I have a problem with a shared user account that I need some help with:
In outlook, we use a user mailbox for our company contacts that I have restricted to be only accessible by a few people. Problem is that some people need access to this and we put the account on their phone, but then they have full control and can add and remove contacts at will.
Is there a way to restrict (for example an iPhone) access to the outlook account to be read only?
I have tried using the ECP (no applicable settings) and made the user a "reviewer" to their own box, but the phone still has full access.
The problem with access from a phone is that the build and applications and even the Outlook app for iPhone and Android doesn't have the ability to access Shared Mailboxes.
So the only way of getting it working on a phone, outside of having the users open the webmail which is not a nice experience on a mobile devices despite Microsofts best efforts, is to give the mailbox an Exchange license and provide the user with a username and password for the mailbox.
However doing this will give the user full access to all folders in the mailbox.
I would recommend a solution like
CiraSync, where you could sync contacts between folders directly to the users own mailbox or from the GAL directly to the users.
I would recommend other vendors that does the same but this is the only vendor that I have tested myself on customers and I have good experiences with.
Related
We have a Powershell script that creates some guest users using the New-AzureADMSInvitation cmdlet, and its return value has a handy-dandy InviteRedeemUrl property that we include in a nice welcome email to the user to get them started with setting their account up and using our application. This works fine when inviting individual or small numbers of users.
However, we'll need to do this for many users, and carefully control when the emails go out, and I can't see any other way of retrieving this URL after-the-fact... the only option seems to be the "Resend invitation" button on the guest user in AD, which sends a Microsoft-branded email from "Microsoft Invitations" with the redeem URL, which is kind of a problem... For marketing reasons we need to put the invite redeem URL in our own welcome email, so we don't want Microsoft sending out those emails.
Is there any way to retrieve or calculate that invitation URL after the guest user had already been invited? I know I could delete and recreate the invitation itself, but that's still a manual process and I'd like to be able to create guest users in bulk first, and then retrieve those URLs in bulk once we're ready to send out emails. Especially since Azure AD itself seems to be able to fetch the redeem URLs later on via the "Resend invitation" button.
Alternatively , you can think of adding you company branding in the verification and invitation mails in azure AD.
Here is something similar you can find:-
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs#how-do-i-customize-verification-emails-the-content-and-the-from-field-sent-by-azure-ad-b2c
Basically you need to change the company branding in Azure active directory to have your custom logo and text.
Hope it helps.
We ended up modifying the AD invitation script to store the InviteRedeemUrl value in our CRM as a field on the customer record. Then later on when our Marketing team wants to start their email campaigns, they could include a reference to this field in the email template just like they would any other field. This way, we got all our analytics on click/open rates and retained complete control over the emails, including where each batch was being sent from (so customers could reply to the correct support staff member for their segment).
I'm developing a client jabberd application for mobile(android) using (a)Smack.
Since, in my application, the users are registered by their phone numbers, the application should be able to recognize which contact has a jabber account on the server and suggest him/her for chatting.
After googlling the web I found that there is a jabber user directory (JUD) which I can use to check there is an account for a specific mobile number or not. (I'm using UserSearchManager).
My questions:
1- It seems that there is no record in JUD for a user who has not updated his vCard yet, so I cannot find him. Is there any solution to check the existence of this kind of users?
2- It seems that by using JUD, everyone outside of my application can fetch some important information of users such as mobile numbers, emails, etc. Is there any solution to limit JUD search engine? (for example, getting only "user field" as a input and returning only "full name field" of existing accounts or other useful limitation).
So by this way, I can recognize which person from the contact list has an account on the server and also other people cannot fetch important information of the exiting users.
Any command or advice is appreciated. Thank you.
I do not think it is possible as default, without customizing ejabberd application code.
For my own gmail account, I have multiple email addresses associated with it. For example, I have an email address from my university that is associated with my gmail, and I can send emails from my gmail as if they are coming from my university email address.
I'm reading up on the Google APIs, and I see that I can get a user's gmail address, but can I also get any other email address that is associated with their gmail account?
When a user logs in to my site, I'd like to present them with a list of the gmail-associated email addresses and let them select the one they would like to use.
EDIT: Thanks everyone for the answers, but I don't think any of them answers the question. I've been playing with Google's OAuth playground. It is strange that I can get lots of very personal information (a list of a user's contacts and even received emails) but I can't get the user's alternative email addresses.
Your description is a little vague. Are you talking about send-as alias accounts or alternate email accounts?
Send-as Alias
Either way, you can interact with the send-as accounts here: Manage Send-as Alias
Alternate Emails via Admin SDK
As for alternate email accounts, they can be accessed via:
Admin SDK: https://developers.google.com/admin-sdk/directory/v1/guides/manage-user-aliases?hl=en
Google Apps Script: https://developers.google.com/apps-script/reference/gmail/gmail-app#getAliases()
Additional info here on how the accounts work.
Email addresses associated with your account
Alternate email addresses and other Google products
Connect other email accounts to your Google Account
Federated Login
Also, I'm not exactly sure how you are trying to incorporate this functionality into your site but another area I recommend checking out is Federated Login for Google Account Users. This might also provide you with the functionality you seek.
Using federated login (also known as federated identity), your website
or application can allow visitors to sign in using their Google user
accounts. Federated login frees users from having to set up separate
login accounts for different websites, and frees you from the task of
implementing login authentication measures.
It has been a while since the question was asked. You can use the Google People API to get a user's primary email address and aliases. Here's the documentation. The scope you need to use is: https://www.googleapis.com/auth/user.addresses.read
This will return all the email addresses for the user and also tell you which is the primary one.
If you use OAuth to have your users sign-in with their Google accounts (with or without G+) the user will be prompted (by Google) to select which of their accounts they wish to authorize your application to use:
https://developers.google.com/accounts/docs/OAuth2Login
So to directly answer your question, I'm not aware of an API to return that list of users - however you shouldn't need to, Google will take care of this before returning to your application.
If your user is already logged in, and you wish to give them the ability to change the Google account they are using, I believe it is possible to prompt them again to select the account they are interested in (search for select_account on the link above).
This is possible. However, this has changed since Google announced the deprecation of their Google+ People API, which a lot of folks used to get all the email addresses for a user. The current most voted answer now goes to a 404.
Google Plus People API Replacement
Google has replaced the Google Plus People API /plus/v1/people/me with https://developers.google.com/people/ and you’ll want to use the https://www.googleapis.com/auth/user.emails.read profile scope as discussed here as a replacement. The schema is different, so you'll need to change your mapping as well.
If your app already used the following scopes from the old /plus/v1/people/me your user will not have to re-consent when you switch to the new API:
email
profile
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.profile.agerange.read
https://www.googleapis.com/auth/plus.profile.emails.read
https://www.googleapis.com/auth/plus.profile.language.read
I work for a iPhone game developer. We use Facebook as a way for people to register their account to easily add friends and post news of their game progress.
We have created several Facebook accounts to test game account attachment and various friend features our game has.
Unfortunately, recently added security features are preventing us from logging into our test accounts. We are being asked to enter in a cellphone number to receive a SMS with a code to enter so we can verify they are real people. Unfortunately, after a phone number is used once, it cannot be used for any other account. So at the moment, we have two accounts that can be used, and about a dozen accounts that are inaccessible to us.
I haven't been able to find any solutions to this problem and we are really short on time at the moment so I need one ASAP.
They dont want you to create accounts like that, they want you to create accounts like this
This is odd, when I have test user accounts they never ask me to confirm the account. Maybe you should generate new test users for your app at: https://developers.facebook.com/apps/{yourAppId}/permissions. Then click on Add in the test user section.
I've created an iOS Developer individual account because I want to upload an application that I've got developed from another developer. I want to allow the other developer to upload the application to my profile.
Can I manage users and add him as an admin to my iTune Connect? Is this facility available only for company accounts?
I saw this which says "You are the only one allowed access to Program resources." under individual registration.
http://developer.apple.com/enroll/selectEnrollmentType.php?t=nm
Only company accounts can allow multiple users.
Edited: This is based on experience. If you register as a company you can add additional accounts (via the Member Center). If you sign up as a user, you can only have a single account for logging into iTunes Connect.
This is what it means by "You can add additional developers to your team who can access Program resources." under the Company column on that select enrollment type page.
You can also add team members in an individual license. I am enrolled in the iOS and Mac OS program and have added two of my friends to work together with me on an app. The UI shows that this is the way it should be (in the upper right corner is written "Florian Pilz, Florian Pilz", whereby the first name is the name of the team agent [me] and the second name is the name of the user currently logged in [me in my case, another in the case of my friends]).