I work for a small non-profit and we were approached by a sister organization about having a subdomain under our G suite account. So we are company.org and this other group might be sister-org.company.org. My question is about administrators. I don't want their folks monkeying with any of our users/data. Is there a way to create a subdomain in G suite and allow their folks manage the users without having access to our users?
Great answer Scaff in addition to the link you posted https://support.google.com/a/answer/6129577?hl=en is also helpful.
Related
I am making a small Git / Github demo for first-time users and want to use Github Pages, for which I needed to create a new Github organization. During the 30 min I'll have to do the demo, users will need to create new Github accounts and join the organization. Since I'll have so little time, is it possible for users to request organization membership, rather than me having to invite each person manually by email lookup?
I've seen this before but only through third-party apps. Is there no way to do this directly within Github?
Directly with GitHub, I have seen no evidence of that feature.
Through third-party apps indeed, yes.
As an example: benbalter/add-to-org would automatically add users to an organization.
For smaller teams, this may not be possible. The feature that you have mentioned seems similar to user provisioning and is available for Enterprises through Okta /Azure Active Directory. This link has more details on the User Provisioning.
I freelance for many clients and handle development and web hosting myself. Many of my clients want professional business email so I usually set them up with G Suite (sometimes MS Office 365 Business).
Currently, I've made a new G Suite account per domain and added their employee users that way. (some have multiple related domains so I'll keep them all together in that one account).
It's becoming hard to manage all these logins though and I was thinking would it make more sense to add all of my freelance clients domains to my business's G Suite account and manage their users that way?
Example: I have my example.com domain and main user is me#example.com
Three of my clients have domain1.example, domain2.example and domain3.example with multiple users. Can I add all three of theses to my #example.com G Suite account and manage their userbase that way?
Or should I stick to separate G Suite accounts for each freelance client?
Here is a link detailing some of the limitations: support.google.com/a/answer/182081
Is it possible in GitHub enterprise to arbitrarily add a user to an organization if you are a site administrator. I am evaluating the software, but cannot seem to do this reliably. A site admin who is not themselves part of an organization cannot pull up the organizations dashboard, nor see which users are part of it, although they can view and contribute to the repositories within (in a round about way). I know that it is possible to impersonate a non-admin user, but you would have to know who already is a part of that organization to do this, which is hidden. There has to be a better way because what if some nefarious employee and removed everyone but themselves. The organization would effectively be orphaned.
Thank you
I think I have found where all the members are, under "Members & Teams", duh. I can usurp their account and make myself an owner if needed. Seems cumbersome though.
You most likely want ghe-org-admin-promote
I'm at the early days of looking into IdentityServer v3 and IdentityManager, as I'm certain those guys are more clued up than I, but I cannot see how to configure the IdentityManager.
If we're deploying IdentityManager to a client, all the client want to do is "standard admin type stuff", such as
create users
unlock accounts (e.g. after 3 failed login attempts)
suspend accounts (not paid your bill, tut tut...)
delete users
..rather than amend claims, roles and suchlike (presumably these would be hidden from the Administrators).
What am I missing?
Or, is the IdentityManager supposed to be used by the implementation team installing the thing, and then the business administrators who deal with the topics listed above actually don't use IdentityManager at all, but a separate admin site we have to write? As far as I can make out all the pages, htm letc is within the nuget package so cannot be amended by me.
If it makes any difference, we're trying to create a public facing website that can be logged into, but the users are only created by the company, whose admin site to create & administer the users is IP restricted / not public facing.
Identity Manager is aimed at developers and internal administrators for testing and initial configuration purposes, as opposed to end users.
Check out https://vimeo.com/125426951 by the repo's author. I think it's explicitly stated at around the 1 minute mark. It's mentioned on the Github issue tracker quite frequently too.
Also, it's not that extensible yet, so you won't be able to brand it or remove sections (such as your requirement of no claims).
I work for a large company, which uses MS Exchange for Email. We have a distribution list for people to post questions, where anyone can answer. I am looking for a way to maintain a copy of this distribution list so that anyone can search it. Ideally, this would be searchable from within Outlook as well as by going to a webpage, but I will take either one. Someone has proposed to create a dummy email account, which just gets the distribution list traffic. Everyone interested in this distribution list could then attach this account. While this may work, there are several challenges with this approach:
1) It becomes problematic when you have several hundred people attaching a single email Inbox/account.
2). I need this account to be read-only, so someone doesn't accidentally delete an email from this account, thinking that it is in their personal account.
3). Our company has an auto-archive policy. This account would need to be exempt from that policy.
Any ideas?
Thanks
GS
The dummy mailbox is not a bad idea. You can give the people appropiate permissions to the Inbox folder of that mailbox.
To work around the permission issue you could either
1) create a transport agent which monitors the mailflow and dumps all messages to a database or CMS/SharePoint/whatever.
2) Create the dummy mailbox and setup a service which monitors this mailbox using push/pull/streaming notifications and dump the messages to a database/CMS/SharePoint/whatever.
The SharePoint solution would make the search option a piece of cake. But if you don't already have a SharePoint instance up and running this might be overkill.