I am facing an issue with the client name displayed in Google Admin > Security > API controls > Domain-wide Delegation.
Let's say I have created a service account on Google Cloud Platform:
When I authorize a scope for that service account on Google Admin side (different workspace), the name displayed doesn't match anything I have typed:
For the record, this M Connector descriptor was used before for another service account in the same Google Project (or another project of same Google Workspace, don't remember exactly), but clearly today I don't have any service account matching this in my Google Project.
Is there a way to control the name displayed in Google Admin Domain-wide Delegation list ?
The API Client Name that is displayed in your Domain-wide delegation is actually the name of your App in your Oauth Consent Screen.
my service account:
my domain-wide delegation:
Related
I associated with my other email (mymail#cn.waha.com) with my google account (jinchihe#gmail.com).
When I try to run the gcloud auth login mymail#cn.waha.com, open a web browser, and by default that's gmail and I selected the Use another account to input my other email and password, and then still show Google Cloud Sdk wants to access your Google Account jinchihe#gmail.com, I click Allow but screen shows
ERROR: (gcloud.auth.login) You attempted to log in as account [mymail#cn.waha.com] but the received credentials were for account [jinchihe#gmail.com].
Please check that your browser is logged in as account [mymail#cn.waha.com] and that you are using the correct browser profile.
Seems only can logged in by google account? How can I log in with my mymail#cn.waha.com, I need show mymail#cn.waha.com in gcloud info so pass authentication. Thanks!
You can sign in using one of the following identities:
Google account
Service account
Google group G Suite domain account
If your domain is part of the Google G suite domain then you should be able to log in, using third party domains (such a Hotmail, yahoo, etc) won't let you*. You state that you were able to "log in" into your account through the browser and "allow" the permission. After that you should see a code (random string of text) that you would have to copy and paste into the shell console before continuing the authentication.
*note: you can create a Google Account using a third party email domain, just go to the Create your Coogle Account page and click on "Use my current email address instead" to introduce your personal email (in your case "mymail#cn.waha.com").
Also, according to the error message, you are running the command with "mymail#cn.waha.com" but on the browser you are logging in with "jinchihe#gmail.com" account.
I brought up a GSuite Marketplace Listing with Service account created and Domain Wide Delegation enabled. I want to retrieve the users and orgunits of the customer.
Created a new Google Cloud Project
Enabled 'Admin SDK' in the project
Enabled 'GSuite Marketplace SDK', filled the scopes 'https://www.googleapis.com/auth/admin.directory.orgunit.readonly',
'https://www.googleapis.com/auth/admin.directory.user.readonly' and published the listing.
Enabled the 'Enable API Access' in the Admin Console of the customer.
The customer installed the app but I saw that the client_id of the SA was not added under the "Authorized API clients" section. When I try to retrieve the list of users in GSuite, I get the below error.
"unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested"
Am I missing something in the marketplace listing ?
Why do you expect the SA's Oauth client to automatically appear under 'Authorized API Clients'? The instructions for setting up whitelisted Oauth clients for the domain mention you have to do it manually.
message: '{"ResourceType":"storage.v1.bucket","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"errors":[{"domain":"global","message":"The
bucket you tried to create requires domain ownership verification.","reason":"forbidden"}],"message":"The
bucket you tried to create requires domain ownership verification.","statusMessage":"Forbidden","requestPath":"https://www.googleapis.com/storage/v1/b","httpMethod":"POST","suggestion":"Consider
granting permissions to 1058303916595#cloudservices.gserviceaccount.com"}}'
Above is the message when I tried to create storagebuckets via Deployment Manager. I already tried adding 1058303916595#cloudservices.gserviceaccount.com to the Verified owners of that domain on the Google Search Console but still no luck
To create a Storage Bucket with domain name, your account should be a verified owner of the domain, not the cloudservices.gserviceaccount.com. Additional information can be found in Domain-Named Bucket Verification documentation.
You have to login to your domain name provider with the same account that you use to login to the Google Cloud Console. Then request a new domain name, go to Google Cloud Console App Engine page. Go to Settings and then click on Custom domains and then Add a custom domain. After adding the domain name there and verifying it, you will be able to create a bucket name using that domain as name. But make sure to do so with the same account that the domain was verified with.
I've done an extensive research but I can't find a solution.
How can I enable Service Account Authentication for a project that is linked with Google's private owned Bucket for Double Click Manager data? (more info on the current setup of this project here https://support.google.com/dcm/partner/answer/2941575?hl=en&ref_topic=6107456&rd=1).
Separate user authentication works with gsutil(navigating to browser->get token->paste back in your cmd->issue commands) but when it comes to configuring a service account I keep getting
AccessDeniedException: 403 Forbidden
What am I missing? Since the Google documentation says that this specific bucket can't be listed under Cloud Storage for that project, then the project and the service account should be linked to that bucket by default so I can't see the issue here.
During set-up you should have created a Google Group to control access to your bucket. You should add the service account email address to that group, and it will then be able to access the bucket.
We have been using Google for Work for years now and have a domain setup thru godaddy. We got it so we would have a descent email server without having to worry about it. I then signed up for the Google Developers Console to expand the options we have available and move our local apache/php business software to the cloud. I correctly setup a project with a lamp instance which also works great.
Problem is I cant add projects thru the
https://console.developers.google.com/project?authuser=0
it returns
Error Developers Console has not been activated for your account.
Your account may be suspended or disabled. If you are a Google Apps
user, ask your domain administrator to enable Apphosting Admin on your
account.
But from here I can add new projects
https://code.google.com/apis/console
If I goto the Google for Work console App Engine apps it says
No services have been installed.
Add services to your domain
I click the link to add the service
and goto the Other Services
Google App Engine Provide existing Google App Engine services to your
users.
Enter App ID:*
What is the App ID? I have already authorized the domain we are using for the services.
If I goto Google for Work Domain admin and try to add the other domain we have it says
We are sorry, but you do not have access to Webmaster tool. Please log
in to your Admin Console to enable Webmaster tool. Learn more
Its also adding the domain name to the Project ID: which causes this error in the SDK console
:\Program Files\Google\Cloud SDK>gcloud compute ssh
example.com:api-project-??????? --zone us-central1-a ERROR:
(gcloud.compute.ssh) Could not fetch instance:
- Invalid value 'example.com:api-project-???????'. Values must match the following regular expression: '[a-z](? z0-9]{0,61}[a-z0-9])?'
Im really confused
Go to admin.google.com, login with our organisation account, go to Apps -> Additional Google Services -> Enable the services you need.