I am looking into utilizing Harvest for a time tracking and invoice solution and was hoping someone would be able to shed some light as to why they use the means of logging into their account with the following format 'https://COMPANYNAME.harvestapp.com', and not just logging straight in through their site.
Many Thanks for any insights.
I think, this is because of ability to
rebrand landing page for login
allow to login simultaniously in multiple instances at the same time.
simplier cdn managment.
and so on - benefits from using unique domains.
Related
(I have done a search through the questions to see if I could find something on this, but have not found answers.)
I have two google groups through my G-suite and I want to automatically add people to both groups after they sign up for my club through a process on my website. I think this should be possible using:
https://developers.google.com/admin-sdk/directory/v1/guides/manage-group-members
I have gone into the API Console, created a new project, enabled the Admin SDKI API, and got an API key. However, I think I am running into the Authorization issue because we keep getting an error that the authorization token is missing.
I have tried using the OAuth 2.0 but I'm not sure if this should be "Internal" or "External". I'm not creating a whole app for someone to use - all I want to do is on the back end of the site take information that comes through when someone joins the club and automatically have them added to my google groups.
Is it possible for someone to please explain to me what I need to do?
I'm sorry this is kind of a basic question.
Thank you for your help.
I've set up a Django/python web application running on Google Cloud Platform's Kubernetes Engine pods, and secured by GCP's Identity-Aware Proxy.
It all works great, but there are two things I'm not sure how to accomplish.
1) How can I restrict the users to a specific domain, just like the hd=my_domain.com URL parameter does on OAuth2 logging in? That makes the sign-in page only show emails with that domain in the list to click on.
2) How can I enforce that the user logs in with a password, instead of just simply clicking on the account? This is just like when you go to admin.google.com, or security.google.com and even though you're logged in, it forces a password. I know how to go to /gcp/clear_login_cookie to enforce a new login session when I want to log them out, but not sure how to enforce a password is entered. This I believe is called the "user presence test."
Any help is greatly appreciated, I've poured through documentation and have searched various ways on Stack Overflow to no avail.
Both of these items are on our roadmap, though I can't offer a specific timeline.
I don't see an entry in Issue Tracker for either of these. I'll try to remember to add that next week (at which point I'll add the links here), or you can do it yourself: https://issuetracker.google.com/issues/new?component=190831&template=1162609
Thanks for the suggestion, and sorry I don't have a better answer for you!
--Matthew, Cloud IAP engineering
For a project I want to show/export all visitors with visitortags from an engagement plan. The export is for creating an overview and checking purposes. It's important to show the business I have done my work correctly. I prefer a way without writing any programcode.
Does anyone know how to do this?
Thanks a lot.
Jordy
This is not possible by default in Sitecore, so you will have to write some code.
If you click the supervisor you will be able to see the USERS in a state in an engagement plan, but not VISITORS. Even though you can see the users, you won't be able to see the visitor tags, for that given user.
We have been working on a gaming website. Recently while making note of the major traffic sources I noticed a website that I found to be a carbon-copy of our website. It uses our logo,everything same as ours but a different domain name. It cannot be, that domain name is pointing to our domain name. This is because at several places links are like ccwebsite/our-links. That website even has links to some images as ccwebsite/our-images.
What has happened ? How could have they done that ? What can I do to stop this ?
There are a number of things they might have done to copy your site, including but not limited to:
Using a tool to scrape a complete copy of your site and place it on their server
Use their DNS name to point to your site
Manually re-create your site as their own
Respond to requests to their site by scraping yours real-time and returning that as the response
etc.
What can I do to stop this?
Not a whole lot. You can try to prevent direct linking to your content by requiring referrer headers for your images and other resources so that requests need to come from pages you serve, but 1) those can be faked and 2) not all browsers will send those so you'd break a small percentage of legitimate users. This also won't stop anybody from copying content, just from "deep linking" to it.
Ultimately, by having a website you are exposing that information to the internet. On a technical level anybody can get that information. If some information should be private you can secure that information behind a login or other authorization measures. But if the information is publicly available then anybody can copy it.
"Stopping this" is more of a legal/jurisdictional/interpersonal concern than a technical one I'm afraid. And Stack Overflow isn't in a position to offer that sort of advice.
You could run your site with some lightweight authentication. Just issue a cookie passively when they pull a page, and require the cookie to get access to resources. If a user visits your site and then the parallel site, they'll still be able to get in, but if a user only knows about the parallel site and has never visited the real site, they will just see a crap ton of broken links and images. This could be enough to discourage your doppelganger from keeping his site up.
Another (similar but more complex) option is to implement a CSRF mitigation. Even though this isn't a CSRF situation, the same mitigation will work. Essentially you'd issue a cookie as described above, but in addition insert the cookie value in the URLs for everything and require them to match. This requires a bit more work (you'll need a filter or module inserted into the pipeline) but will keep out everybody except your own users.
On the site that I'm developing we need to track the last visited page for each user (users login to the site). What's the best way to do this? We are already using a custom profile so adding a new field is easy. The site will not have a lot of traffic so updating this field wont be an issue, i think. Are there better ideas? Does sitecore already offers something that we can possible use?
OMS has a "Top Exit Pages" report by default... but that is tracked across sessions, not users.
A good IIS log parser should also be able to give you this information... again, that would be by session (or IP) and not logged in user.
If you really want to get every exit page AND filter by logged in user... what I would do is add a new pipeline processor to httpRequestBegin, and place it after the ItemResolver. Then save the Item.Paths.Path. I would advise against writing this data to the user Profile if you are using the default ASP.NET Profile handler and you have a decent amount of traffic, because it is highly inefficient. Roll your own simple storage solution here, or just dump the data to a log.
My first question would be: Why do you need only the last visited page of the user? What are you trying to determine?
In a lot of cases, you are probably starting down an analytics route, or perhaps even trying to drive some marketing.
If the analytics is what you are going for, you can probably just pop an event out to your google analytics account with the current username as an event variable to allow you to look at analytics by user and by page. Alternatively, you could use the Sitecore OMS/DMS features for tracking all that data and looking at the analytics there.
If you are looking at driving marketing, you probably want to use OMS/DMS, especially if you want to start getting into personalization or engagement plans. OMS/DMS will track user activity, and all the pages they visit, though not by user account. With some customizations, you can probably add that data in, but it will depend on what you are trying to use the information for. The username may not be what is important to you.
If, however, you just want to know what page to send the user back to after logging them in, it would be better to just store that in session or pass as a post parameter if session is not a viable option for you.