should I create ?
If you're using OAuth to authenticate, there're different kind of credentials that you can use, such as web server applications, installed apps, client-sid apps, etc. You need to find out which one you need.
In the Developers Console, you can create the credentials that you might need. At the provided links you can find more information.
There are multiple methods when it comes to authenticate your project to Google API's, You will find the details in page [1] below. Logging to a Compute Engine instance using the UI will use the third method 'Service Account Key' where you don't have to put any action as by default it will use your Compute Engine default service account.
[1] https://cloud.google.com/docs/authentication/api-keys#creating_an_api_key
I am using the Google Admin SDK APIs to manage users (create/update) in our organization's Google apps account. We allow users to optionally use the 2-factor authentication feature and I'd like to be able to determine if an account has it enabled or not when one of our internal support reps looks up their account. Looking over the docs at https://developers.google.com/admin-sdk/directory/v1/reference/users, I do not see any attributes that would indicate this setting.
Is there another way for me to check if it is enabled via an API?
Saw an answer from an old Stackoverflow post:
Find all Google Apps users not using two-factor authentication
You can actually find that information via Reports API of Admin SDK:
https://developers.google.com/admin-sdk/reports/v1/reference/usage-ref-appendix-a/users-accounts
Hope this helps!
My team is trying to develop a product for the google apps marketplace and I am having issues with the workflow in the new ADMIN SDK.
With the now deprecated Provisioning API we simply ask for a username and password from the account we are trying to manage.
With the ADMIN SDK it seems as though they would need to go enable the API, create a key and do a lot of manual work for this to happen. This really is a tough option for us as the technical level of our clients is not likely to be able to make this transition.
Is there something like the work flow for the provisioning API where they can enable management from a third party or a recommended workflow for a developer to build an application that can access any number of google apps accounts?
A use case for this is say I want to develop a different option for a console, I want to build a console web app and simply ask for credentials or easy setup routine and allow our users to manage their google apps account in a different way.
Thanks in advance,
Steve
The Admin SDK Directory and Reports APIs work correctly with 2-legged OAuth 1.0a which is what the Google Apps Marketplace currently supports and automates. You do need to turn the Admin SDK on under "Register for additional APIs" from your Vendor Profile page on the marketplace. Also, the Administrative APIs for the domain must be turned on. You'll get a generic error that the domain cannot use the APIs if it's off in which case you can direct the client to the exact CPanel page where they can turn it on.