Just wanting to start to setup a GCP environment for my own domain, play around some. Running into a setup issue where I cannot create Groups, whether from GCP (Menu > "IAM & Admin" > Groups) or just Google Groups.
Google Groups tells me I haven't got the correct permissions. Google Cloud Platform tells me I'm missing required permission cloudidentity.groups.create.
I managed to create a bunch of groups in Google Admin, but they're not the right ones (apparently).
Now, I'm owner of my domain, it has Google for Work (Basic) and I've enable Cloud Identity (apparently do not need it as it's just for me, but was running low on ideas).
Any idea how to fix this?
Google's help pages send me in circles. Google GCP & Admin docs likewise keep telling me to just "click Create".
Ok, this is very silly, but: you must have "Groups for Business" turned on in the Admin Console as an App for everything to start working.
With the App "Groups for Business" turned off, you can still create Groups (lol, whut?), assign them to Users, but somehow, they don't work.
Turning on Groups for Business and going back into the "Getting started" in Google Cloud Console magically got it to work.
(P.s. - I don't recall turning the App off, it's been years since I looked at that)
Related
Using AWS I have a lot of Chrome tabs open with multiple services. When I switch between them I am constantly getting signed out. Sometimes it's a matter of just few minutes.
AWS minimum session duration is one hour, so that's probably not the problem. How can I tackle this? Getting logged out of Lambda makes it lose all the undeployed code, this is very inconvenient.
Edit:
Answering the question in a comment: I do have multiple accounts and when I want to open a tab with a new service I just click management console (screenshot) and follow on from there. It appears to cause the actual logout.
But here's the thing - I am currently using resources only from the first account. So (since I'm within one account all the time) it shouldn't log me out right?
I see this message when I use AWS one one Account, then login to a different account in a different tab. If I return to the original tab, it recognises that I am no longer logged-into the first account and asks me to reload.
It seems that you are using SSO to login and it is generating a different set of temporary SSO credentials. Instead of using that link, select the AWS service from the search field at the top of the console, then right-click the service and "Open in New Tab". That will open the other service in a new tab, using the same login credentials.
(I have done a search through the questions to see if I could find something on this, but have not found answers.)
I have two google groups through my G-suite and I want to automatically add people to both groups after they sign up for my club through a process on my website. I think this should be possible using:
https://developers.google.com/admin-sdk/directory/v1/guides/manage-group-members
I have gone into the API Console, created a new project, enabled the Admin SDKI API, and got an API key. However, I think I am running into the Authorization issue because we keep getting an error that the authorization token is missing.
I have tried using the OAuth 2.0 but I'm not sure if this should be "Internal" or "External". I'm not creating a whole app for someone to use - all I want to do is on the back end of the site take information that comes through when someone joins the club and automatically have them added to my google groups.
Is it possible for someone to please explain to me what I need to do?
I'm sorry this is kind of a basic question.
Thank you for your help.
I'm trying to create my first project in google cloud with organization's administrator account. I have access to the administrator's email and passwords and I am logging in with that account to do so. The problem is that when I click on create new project I receive the following error:
There was an error while loading /home/dashboard?project=proven-now-305315&authuser=1.
You are missing at least one of the following required permissions:
Project
resourcemanager.projects.get
Check that the project ID is valid and you have permissions to access it. Learn more
Send feedback
The detail is that in my resource administration panel I already gave the permission that they ask me to the resource as shown in the following image:
As I have read, the project IAM Admin role should grant the resourcemanager.projects.get role and as you can see in the image the resource rcv # .. which is the administrator has it activated, however I keep trying to create a new project and it doesn't allow me to do it. Any idea?
In case anybody else, like me, reaches this answer, I want to point out that the accepted answer is correct, but for me I had to also make sure that within the settings, I ensured that Project Creation Settings on the right pane and under the section of Cloud Resource Manager Api Settings was set to on. It was turned off by default. Many people on my team overlooked this as it is significantly smaller text.
This may be an option that was not present before or it was turned on by default in the past. For us, it was turned off.
Please refer to the included image for a visual representation of the
settings that need to be turned on.
The problem was for some reason the Google Cloud was disable for all users, I solved following this instructions. Solved with this!
To activate this service, please follow the steps:
Access the admin console and go to Apps -> Additional Google Services
Look for the service “Google Cloud Platform” and click on the box next to it
In to top right corner click in “ON”
Confirm you want to turn it on in the pop-up box.
I've set up a Django/python web application running on Google Cloud Platform's Kubernetes Engine pods, and secured by GCP's Identity-Aware Proxy.
It all works great, but there are two things I'm not sure how to accomplish.
1) How can I restrict the users to a specific domain, just like the hd=my_domain.com URL parameter does on OAuth2 logging in? That makes the sign-in page only show emails with that domain in the list to click on.
2) How can I enforce that the user logs in with a password, instead of just simply clicking on the account? This is just like when you go to admin.google.com, or security.google.com and even though you're logged in, it forces a password. I know how to go to /gcp/clear_login_cookie to enforce a new login session when I want to log them out, but not sure how to enforce a password is entered. This I believe is called the "user presence test."
Any help is greatly appreciated, I've poured through documentation and have searched various ways on Stack Overflow to no avail.
Both of these items are on our roadmap, though I can't offer a specific timeline.
I don't see an entry in Issue Tracker for either of these. I'll try to remember to add that next week (at which point I'll add the links here), or you can do it yourself: https://issuetracker.google.com/issues/new?component=190831&template=1162609
Thanks for the suggestion, and sorry I don't have a better answer for you!
--Matthew, Cloud IAP engineering
In my project's Developer Console, Permissions > Service Accounts, I just get the loading spinning blue circle. I want to be able to see the service email addresses and generate keys...
This also happens with other pages, e.g. Logging.
Any advice on how to fix this? I've tried clearing cache & cookies, doing a "cache refresh" with shift+refresh; no luck.