is it possible to enable SSO to Google Apps automatically with super admin access?
Apps Admin Settings API supports only get and update of Single Sign-On settings, but I really need to enable/create these settings on behalf of a super admin.
Thanks in advance
Related
Can an app external to a G-Suite organization manage its SSO settings?
I started by trying to create a client ID/secret for my app as per https://support.google.com/cloud/answer/6158849
A prerequisite for getting a client ID/secret is configuring the app's Consent Screen as per https://support.google.com/cloud/answer/6158849#userconsent
When looking at the "Add Scope" modal, I only see:
Admin SDK ../auth/admin.reports.audit.readonly
Admin SDK ../auth/admin.reports.usage.readonly
How do I get a scope that would allow my app write access to another G-Suite organization's SSO settings?
I am not trying to manage my G-Suite organization's SSO settings.
What you want cannot be achieved essentially because you cannot manage someone else's G-Suite organization's SSO settings. Therefore, no scopes are available for this option.
But if you have access to the domain mentioned, you can use this scope which is the global scope for access to all domain settings.
https://apps-apis.google.com/a/feeds/domain
According to the documentation:
To request access using OAuth 2.0, your application needs the scope information, as well as information that Google supplies when you register your application (such as the client ID and the client secret).
The old admin settings API is still working for SSO settings, just tried. You can manage the SSO settings of any organization that has enabled your project ID with the scope https://apps-apis.google.com/a/feeds/domain/ via a Marketplace install (they install your app) or a manual install as described here
I am using the Google Admin SDK APIs to manage users (create/update) in our organization's Google apps account. We allow users to optionally use the 2-factor authentication feature and I'd like to be able to determine if an account has it enabled or not when one of our internal support reps looks up their account. Looking over the docs at https://developers.google.com/admin-sdk/directory/v1/reference/users, I do not see any attributes that would indicate this setting.
Is there another way for me to check if it is enabled via an API?
Saw an answer from an old Stackoverflow post:
Find all Google Apps users not using two-factor authentication
You can actually find that information via Reports API of Admin SDK:
https://developers.google.com/admin-sdk/reports/v1/reference/usage-ref-appendix-a/users-accounts
Hope this helps!
I searched on the Web to find an evidence for changing Gmail settings through google admin sdk but I could not find anything!
I want to add labels to a gmail account(x#gmail.com) through google admin sdk. I just need to know is it possible or not? if it is, how should I get my authentication keys.
Best,
Majid
Yes, this is possible.
Within the Admin SDK, you'll see an option on the left, Manage Settings. From here, you can click on Email Settings. Managing labels are specifically detailed here and the authorization info can be found within the Email Settings API Authentication section.
Hope this helps!
Not possible on an #gmail.com account. Admin SDK is for Google Apps admins only
I have an application running on Django and a bugtracker (redmine).
I'd like to have the same accounts for my users on both applications.
So I decided to install an LDAP on my server and plug my apps on.
In the mean time, in the future I'd like to give my users the ability to attach their accounts with OAuth, OpenID (like Google, Facebook, ...).
Is LDAP still a good idea for this purpose ?
Is it something usual and how easy ?
With a unique LDAP you get resolved the duplicated account problem but you dont get the SSO or SLO functionality. The Ldap plugin of Django and Redmine are easy to configure and are well documented. Same happens with the OpenLdap server.
If you are thinking in the future, I think a nice solution would be to set a SAML enviroment.
Use simplesamlphp to build a IdP and enable the authentication sources that you want: Facebook, Gmail, Ldap, etc
Use djangosaml2 to add SAML support to django and connect it with the IdP
Use this plugin to add SAML support to Redmine and connect it with the IdP
At the end you get a system based on SAML, a protocol that actually are using Google and other big companies.
I have an app hosted by google app engine, and I am having trouble with authentication.
When I login using my admin account and try to access the admin page or members pages, I just get a blank screen. I can login, and the members only menu shows when I login, but I just can't see any data from the members pages.
I'm not really sure where I should start checking? My app is registered with my google apps account and I am using the only admin login that is there.
Any suggestions would be appreciated.
It sounds like you're running into the Google Apps vs Google Accounts issue. If you have a Google Apps account listed as an administrator on an app that accepts any Google account for authentication, it won't be recognized as an administrator. You need to create a regular Google account (such as a gmail address) and use that as an admin in your app.