I'm trying to get Microsoft to approve an Web addin that takes a user's email attachments and pushes them to our Web Application. We have some very robust testing notes (up to the max in the free form text box that is) and it includes access to an Office 365 mail account, which in the first submission attempt they told me was required.
In this recent attempt they sent back a response that we had incomplete testing notes:
Your submission did not include all information needed for successful
verification and testing of your offer. We were unable to login to
your Outlook account. Please see the attached (CannotLogin) image.
Please include all necessary instructions and resources for successful
verification and testing in the Notes for certification field when
re-submitting your offer. The Notes for certification field is
available on the Review and Publish page when you are editing your
offer listing.
That's it. They've never made any attempt to reach out to ask to sign in, but this seems to be required in testing. I'm wondering what we do to get this submission through. Do we leave out the email account to test with completely and have them test with one of their own accounts? Or do we put instructions in our submission explicitly to reach out to us for account verification? All we need them to do to test this is have some email with some attachments and use our credentials to our hosted web app (in our testing notes) to push that information to us.
** This is Microsoft's recommended source for support, which is odd, we've tried other forums to try to reach out. I'm aware this question may be 'off topic' according to SO guidelines. I've found that they've responded on Stackoverflow in better fashion.
**** Update ****
The submission attempt failed again. We included a specific email in our submission with test data in the account. Following screenshots explain that the requirement is an Office 365 account. Are we supposed to include an Organization domain specific office 365 account?
The validation team use their own test accounts to confirm the sign up for an account flow and the majority of the testing. If there is any features that require an account with unlocked features, say from a paid for account - that needs to be provided by the add-in submitter. If a large amount of configuration is required or a large amount of test data needs to be present in the account, they will use the provided account. They must be able to log in and use that provided account and as they validate a large amount of add-ins per day, there is no method to contact partners mid-validation. It is the add-in submitters responsibility to ensure a test account is provided and that that account can be accessed.
Related
For years, I've been using the email addresses MyEmail#mydomain.com and myemail#mydomain.com as if they are identical. And most of the time this is true. However now the OAuth verification process for the project seems to be failing because Google treats these as two separate identities.
The GCP project owner is MyEmail#mydomain.com. In the OAuth consent screen, I've set mydomain.com as the sole authorized domain for my app. And I use myemail#mydomain.com as my identity in Google Search Console when verifying that I am the owner of mydomain.com.
I got an email from the "The Google Cloud Trust & Safety Team", saying that the owner of the GCP project and the identity of the owner of the authorized domain do not match! The only reason for this seems to be the case of the email names, because everything else appears set up properly.
MY QUESTION: How can I change the GCP project owner from MyEmail#mydomain.com to myemail#mydomain.com?
It seems that I need to change one or the other. I would rather change the GCP owner to myemail#mydomain.com. But I can not get that to happen. I followed the instructions in Grant or Revoke Role.
I go to IAM -> Permissions - Add. I enter the email without the caps & ignore their suggestion to use the one with caps. But in the "Select a role" dropdown, it shows "Owner" as a role "Currently used". I select it anyway and click Save. But IAM -> Permissions never get changed.
I've thought of changing the owner first to someone completely different and then to the lower case email. But that might involve billing emails changing, etc.
EDIT - As a result of trying to add myemail#mydomain.com to the project, I received an email at that address from GCP, asking me to join the project. I accepted the request, but IAM is still only showing MyEmail#mydomain.com as being on the project.
Is this really the case that myemail#mydomain.com and MyEmail#mydomain.com are separate GCP identities? Might there be a different reason for Trust & Safety to think they're not the same?
If I respond to the T&S email, describing my issue, will a real person actually read it, or will the same automated test be run again to check the issue?
Resolution: I responded to the T&S email, explaining what was going on with the upper/lower case letters in my email address.
Today I got a reply: "Request Granted. Your project is now verified for ....". That's great! But I wonder if I will forever be first rejected for the same reason on all new projects that I create. It appears that the final solution is likely finding a way to change my logon email on GCP to one without capital letters.
Since you mention that you are never asked to select a different profile when logging into your account, then it should be the exact same account using the actual same GAIA ID as mentioned by DazWilkin, so there should be no difference within the GCP console between MyEmail#mydomain.com and myemail#mydomain.com.
Google usually recognizes an email address in both forms as the same account, although there are some exceptions across their products (I have had a similar experience with email addresses from Google Groups). I think this is one of those particular exceptions.
I would strongly recommend transferring the project ownership to a totally different account within your domain, then waiting a couple of hours due to Google's "propagation time" across services, and transferring the ownership back to the account using the format myemail#mydomain.com.
Now answering to:
If I respond to the T&S email, describing my issue, will a real person actually read it, or will the same automated test be run again to check the issue?
They are actually a team of people, but they tend to use a lot of canned responses, so I would definitively recommend being very specific with your choice of words when responding to their emails otherwise, you may not get a relevant response. You may also try to explain this to them via email to see if there is an actual problem with the email address or if it is just them or the system being extremely picky when checking the email address.
I think you basically have it covered. But it is important that on new Owner's account, you will need to go to "Billing" in the "hamburger" menu and either link the project to an existing billing account or set up a new Billing account to link the project.
You may also need to delete the old project owner to avoid confusion.
I'm writing a Playwright test that starts with a Google Auth0 login. After I fill my test user and password in the UI (google login), in Firefox and Webkit the authentication passes successfully, while, on Chromium, I'm getting the Verify it's you message (with a "send sms" message).
The account does not have 2 steps authentication.
When it happened locally, I opened the browser in headful mode, and after few clicks (which I assume "told" the browser that I'm a real user) the problem disappeared (I can now run my tests in headless mode locally). But, it still happens on CI (GitHub)
I run the test with chromium flags: --disable-dev-shm-usage and --disable-web-security.
I couldn't find any data about it anywhere...
When Google determines that a user is logging in from an unknown device or a new location, they may prompt the user with an additional login challenge.
The login challenge that the user receives depends on the information that associated with the account.
Does the prompt say "Enter a phone number to get a text message" or something else like "This device isn't recognized..."
If the former I believe you can circumvent this extra prompt by having a phone number linked to the Google account in question. If the latter I believe the prompt is once per user per device.
My understanding it is basically Google trying to get a valid phone number for the account (to prevent spam etc).
-- Edit
The only other thing I can think of is that you can temporarily turn off the verify-it's-you challenge, for 10 mins, but only if the account is a member of a Google Workspace or Cloud Identity service. I am not sure this is possible for an unmanaged account - or how useful it would be. The other issue is that for "free services" Google doesn't really offer any kind of support.
Anyhow, you might try "Temporarily turn off login challenges for a user" -
https://support.google.com/a/answer/12077697
There is also so good information on this verify-it's-you challenge here.
https://workspaceupdates.googleblog.com/2018/04/more-secure-sign-in-chrome.html
It has some notes on disabling the challenge per organization via response headers, but again this is for an organization and managed accounts.
If you wish to disable the new screen for your organization, you can
use the X-GoogApps-AllowedDomains HTTP header to identify specific
domains whose users can access Google services. Users in those domains
won’t see this additional screen, as we assume those accounts are
trusted by your users. This header can be set in Chrome via the
AllowedDomainsForApps group policy.
I have received email from Google with subject: [Action Required] Submit your app(s) for Restricted Scopes OAuth verification,
same as many of you.
I'm using GAS only for developing applications for my personal use - not for public. Applications such as sending summary emails to my clients, when they buy a product from my web pages.
Do I have to go through the whole process of verification?
Do I have to create public Terms of Service?
Is there any way how I can explain to google, that my applications are not used by anybody else then by
me?
How to get to know for sure that my app won't stop?
I have read through FAQ (https://support.google.com/cloud/answer/9110914) and many other documents by google about this topic..
I have checked similar questions found on web, but with no luck of answers.. It looks it's pretty new experience for all of us..
Thank you for any advices.
I have personal account, so I can't use "internal apps" selection, this works only for paid G-suite customers which I'm not.
EDIT:
As Yoel Vinitsky stated, app doesn't need verification if it has only one user.
Here at bottom: https://support.google.com/cloud/answer/7454865 is table which shows that there is quota 100 new users in total, once the app presents the unverified app screen.
It seems like that I don't have to worry about verification of my apps at all, because I'm the only one user or maybe I use this app from 2 or 3 more users emails so it should be ok, my question is, is it going to be ok without verification, or not?
EDIT 2:
Google sent clarification email:
NO ACTION is required if:
Only owners use the project: If the project is only used by owners of the project, no action is required.
To determine whether you are an owner (versus an editor or viewer), follow these steps:
Click the project link above to navigate to its OAuth Consent Screen
configuration page.
Click the Navigation Menu button in the
upper-left corner, select IAM & admin, and click IAM. This will show you all project contributors and their roles.
The project doesn’t have users outside of your G Suite domain:If the project owner is using a G Suite account and the project is only used by Google Accounts in the project owner’s domain, no action is required (learn more here).
But the question is how to avoid verification with personal accounts for my own scripts used only by me?
As mentioned in the support FAQ You linked to:
When can I skip publishing my app for a review?
You do not need to request for verification if your app is
going to be used in any of the following scenarios:
1) The app is not shared with anyone else.
2) The app is used to send emails through WordPress, or
3) similar single account SMTP plug-ins.
The only drawbacks should be the warning that your app is unverified and maybe quota limits.
I receive the information from Microsoft:
App Policies: 10.3 App Is Not Testable
The app must be testable. If it is not possible to test your app for any reason, including, but not limited to, the items below, your app may fail this requirement.
If your app requires login credentials, provide us with a working demo account using the Notes to Tester field.
If your app requires access to a server, the server must be functional to verify that it's working correctly.
If your app allows a user to add a gift card balance, give us a gift card number that can be used in the testing
How to pass certificate?
It seems that the tester cannot test your app properly, which violates the Windows Store Policy and will make your app get unpublished or fail to pass the certification.
Please follow and check the notes provided by Microsoft:
If your app requires login credentials, provide us with a working demo account using the Notes to Tester field.
If your app requires access to a server, the server must be functional to verify that it's working correctly.
If your app allows a user to add a gift card balance, give us a gift card number that can be used in the testing.
And I would like to suggest you to provide a hosted video of your app’s functionality working properly in the notes for certification when you resubmit your app so that tester can see your app perform normally and know how to test it in an appropriate way.
Please refer to Notes for certification. This can really benefit your app to pass the certification.
After i started my free trial of google cloud usage, just after when i tried to create a VM instance it gave the error that is written in the title. Then i created another project then i get this error for every project i create.
How can i fix this?
The error that is communicated by the “Google Cloud Project Blocked, Abuse Detected” message, can be addressed as follows:
By making use of the email provided for contact with the error.
By contacting the billing team via the dedicated form: “Google Cloud Platform Billing Support”. In case your account has been already suspended, you can submit supporting documents via the “Submit verification documents to reopen your account” page, as needed.
Each one of the above options will lead you to the billing support team. They are ready to help all GCP customers, and able to verify your funding source, confirm its validity, and reinstate normal access to your projects.
If you have multiple projects covered by a unique billing account, any problems with this one account, including blocking, would reflect on all existing projects, and also on eventual future projects opened under the same account.