I created new Google Play game and would like to change the email displayed on Google Consent Screen. Google Developers Console screen has a dropdown to choose email, but just one - admin's email - is here. I've added another user as the owner, but it is not appeared on the consent screen.
If you want to change the email address that is displayed to the user you have to:
Add permission for the new email address to handle the project: Menu > IAM & Admin > IAM, then click on the Add button, enter the email address and select Role > Project > Owner
Accept the invitation from the new email address. Check your emails, click on the confirmation url and accept the terms and conditions.
Log in to the Google Developers Console using the NEW email address. Only the new email address can change the displayed email address. You don't have to log out or open an incognito window. You can simply add a new account by clicking on your account photo (upper-right corner) and then selecting the Add account option.
Tip: When you visit the page, you will be logged in with your primary account by default. If you want to be logged in with the second account you just created, simply append &authuser=1 to the end of the url. If you have more than 2 accounts, you can use the value authuser=2 or 3 and so on. (The default value for your primary account is 0.)
You need a second email address then add that person / email as admin of the project. Then you will be able to add that email in the consent screen.
The Console has changed a lot since 2014, You need to add another user as the admin then you must login to console with that email and connect it. Then you will be able to change it.
A new user can be added via the Iam for your project.
While the above solutions work, I didn't want to make my support#my-company.com a Project > Owner of my GCP project since multiple people can potentially access it.
The page (https://console.cloud.google.com/apis/credentials/consent/edit) says that the permission needed is clientauthconfig.clients.update
So I made a Custom Role containing every permission in that category:
clientauthconfig.brands.create
clientauthconfig.brands.delete
clientauthconfig.brands.get
clientauthconfig.brands.list
clientauthconfig.brands.update
clientauthconfig.clients.create
clientauthconfig.clients.createSecret
clientauthconfig.clients.delete
clientauthconfig.clients.get
clientauthconfig.clients.getWithSecret
clientauthconfig.clients.list
clientauthconfig.clients.listWithSecrets
clientauthconfig.clients.undelete
clientauthconfig.clients.update
and gave my support email that Custom Role + the role Project > Viewer
One note, these permissions are not finalized yet. The 'Create a Custom Role' page gives this warning:
Not recommended for production use
These permissions might be changed
in backward-incompatible ways and are not recommended for production
use. They are not subject to any SLA or deprecation policy.
You can go here https://groups.google.com/ and create a group. Then simply refresh the consent page and you'll be able to pick the group. It is not your custom domain but it does the job I think.
There is a way to choose email without creating a new Gmail account and giving it Owner permissions. You can create a Group in GSuite with public email and then configure the group's forwarding to the email you want.
For example, you want to use support#company.com. You can create a group support.google#company.com which will forward everything to support#company.com
Then, you will be able to pick up support.google#company.com in the dropdown.
Related
I created new Google Play game and would like to change the email displayed on Google Consent Screen. Google Developers Console screen has a dropdown to choose email, but just one - admin's email - is here. I've added another user as the owner, but it is not appeared on the consent screen.
If you want to change the email address that is displayed to the user you have to:
Add permission for the new email address to handle the project: Menu > IAM & Admin > IAM, then click on the Add button, enter the email address and select Role > Project > Owner
Accept the invitation from the new email address. Check your emails, click on the confirmation url and accept the terms and conditions.
Log in to the Google Developers Console using the NEW email address. Only the new email address can change the displayed email address. You don't have to log out or open an incognito window. You can simply add a new account by clicking on your account photo (upper-right corner) and then selecting the Add account option.
Tip: When you visit the page, you will be logged in with your primary account by default. If you want to be logged in with the second account you just created, simply append &authuser=1 to the end of the url. If you have more than 2 accounts, you can use the value authuser=2 or 3 and so on. (The default value for your primary account is 0.)
You need a second email address then add that person / email as admin of the project. Then you will be able to add that email in the consent screen.
The Console has changed a lot since 2014, You need to add another user as the admin then you must login to console with that email and connect it. Then you will be able to change it.
A new user can be added via the Iam for your project.
While the above solutions work, I didn't want to make my support#my-company.com a Project > Owner of my GCP project since multiple people can potentially access it.
The page (https://console.cloud.google.com/apis/credentials/consent/edit) says that the permission needed is clientauthconfig.clients.update
So I made a Custom Role containing every permission in that category:
clientauthconfig.brands.create
clientauthconfig.brands.delete
clientauthconfig.brands.get
clientauthconfig.brands.list
clientauthconfig.brands.update
clientauthconfig.clients.create
clientauthconfig.clients.createSecret
clientauthconfig.clients.delete
clientauthconfig.clients.get
clientauthconfig.clients.getWithSecret
clientauthconfig.clients.list
clientauthconfig.clients.listWithSecrets
clientauthconfig.clients.undelete
clientauthconfig.clients.update
and gave my support email that Custom Role + the role Project > Viewer
One note, these permissions are not finalized yet. The 'Create a Custom Role' page gives this warning:
Not recommended for production use
These permissions might be changed
in backward-incompatible ways and are not recommended for production
use. They are not subject to any SLA or deprecation policy.
You can go here https://groups.google.com/ and create a group. Then simply refresh the consent page and you'll be able to pick the group. It is not your custom domain but it does the job I think.
There is a way to choose email without creating a new Gmail account and giving it Owner permissions. You can create a Group in GSuite with public email and then configure the group's forwarding to the email you want.
For example, you want to use support#company.com. You can create a group support.google#company.com which will forward everything to support#company.com
Then, you will be able to pick up support.google#company.com in the dropdown.
I am using AWS Cognito as my Auth server.
My business logic is such that users can only sign up when they are invited (by email).
Is this possible?
The flow I have in mind is:
Organization admin sends invitation emails to employees of this organization.
The employees click the invitation link in the email, and are directed to a sign up page. The organization name is preset, so that a user's organization is pre-determined. Since the user click this particular invitation link (sent from this particular organization), the organization name is already determined in the sign-up page.
The employee completes sign-up page and a user is generated in the Cognito user pool, and the newly created user is attached to the organization.
It seems to me that such logic is not possible, by reading the doc:
User accounts are added to your user pool in one of the following ways:
- The user signs up in your user pool's client app, which can be a mobile or web app.
- You can import the user's account into your user pool. For more information, see Importing users into user pools from a CSV file.
- You can create the user's account in your user pool and invite the user to sign in. For more information, see Creating user accounts as administrator.
I hope I'm wrong though.
Did I miss something? Can this be done?
You can create a front end and an API/backend to achieve this.
In cognito settings select "Only allow administrators to create users".
Create a front end for collecting information required for user pool.
Create API that will pass this info to lambda which will use admin_create_user and any other admin_ call that you need.
You will then send your front end's link to certain users you want to invite. Make sure these are unique and have expiration time. You can also make it so that a link can only be used to sign up a single user.
I want to use Cognito for my WebExtension for Chromium and Firefox.
I have two problems.
1) Hosted UI from Cognito not at my domain - so users may think why:
For branding and security I want to host UI from Cognito on my domain. Because my product is the browser extension - I think that I can embed UI for login in iframe to the popup-ui (that shows if user push to the button of the extension).
2) Redirect after Google to the AWS - because of that user will see Choose an account to continue to amazoncognito.com but the correct text must be Choose an account to continue to <domain-of-my-project>:
Looks like this is not possible to redirect to my domain with saving automation of Cognito about exchanging of code from Google to access token from Google for getting email of user. In the documentation about domain for user pools mentioned only sub-sub-sub domain under amazoncognito.com. If this is not possible - would be useful to mention it in documentation.
Add customized domain is not available now. We have heard this request from multiple customers and would look into adding it into our future releases.
I'm confused about your second question, can you explain more about it?
With regards to your 2nd question. It's true that ideally you would want to be able to have a custom domain, but the fact google is showing amazoncognito.com is a problem with your configuration in your GCP account.
Under the API->Credentials tab in GCP console, you can adjust the product name and logo to be displayed. The problem is that you need to pass a review of your app before google starts showing them. This was changed by google after some phishing hacking attempts (https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html).
To submit your app for a review: https://support.google.com/code/contact/oauth_app_verification
How do I manage users of our tikiwiki?
The tiki process on the server is ran under my name. I am the user of the tikiwiki, but I am not sure I am an admin user.
Most likely not but question one is: How do I find that out?
(my Admin Menu is empty)
Some user contacted me saying her account is "Locked". It so happened that there is no one else to restore it, but me.
Can anyone help where to look? I only used my tikiwiki account to limited extent. Just wrote couple of articles. But never administered.
There is always a built in user in Tiki called "admin" and that is in a group called "Admins" which has permission to do everything, so it sounds like your user isn't in that group.
If the admin user was set up with a valid email account (and you know it and have access to it) then you can get the password reset and a link to make a new one will be emailed to that address. If you can access the installer or the database then there are various other options on how to recover the admin login here: https://doc.tiki.org/Lost+admin+password
Once you have done this and can administer the Tiki again you should add your usual user to the Admins group.
To unlock another user's account you will need to either access the user admin list (once you have admin login again) or if you can get to the database you should be able to clear the relevant field in the database directly using phpmyadmin or similar as a last resort (ask again if you need this much detail).
I created a project in Redmine and created users to add in this project.
Now how can they see our project in the redmine? How can they activate themselves?
I know that e-mail should be sent to them or if they make an account for themselves: How can I invite them to our project? The path that I'm using to do so is: Administrator -> Users -> new user. But here, only users found that I created myself.
Can the Adminstrator accesses the users password?
Please help me.
An administrator can change users passwords.
He can also define roles and groups and assign users to this roles and groups. He also can give permissions to users, roles and groups to acces projects and configure what they can do in the projects and whats not.
For you:
You should define a group or a role and give permissions to that to access your project. You can do this in the "groups" / "roles and permissions" administration panel-
After that you should assign a user to the created group/role by open the user profil (URL: .../users/<ID>/edit) and then switch to the tab Groupsor Project and assign them there
On the users panel (Administration -> Users) there is also a filter to only show active / inactive / all users. Maybe you are hiding some other users.
edit:
You can change the account activation mode under administration -> settings -> tab: "authentication". There's an combobox with something like "Signup" where you can choose
closed
Activation via e-Mail
Manual activation
Automatic activation
Under the administration -> user settings in the filter combobox you can filter for non activated users, open their profile and activate them manually.