We've written an application to replace a third party tool to download and print jobs through Google Cloud Print. For new customers this will work well. We create the printer in the cloud and download jobs. It works. Customers up and running with the third party tool are using a printer created with that tool. I thought I'd be able to access that printer's jobs by getting the user to go through oauth authentication to give our application the permission to manage the user's printers. However, having done this and all seeming to work when I fetch jobs from that printer the response is that there are no jobs. But there is a job. Is this behaviour to be expected. Is there any way around this? We'd just like to avoid our customers having to create new printers.
The question is a little unclear; feel free to edit your question and I'll edit this answer.
Being able to manage jobs is not the same as being able to download jobs. Each printer belongs to a user, and each has a robot account. Only those two accounts (I believe) can download the job ticket and payload.
After a job is marked as completed (through the /control API), the payload is deleted.
A third user account that can manage jobs is allowed to view information about the job, as well as cancel/delete the job, but can't (I believe) download the job payload.
Related
I'm quite new to SharePoint/Azure/PowerShell, so apologies if what I'm asking is a stupid question!
We currently have client SharePoint sites hosted on our O365 tenant, with access to each site to be rolled out to each of our respective clients shortly. Initially, only the senior management of each client will have access to the sites, however as time goes on it's likely we'll be adding everyone else too; To streamline the new user process and save us from having to add each individual staff member, we've been considering using a Flow to automate user access instead, with the goal of adding authenticated external users without much real input from administrators other than a simple approval/rejection process.
The overall plan is as follows:
Visio Outline<
Each Client site has a SharePoint Custom List, titled "Employee Access List". Said list will have the following columns: Request ID (Text), First Name (Text), Last Name (Text), Job Title (Text), Company (Text), Contact Number (Text), E-Mail (Text), SharePoint Access (Yes/No Boolean).
If a member of staff requires access to the SharePoint site, then their respective manager will add the staff member to the list and fill in all the above fields, setting the "SharePoint Access" item value to "Yes".
This will trigger the flow and an approval email to be sent to myself and another administrator, with said email detailing the user to be created, and who has submitted the request.
Script insertion somehow - This would then run if the request was approved, and set the user up with access.
Email notification is automatically then sent to the creator of SharePoint list item, notifying them that the user now has access.
Step 4 is where I'm a little stuck in regards to what to do if the request is approved - I've written a little PowerShell script below which nearly achieves what I'm going for, in that it creates an external user PnP Group and PnP Role Definition (If there isn't one already), pulls what's in the "E-mail" fields on the "Employee Access" list and runs Add-PnPUsertoGroup to pull the users to the PnP group, which then sends the users an email with a link to the SharePoint site, allowing them to access it. However:
The script I've written targets everyone on the SharePoint List, whereas ideally I would just want the script to target the sole user that's been newly added to the list/is listed in the approval email, and only them. I'm assuming that I'd have to pipe information from the Flow into a script, which I'm not even sure is possible, and if it is, I haven't got a clue how to do it.
I know that that Azure Functions and Azure Automation can be used to insert scripts into Flows, but I don't have experience of either so I'm not sure which is the more suitable option. Is there any guidance on how to insert PowerShell scripts with them, and how to pipe what's in a flow into said scripts?
PowerShell Script as follows:
Hope this all makes sense - Any guidance would be appreciated.
Thank you!
EDIT:
Just as a bit of extra information, here is the Flow as it currently is:
Flow Part 1
Flow Part 2
Flow Part 3
Have since found an answer to the above - whilst Azure Functions/Automation are an option, you don't necessarily need them or PowerShell scripts running from Flow, in this case my goal scenario was achieved using an MS Graph Invitation API, App Permissions and a HTTP SharePoint call instead.
See attached screenshots:
Flow Answer 1
Flow Answer 2
Flow Answer 3
Step 1: Set up an App with permissions to make calls to MS Graph - use this guide for help on how to do so - http://blogopaxio.azurewebsites.net/accessing-graph-api-from-microsoft-flow-using-application-permissions-2/
Step 2: Add HTTP to MS Graph and set parameters as in screenshot 1 of this post - this action will create guest user and invitation URL the user would need to sign in to the site.
Step 3: At this point, run the flow so that we can get the 'inviteRedeemURL' from the body of the Output for the HTTP step - you will need this particular URL to send separately in your email to the end user.
Step 4: Throw in a pause for a minute or 2 just to make sure that the information from the previous actions 'sticks' - provided it all works, at this point, the user will actually have their guest account created and you'll be able to see them under Users in your O365 admin centre, however they won't be aware of their account access yet (We'll notify them of this in our email at the end).
Step 5: Add the user to SharePoint security group with a "Send HTTP Request to SharePoint" action. Please note that the "sitegroups(19)" in the URI of this action refers to the ID number of the PnP group you're putting them in, so in my case the group ID was 19. If you're unsure of the ID of your group, connect to your SharePoint Site through PowerShell with PnP commands, then run Get-PnPGroup.
Step 6: Send the email to the invited user with the Outlook Send Email action - FYI -the "SharePoint Site" variable in my screenshot is actually the "inviteRedeemURL".
Hope this helps anyone else that's unsure of how to do this. If anyone has a better solution that achieves this by all means post it!
Thanks!
My company was using a third party tool to download print jobs from Google. This has developed problems so we've written our own. We can register a printer, get notifications via XMPP and download jobs. All good. We'd like to download jobs from the printers already registered via the the third party tool.
We have successfully got the permission of the google account that owns the printer to manage its printers and subsequently downloaded jobs from the printer. This was achieved using a solution that issued /fetch api calls every minute. Of course, Google wants the XMPP method used so we tried to do that. After getting over an authentication issue by adding googletalk to the scope in the oAuth request we fail to get any notifications.
In summary, with our own printer we can fetch, download and get XMPP notifications but with the printer registered with the third party tool (where we don't know the client id and secret but do know the google account) we can fetch and download but not get XMPP notifications. Is there any way round this?
The XMPP messages go to the robot account that owns the printer, so I don't think you should expect to receive XMPP messages without that robot account (and corresponding XMPP JID).
Rather than work around the intentions of the API, I suggest you work with the third party. Maybe they can provide hooks into their notification queue?
I know I can use Google Apps Script to send an email from the account that is currently logged in. I'm wondering, is it possible for a "master" Script on one account to push a trigger of some kind out to a series of other Google Accounts, telling them to run their scripts?
Essentially I need to send a bunch of emails from various different accounts, and the user who runs the script won't be able to log into all of them. I'm looking for a way to make all these accounts listen for a central signal to run their scripts.
Does this make sense? Any thoughts?
Thank you,
Pacific 231
The short answer is yes...
You will have to write one script for each account that will run as a service (deployed as webApp with its own url) and your master script will have to call each of them using an urlFetch with some parameters added to the url telling them what email to send. You'll have to add some security feature to these calls.
Every webApp service will run as the user who wrote the script and will be accessible to anyone (if in a Google Apps account you will be able to restrict the use to members of the Google Apps community).
This is not too hard to do but will require some work though...
We'll be glad to help you if you meet specific issues.
I have built a Custom B2B app for one of our clients. My question is how to automate the distribution of the redemption codes.
I have already looked at some of the MDM providers. Their solutions are too expensive and all we really need is a way to distribute the app from a webserver, not manage a bunch of mobile devices.
As you probably already know, when a client buys a Custom B2B app through the Apple VPP program, they get a spreadsheet with valid redemption codes for the number of licenses they have built. This spreadsheet has 2 columns: 1) redemption code 2) URL to redeem the code
I want to provide my client with a URL where they can send their users to download the app. They just don't have the expertise/infrastructure to distribute the app themselves. And emailing clients is not going to work.
I'm not a web guy, but it seems to me that we could write a webpage that would look at the spreadsheet for the next available activation code and then redirect the user to the associated URL. I'm not concerned with the number of licenses they distribute since I have another way of auditing the real number of users (Flurry). So I want this to be as painless as possible.
In fact, I have multiple clients and want to provide them each with their own URL for their clients. It seems like this shouldn't be too difficult to code.
The problem is, I'm not the guy to write that code. Any ideas on how best to do this?
Assuming that you don't want to show the user a website you should be able to do this with an online service like parse.com and the features it offers.
From a user POV you would supply them with a link which directed them to parse.com with a path and parameters indicating the action to be taken (get app) and what account is associated. This would redirect the users browser to the appropriate destination.
The main issue (and this applies to any solution) is knowing if the user actually followed through and used the code. i.e. should it be removed from the DB so it isn't offered to another user in future. Then you would update the DB each time you get a new spreadsheet.
Anyway, this could be achieved with a little javascript in parse.com, specifically, by using cloud code which can interrogate and modify the DB and then redirect the user.
Obviously if you need user authentication of some kind or other restrictions then you would need to start adding some web interface on top of this in order to collect the details.
I am doing some dev work for a client. She has a Dev License should would like to put the app under but since she is non-technical it has been frustrating since she has to be the one to submit the final app.
Is there a way for a Dev License to have multiple Admins? I have it configured so I am a developer but as such I cannot do the Distribution License. Only she can do that. Is there a fix?
If you have a good relationship to your client, you might want to ask her for her login details so you can do it yourself.
There is one other possibility though: For a similar problem I was given the advice to build & archive my app and send the archive to the client. He could then resign the app using his certs, which would eliminate the need for him to do all the building stuff, not to mention it will spare you to surrender your source code. However, this will not eliminate the need for your client to enter all the meta information and so forth while uploading the app.
For the necessary steps to resign an app, see this answer.
To answer your original question: Each developer account has exactly one Team Agent. So you need some kind of workaround anyway.
There is only one administrative or Team leader per developer account. So you really need to plan on the policy for sharing use of that account from the beginning, if the required activities of the agent need to be split up among multiple parties, if you can't have one party capable of doing everything.
A shared account can be created from the beginning (either by the owner or the developer). I recommend an ADC account be created just for this purpose, instead of just using the owner's personal account and email address ( e.g. instead of mary.smith#sample.com, create and use iosdeveloper#sample.com for enrolling as an iOS developer. )
Account credentials can be "loaned" (perhaps with password changes after use).
You can be given remote access (VNC/RDP) into the owners PC or Mac (or more secure yet, a VM session) as or after they log in.
You can talk the owner though the process over the phone (or video chat, etc.).
Or, the owner can learn how to get certificates, and build or resign and submit apps themselves, perhaps using a comprehensive script.