I work for a company that develops health care web applications for the health system. I'm wondering if there is a way to allow a user to preauthorize a website to pull data on their behalf. This would allow a physician to view a patient's data from Google Fit once the patient has authorized it without that Google Account being logged into the web browser in question after preauthorization.
Related
My company uses Google Suite and there are a handful of engineers who develop projects within Sheets (often for use by others with less technical backgrounds).
Some of these projects have involved creation of Triggers (e.g. "save the contents of this Sheet every day at midnight").
What I've discovered is that when one of those engineers leaves the company and their account is disabled, triggers written by that user become disabled and remaining users can neither view nor edit their contents. Nor can they see details of triggers created by a different (active) user.
Are there known workarounds to get the contents of this type of trigger? Or is there a better practice to employ that doesn't tie status of a trigger to the status of a user?
Google has a guide for scripts collaboration : Collaborating with Other Developers . Briefly, they suggest to save scripts in a Shared Drive as this will allow several users to do the same than the owner of a script stored in their "My Drive", but this requires the use of Google Workspace account having access to Share Drives.
If the script creators don't have access to a Shared Drive then ask them to transfer the ownership of the scripts to be used by others to a more stable user account. IMHO the best is to have a generic user account not tied to a specific person, i.e. scripts#example.com., one additional advantage is that it might help to differentiate on the version history if the changes made where done "by a real person" or by a trigger.
Another option is that the domain admin could transfer the files ownership from the disabled account to another user account, either to a real person account or to a generic account, i.e. archivist#example.com, then someone having access to that account could do find the corresponding script and do the required adjustments.
Depending on the number of engineers and size of the company you might also want to keep an inventory of all the scripts used by others and implement some sort or pair-review focused on script ownership succession.
I programmed a web app and now i need to deploy it for my organization. There are 500 potential users. What factors i need to consider before the deploy? There's an easy way to deploy it? there are limitations to consider? what risks there are? there are a model or can you give tips or experiences for the deployment?
There are no definable risks or dangers, it all depends on what your application does.
When you choose who are the users authorized to access, you will inevitably have to select anyone within your organization, otherwise only you (or the account with which the script was created) will be able to access. While as for the execution mode, you will have to choose how you or the user who accesses the application. This is important because if the application accesses an external service, such as Google Analytics, it can do so as the user with whom the application was generated or as the user who is accessing the application. Based on that selection you will see the Analytics data of one or the other Account.
So it all depends on what your application does and how it is to be used.
I have a website and my users log in to my site. For each user, I store their credentials to another third-party site. I would like to be able to log the user in to the third-party site from within my site (preferable) or in a new tab (less preferable).
The problem is that the third-party site uses the X-FRAME-OPTIONS: SAMEORIGIN header. Is there any way I can achieve this if I have my users' credentials for the third-party site?
As already mentioned in the comments what you are looking for is Single Sign On (SSO)
Single Sign On (SSO) occurs when a user logs in to one application and is then signed in to other applications automatically, regardless of the platform, technology, or domain the user is using.
Source: https://auth0.com/docs/sso/current
Security Note
For security reasons you should not try to roll your own solution. See all the data breaches that happen every day and the heavy GDPR fines for who fails to protect user data. Plus Broken Authentication is in the OWASP top 10-2017
I have several applications (OAuth client ID/secret pairs) registered under a personal account. I need to get them transferred to a company account. Any idea whether that is possible?
To transfer applications to a different account, you will need to submit a Box support ticket.
I am looking for a third party application to report on transactions on an e-commerce site. We are looking to report on which product was purchased and the transaction amount. Each product on our site is owned by a different vendor and they would like to be able to track the history of consumer purchases of their product (as they earn money on each purchase). It would be ideal if they could have had their own login credentials that only provide them access to see their reports.
Our application uses authorize.net as a payment gateway.
Our new ActiveReports Server product includes multi-tenant support. Basically you can programmatically take over authentication by implementing a simple interface (see ISecurityProvider). This is how you can give a special login to each of your vendors. If you already have a login for your vendors (e.g. for a public vendor site) you can even integrate with that using the ISecurityProvider to give your vendors a single-sign-on experience.
In the documentation here it explains how to configure your SecurityProvider implementation to handle authentication and how to use "Security Filters" to filter records transparently based on the logged in user. The Security Filter is how you would make sure that the vendor sees only his history.
ActiveReports Server also includes a web browser-based drag & drop ad hoc report designer powered by automatically generated and fully customizable logical data models that protect business users from underlying technical details.
Scott Willeke
Product Manager | ActiveReports Server
GrapeCity inc.