I have several applications (OAuth client ID/secret pairs) registered under a personal account. I need to get them transferred to a company account. Any idea whether that is possible?
To transfer applications to a different account, you will need to submit a Box support ticket.
Related
I think I made a big mistake.
I was asked to investigate Office 365 vs workspace and took out a workspace trial. In hindsight, I probably should have created a new workspace account to try this.
To be clear for a long time we have had access to and used the "Google Workspace Admin console" purely to setup our organisation and adminster users for compute engine projects. I am not sure why we would have had access to this without a paid account. (possibly we used g-suite before. It's not clear to me whether companies are able normally able to access this without a paid account.) I assumed this was akin to the free azure organisation/user setup. Nowadays, I believe we would possibly be advised to use Google Identity in this situation.
Having taken out the trial I understand from workspace support that at the end they will delete my existing organisation and users; they cannot not switch me back to an "identity only" version of workspace we seemed to have before, and are therefore forcing me to sign every user up to workspace even though we don't need it at this point. Is this the case or are they advising me incorrectly?
Assuming they are correct, I cannot sign our company up to google identity, since our domain is owned by the soon to be deleted workspace account.
Therefore my worry is that my business is about to lose access to our compute engine organisation and associated logins, as well as google domains.
The only options I can see are to pay for workspace for our users every month, or create a new organisation in cloud identity, transfer the compute engine projects, wait for the workspace account to be removed, then reclaim our main domain and recreate all the admin users. (I am not sure whether we can move a project out of an organisation once there.)
Is this even possible, and what are the dangers? Are there any other options?
If you have a GCP organization and access to the Admin Console, you must have some subscription. You can see your subscription(s) in the Admin Console under Billing > Subscriptions.
It's possible to add or change subscriptions, but there are some restrictions: For example, if you currently have a G Suite Legacy subscription, you might not be offered the ability to add a Cloud Identity Free subscription. But there are ways to deal with this -- for example, by temporarily upgrading to a paid plan, and then switching to Cloud Identity Free.
Support should be able to help you find a way that doesn't require deleting and re-creating your account/org.
Johannes Passing is correct.
admin.google.com on the home page says "Welcome to the Google Workspace Admin console" - this is confusing since the portal is also about administering organisation and users through cloud identity as well (it could be better named for example "Organisation Admin console")
In addition, there are actually different answers from google:-
This one (which I originally read) says "If your trial period ends and you haven’t set up billing or verified your domain, your account will be automatically deleted" and also "You won’t be able to access Google Workspace after completing the steps."
https://support.google.com/a/answer/6388094
...but this one correctly says "Note that cancelling Google Workspace doesn’t remove user accounts, groups, or your organizational structure"
https://support.google.com/a/answer/1257646
Together this gave the impression that access to admin.google.com may be completely removed, if a subscription is removed. I can clearly see that I also have a subscription to Cloud Identity Free.
I programmed a web app and now i need to deploy it for my organization. There are 500 potential users. What factors i need to consider before the deploy? There's an easy way to deploy it? there are limitations to consider? what risks there are? there are a model or can you give tips or experiences for the deployment?
There are no definable risks or dangers, it all depends on what your application does.
When you choose who are the users authorized to access, you will inevitably have to select anyone within your organization, otherwise only you (or the account with which the script was created) will be able to access. While as for the execution mode, you will have to choose how you or the user who accesses the application. This is important because if the application accesses an external service, such as Google Analytics, it can do so as the user with whom the application was generated or as the user who is accessing the application. Based on that selection you will see the Analytics data of one or the other Account.
So it all depends on what your application does and how it is to be used.
Scenario: Externally exposed API, connects to multiple backed Dbs. Multiple customers can use the API, they obviously should only have access to their data. In the past this is done by separate accounts for each customer/user, and consequently each account would need setting up in each of the backend systems with the correct authorities.
Problem: I want to use Azure APIM. I don't want the extra maintenance for each user in both the Azure APIM and the backend Dbs. I was wondering if anyone has any thoughts or cases where they accomplished this in a different way. Also the API may be built with access via one account with all access to tables.
I'm sure there are different ways to approach this but a common way I believe to do this would be using Application Roles.
I don't believe this is really dependent on Azure APIM as such, but you can leverage OAuth 2.0 support to pre-authorize requests and in your backend, depending on the claims present in the token passed, you can allow/deny access to the data.
You backend would usually authenticate to the different DBs as itself with full access to all data and your backend would be tasked with making sure only people with the right claims can access the data.
In order to use an API the user/customer has to register with the Developer Portal and get a Subscription to a given API and the associated key. So you have to authenticate them. When you publish APIs through Azure API Management, it's easy and common to secure access to those APIs by using subscription keys. Client applications that need to consume the published APIs must include a valid subscription key in HTTP requests when they make calls to those APIs. https://learn.microsoft.com/en-us/azure/api-management/api-management-subscriptions
The Developer Portal supports different authentication mechanisms including Azure AD. So if you plan to use Azure AD for your authentication for both portals you will need to configure it accordingly. https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad
Currently we have one user account that can access our registered applications. Is there any way to authorize more than one account to updated and change our applications?
Not at this time. But it is planned as a future enhancement. (Sorry - I don't have an ETA for you).
The best you can do right now is to create a single (shared) account for your entire team to use - which is better than relying on a single person who may leave.
This is my first question for GCE on StackOverflow.
I've been using GCE for quite some time. I have 4 projects. Suddenly last night I was unable to connect or see VMs in the dashboard. I see a message saying:
You can use Compute Engine after a project owner enables billing.
You do not have permission to enable billing for this project. Contact a project owner to enable billing.
Why is this happening with only 2 projects and not with others? As far as I know payment settings are the same for all 4 projects.
Can you please help me out with this? I'm badly stuck.
Thanks in advance, here is a picture of my problem.
You can have multiple billing accounts, and multiple projects can share a billing account. It sounds like you are not a project owner, so it's possible that a project owner has changed or disabled the billing account for some of the projects you have accessed without your knowledge (or that perhaps there was indeed a problem with the payment method).
When a project cannot be billed, the registered project owners will receive several email notices informing them that there is a problem, and providing information on how to fix it.
In this case it sounds like you are doing the correct action - that is to work with the guy who is the project owner to find out what notices he received, and to make sure a valid billing account is attached to the projects, or followup with billing support if there is an issue that they have notified you about.