I have an issue with getting a live list of users with two-step verification enabled from Google Admin using Admin-SDK.
The reporting API can be used to gather reports on who is currently enrolled, but these are not live, they are three days old. The directory API (users & groups) does not have this information.
What I am playing with now is scraping the google admin user page for enrollment status. My question is what is the source of the ID on the google admin page? It is not returned from the Directory API. Is it an encoded version of the userID?
This is the ID I refer to
I have found that you can get an up to date list of users with 2FA enabled. By downloading a list of users from the Google Admin "Users" page.
Click the three dot symbol on the top right of the page and then select download users. Select the scope of the download and then you will have up-to-date documents on who is enrolled.
The reports feature of Google Admin is three days behind, which includes the reporting API. The users API has no way to pull 2FA enrollment, but the download users button lets you know any stragglers.
The reason I asked the question in the first place is because when you force two-step verification via the policy in the Security section, users who do not already have it enabled are locked out, as they are prompted for a two-step verification code which they are unable to acquire. You can create a 2FA exception group which allows them to log in and set it up, but then you must remove the users from the group who have it enabled; just for housekeeping purposes.
I cannot see a way to do this pragmatically using the admin-SDK without using the reporting API, which is three days behind and hence outdated. automated fashion. I'd love to see someone who has made it happen, so feel free to chime in!
Related
I am using google analytics in my website. While improving my website I want more details like - from which page the uses are dropping off. For example they are going to the registration page and then actually they are not registering and leaving from there only. Or most users are not reaching the registration page itself. In short my requirement is to get the data about from which step/page the users are giving up in the flow.
I have analysed the data getting from google analytics but didn't found. Is there anything available in the google analytics or any other analytics framework available that suitable to my requirement for Python/Django website.
To add to #Eike's answer, you might also want to check out the Behavior > Behavior Flow section of Google Analytics. It will draw on screen the flow through which Users navigate on your site, including drop-off metrics to help you analyze where your users Exit.
Alternatively, you might also want to set up Goals for your most important actions, like User Registration. You will then be able to view a Funnel of your micro-conversions, helping you understand where your Users might be abandoning their actions.
We're using GAE Python and allow users to login using their existing Google accounts. The login code is straightforward:
def _require_login(self, target_url="/"):
if not self.user_bundle.user:
return self.redirect(
self.user_bundle.create_login_url(target_url),
abort=True
)
This creates a redirect to Google for the user to login, then upon successful login gets sent back to wherever they were originally trying to navigate.
The problem seems to be that if a user has more than a certain number of Google / GApps accounts logged in simultaneously (we're guessing 3 or more I can successfully reproduce it once I hit 5 accounts), they get an "Error 414" from Google:
My brief search on the error states that the URL is too long, since it's a GET request. Just about all of the advice states to use POST instead. The problem is, we're using Google's built-in create_login_url method, which, as far as I can tell, doesn't provide a way to specify POST instead of GET.
How can we fix this?
According to the Google Cloud Platform's Twitter account:
Unfortunately, only current fix is to logout of some accounts. >4 accounts logged in makes the URL too long (> 2048 bytes).
So now we're going to either make a pre-login page where it tells the user to log out of enough user accounts to meet the maximum number, or find an external library that allows us to let users log in without having to work around the limit.
I'm doing some research, where I have a facebook app, that asks for some permissions on the users facebook to get some basic information.
I can see that my app has about 600 users, and I'd like to query them, to see some patterns in the users. i.e. how many friends do they have, how long messages do they post in updates etc.
My question is: Do I have to copy the data when the user first visits my app and grants access to his information, or can I query it as long as the user hasn't "removed" my app.
I hope the second option will be true, since I have a lot of considerations about "copying" user data, and storing it in a database - primarily ethical but also related to security issues, compliance, resources so on and so forth.
the programming language is not important, but if anyone needs to exemplify, lets say it's python.
NO. You don't have to copy the data.
You can query Facebook as long as you have a valid access token regardless of whether the user is online or offline.
However, the only thing you need to take care of is handling of expired access token, because in that case the user will need to re-authorize your application for you to get the access_token.
I am using django-social_auth to make users register and login via facebook. I want to access the phone number of the user.
Tried searching on google and stackoverflow , but didn't find any answer. Searched the facebook docs as well. There I found that there used to be permission for 'user_mobile_phone' but it has been removed.
It was also written than now it will be provided with basic permissions but it wasn't available(what I found).
I tried using Graph API, but was unsuccessful.
So, Someone please tell me the way ,if there is any, to get user data.
EDIT:17 June 2014 -
Is this possible now to get User's Mobile number via the Graph API ?
The API does not let you access the user's contact number. You will have to request the user's contact details manually using a form.
I'm developing a Google App Engine-app where one can fill out an online-form and based on how you fill it out a calendar post in a specific Google Calendar is created. What I'm wondering about is authorization in this type of situation where I want this form to be 100% publicly available and require no login whatsover to create the calendar post.
Using OAuth2 I have gotten the actual form and post-creation to work as I want but only when I'm signed in.
This is what I'm doing now, I have:
One registered app, let's call it form-app(.appspot.com)
One Google account, let's call it form-app-admin(#gmail.com) This account owns the Google Calendar that the posts are going in.
One API Project owned by form-app-admin
I have used these and the google-api-python-client library (with its oauth2decorator) as in the Google App Engine-example so when I'm logged in as form-app-admin and surf onto form-app.appspot.com everything works exactly as I want it to but if I am not logged in as form-app-admin, naturally, it doesn't.
So what I would like to do is to kind of grant this permission to write to form-app-admin's primary calendar to the actual app rather than the user currently using the app. Or is there a better way?
The only premises is that anyone (logged into gmail or not) should be able to fill out the form and thus creating a post in some google calendar.
Naturally I would be very thankful if anyone happened to have the appropriate python code to achieve this but primarily I want help figuring out how to go about this since I have very little experience with auth-related stuff.
Thank you for your time!
/Tottish
What you want is the App Identity API. That page shows examples of how to use the API to assert identity to Google APIs.