I'm trying to get password policies using Google Admin SDK, but unfortunately cannot find an endpoint for it.
Pls help.
Related
I've been having problems for days looking for a way to get the actions from the attached policies. I need to list the actions that a permission set has. Now I'm using SDK V3 with javascript. Could someone guide me on how to get them?
I have tried with various functions of the IAM client and the SSO Admin client but without any success to date..
In Google Workspace admin console, we can configure SSO for applications, and assign user groups to the application.
The group assignment can be checked using the following way:
https://support.google.com/a/answer/9050643?hl=en#step5&zippy=%2Csee-the-services-and-organizational-units-for-access-groups%2Cstep-check-service-access
Is there any api to retrieve this group assginment information?
I don't see any in Google Workspace Admin API.
Answer:
There's currently no API in Admin SDK that will retrieve this information.
Feature request:
If you're interested in this feature, I'd suggest you to request it on Issue Tracker using this template.
I am very new to GCP and need some help on how to access GCP project.
I have an assessment given by an employer to install an application in GCP. I am provided with a company "non Gmail" emailID/password, and a link to the project. I have looked for resources online but do not know how to access this project. when I try to access via browser using this email, I get an error saying this is not Gmail id. Can someone guide me how I can access a gcp project with non Gmail id? I appreciate your help.
Access your google project:
[ INSERT project link: https://console.cloud.google.com/home/dashboard?project=single-project ]
Username: user#companyname
Password: *******
Update:
The user name had a typo and I was provided with correct user details later.
You cannot access the GCP Projects with non-gmail Id unless it is associated with Google Workspace or Cloud Identity account.
If the email doesn't work, the company probably didn't add the email account to the Google Project (IAM Roles), or the email is not registered with a Cloud Identity. You can only log into the GCP console using Google's credentials , and for that you need a google user account. If your account is a company email account, the admin has to create the user on their identity.
Refer to the link for accessing a gcp account .
EDIT:
As #syed fayaz said, also we need to check whether we have any typing error in credentials.
I volunteer at a small local school that teaches data science and I'm trying to understand the procedure behind federated logins, but the Amazon documentation isn't helping and their forums don't seem interested.
We'd like for the students to be able to sign in to our AWS environment using either Facebook, Google, or Amazon.com, instead of manually trying to create a user for everyone who signs up.
The main thing that's unclear is how the students should sign in. Do we need to create a custom webpage using the provided javascript or .net code? We would have to contact our web developer if so. Or do we use the provided domain name? (in this case, https://weclouddata.auth.us-east-1.amazoncognito.com) This comes from the Cognito user pools though, and doesn't seem like it would apply. Besides, when I use it in conjunction with the Google client ID, I get an "invalid request" error.
You can create a custom app "Identity Broker" to create a URL that lets users sign in with Facebook/Google credentials and securely access the AWS Management Console. The broker would perform the following steps:
Verify that the user is authenticated by identity system(Facebook or Google) or use AWS Congnito.
Call the AWS Security Token Service (AWS STS) API operations to obtain temporary security credentials for the user.
Construct a URL for the console that includes the token and redirects the user to the URL on the user's behalf.
Amazon Cognito lets you to easily create customizable UI to sign in users and provides built-in federation with Facebook, Google, Login with Amazon. So you don't have worry about authentication and concentrate building your actual logic(above steps)
Here is a sample app from AWS that shows how to implement a single sign-on solution with C# and windows AD.
Python Code:
Here is the python code on how to construct the console login URL. I have used the sample python code from AWS and 'Hello world' flask app. When you hit the URL it should redirect to the console login, you can set permission using IAM role.
You can provide any login mechanism (Facebook, Google, Amazon etc) to create student account first time.
Ask user to create account using any app login (Facebook, Google, Amazon etc)
On successful login, create user in AWS using https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html API.
Add newly created user in the group https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html
You can create the user group with some specified roles and give permission (Launch EC2 Instances, Access to DynamoDB etc) accordingly.
my company provides me with a federated access to AWS. By that I mean, we're going to a website where we login with our SSO which then allows us to pull up the AWS console (i.e. through as custom federation broker as described here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
I can create instances (ec2) just fine through the UI. My question is, how can I get API credentials to use with aws cli?
In the IAM dashboard I don't see an option to create a credential set for myself.
Is this even something I can get to, or do they (=my it people) need to change something in the setup?
Thanks a bunch!
ps. to clarify, this we're not going through onelogin
You can create a program to do this leveraging your credentials, your SSO config, and boto3.
Alternatively, I use this google chrome plugin: https://github.com/prolane/samltoawsstskeys/blob/master/README.md
Atlassian also released a tool recently to help solve this problem, and there are some other ones out there if you do some searching.