I have found lots of information on the internet about adding Members to a Group in Googlegroups, but I cant manage to get any of it to work.
I am working in Python-DJango.
Using a bussiness account, I manage to add them using Provisioning API, but I could not do it with the new Directory API.
The problem is the group I want to add people to is not a business one, it's an ordinary googlegroups one:
group_name#googlegroups.com
From what I have found, and what I did for the business group I have the following code:
groupClient = gdata.apps.groups.client.GroupsProvisioningClient(domain=domain)
groupClient.ClientLogin(email="user#gmail.com", password="xxx", source='apps')
groupClient.AddMemberToGroup("group_name#googlegroups.com", "newUser#gmail.com")
I wanted to know what I have to put in the domain field. With the business account it was the business domain, but being a normal googlegroups one I am not sure. I have tried googlegroups.com and doesn't work, as I always get a invalid domain error.
Any help would be appreciated
Thanks!
The Provisioning API (deprecated) and the new Admin SDK are both designed to work with Google Apps for Business and EDU and only work against Google Groups for Business (groups with a custom #yourdomain.com address).
You cannot use these APIs with consumer Google Groups that have #googlegroups.com email addresses. For these groups, your only option is to manage membership via the web interface.
Related
I want to give GSAs direct access to modify Google users. I can't find current docs on this so assuming it's not possible right now?
It looks like this is only possible for working with groups:
https://workspaceupdates.googleblog.com/2020/08/new-api-cloud-identity-groups-google.html
I need to give a GSA access to read group membership and also modify user attributes.
Right now I:
create an admin a G Suite user
create a GSA with domain wide auth with these scopes
https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.user
Impersonate the G Suite user with the GSA and modify user attributes like this:
service = create_directory_service("G SUITE USER")
service.users().update(userKey=uKey, body=myAttributes).execute()
Do I still need domain wide delegation to modify user attributes? Or is it supported now as well?
You can follow this guide to create a Service Account, turning on the Admin SDK API (which allows the service account to provision/manage the users), and authorizing it.
The Service Account created can be used then to provision/manage the G-Suite users, here is a guide on how to manage user accounts using the Directory API, which is part of the Admin SDK.
In short, yes it is possible to manage users too, by using Service Accounts, not just groups.
Sorry if my English is weird.
I would like to know how a non-admin account can use the Admin SDK.
If you have any suggestions, please let me know.
I'm developing an add-on for an elementary school using Google app script.
I want to limit the API by student, teacher, grade, etc. So I need to get the organization information.
There were a few other similar questions, and apparently it would be impossible to try to do it normally.
When using the Admin SDK, Google will display an acceptance confirmation screen to the user.
Once the user agrees, Google gives the app an access token that is valid for a short period of time. I'm thinking that I can do this by using that access token. Is this approach dangerous from a security point of view?
I'm sorry for the lack of explanation.
I'm currently developing a google slides add-on for an elementary school.
It's supposed to display a SPA made with vuejs in the sidebar and let you manipulate it.
For example, we can manage a whitelist of organizations that can use this application in advance, and not allow organizations that do not match the whitelist to use it.
If the organization is managed by school unit, access control can be done by domain, but in some areas, the organization is managed by city, so access control by school unit cannot be realized...
Also.We want to do the following if we match the whitelist.
The functions that can be used by teachers and students are
different.
The buttons can be changed depending on the grade level of the
students.
Automatically enter student names and class names on slides.
Use an organizational structure to manage the school and students. (https://support.google.com/a/answer/4352075?ref_topic=4390186&hl=en)
We think we can achieve this by using the Admin SDK to get organization information
Answer
It is not possible to use Admin SDK with a non-admin account as Google says in the documentation: This API gives administrators of Google Workspace domains (including resellers) the ability to manage devices, groups, users, and other entities in their domains.
However there are two workarounds for your problem, but you would need to use an admin account to configure the scenario.
Initial approach
Get the user that is running the application with the class Session and the method getActiveUser and getEmail: var email = Session.getActiveUser().getEmail();
Get the organizational unit that each user belongs to. With this information you will be able to filter users and display different options in the add-on. The main problem is that you need to use AdminDirectory.Users.get(userEmail) to get the organizational unit, and it needs the following authorization scope: https://www.googleapis.com/auth/admin.directory.user.readonly.
Solution 1
Create a Spreadsheet with all the users that are going to use the add-on and its organizational unit
Use List all users to get all the users in a domain and write each email in the first column.
Use AdminDirectory.Users.get(email).orgUnitPath to get the organizational unit and write it in the next column
Finally, when users use the add-on, search the email of the active user (Session.getActiveUser().getEmail()) in the Spreadsheet, take the row number and get the value of the organizational unit that is in the second column.
Solution 2
Create a custom admin role and assign it to every user that is going to use the add-on. You must be signed in as a super administrator for this task. You can do it here and select Users -> Read,
Assign the new role to each user creating a role assignment
Finally, users will be able to use var organization = AdminDirectory.Users.get(email).orgUnitPath
I have a flask website.
i would like the user to be able to schedule repeated requests for data from one of their Google accounts (let's say Gmail).
From within the website, the user would first authorize the application to access their private Gmail data. From then on, the application, would retrieve the user's Gmail data on a re-occurring basis, without needing to get authorization each time.
Is this possible? I know it would require a service account but can anyone point me in the direction of documentation that describes how this particular scenario might work.
Would such a scenario be allowed to persist long term? Or will their come a time when Google will require the user to reauthorize the application?
Correction, you should not use App Passwords. OAuth is the correct way to do it I believe:
https://www.oauth.com/oauth2-servers/signing-in-with-google/
Here's Google's docs on it, which is more specific to your need:
https://developers.google.com/identity/protocols/oauth2
I read that the Admin SDK works for Google Apps resellers, but I'm having one specific problem.
I want to use the following request to get the number of user licenses in use on one of my customer's domains.
https://www.googleapis.com/admin/reports/v1/usage/dates/%s?parameters=accounts:num_users
But there's no way that I can find to specify the customer's domain name that I want to get the usage report for. Tried a few different ways.
There must be a way that is hiding from me because this was possible with the old deprecated API.
Thanks.
Using the Reports API for this is not advisable because it can be delayed by 48+ hours. It's also not possible for reseller users to run reports for customers at this time. Rather, you should use the Google Apps Reseller API to list subscription counts that should be fully up to date.
Looks like this API here will do the trick:
https://developers.google.com/admin-sdk/admin-settings/#retrieving_the_current_number_of_users_in_a_domain
I want to change the group settings (oGrp.OnlyAllowMembersViewMembership = false) for all the site groups present in my site. I have to use web services to perform this function and not the object model.
Until now I have worked on the object model mostly so I'm not very sure of web services. Please let me know if anyone has ideas on how to go about it.
I don't believe this is possible using the web services. They have a more limited set of functionality than the object model. It is possible to add and remove users from groups but there is little that allows you to change a group's settings. UpdateGroupInfo is the closest I know of which doesn't do what you want.
Your best option is to write your own custom web service and deploy that. You can then use the SPGroup.OnlyAllowMembersViewMembership property from the object model to configure the groups.