Im working with OpsGenie and I want to create a policy for my team's alert's. When alerts for my team is triggered the policy will be as follows:
My team is getting an alert with the field {"tags": ["other-team-name"]}.
Alert's new responders will be the "other-team-name".
The main issue is that I can't alert any team besides mine, and I want to automate the policies without create new ones for each new team.
And on the same thing, Is there a way to set the responders details in the request itself when the only key I have is the team integration key for my team only.
Thanks!
Related
I am considering enabling multiple tenancy on an existing app that uses Firebase Authentication, having read this https://cloud.google.com/identity-platform/docs/multi-tenancy-authentication
What I'm not clear on and therefore worried about, is what happens to my existing app users once I add a new tenant? Will they be unable to login unless I migrate them to some "default" tenant?
I haven't found any assurance or explanation in the docs, so maybe its ok, but I don't want to click that button unless I am sure. And is there any way to back out of enabling multi tenancy in the event of a disaster?
So in the absence of any reassurance, I just went ahead and clicked the button. Nothing bad happened to my existing users. They were migrated from Firebase authentication to GCP Identify Platform, under the context of the project, which runs along side tenants it seems.
Then I was free to make another tenant, which formed an entirely separate space to configure providers and house user identity.
I have an application where users of my organization, who are not users of this application can register themselves in the first log. When they register, they can choose one or more app's profiles, like contract manager, supervisor etc. These profiles have specific authorization schemes per page, buttons, regions in app. The user must logoff and login again at the inicial log to see these menu's references
Do you know of any way that these menu's references could be viewed/activated in the first of all logs?
The oracle apex version is 5.1.4.
Regards.
I'm answering my own question as follows:
I do a self-criticism for the question because I consider it to have failed to take into account all aspects of information security. Even though I'm always careful about security, a solution of this kind might attend me, considering a IT's well secure work's scenario, but may not be the case for all environments.
I would consider this a valid question for security experts, who could see in the scenario that I proposed, a failure in the APEX environment, in which I have not yet seen.
Maybe I am missing something here, or this is a flaw in Auth0? I'll give an example of my issue:
Let's say I have my Default App (client), hooked up to that I have Username-Password-Authentication (database connection) and google-oauth2 (social connection).
A user comes to my site, signs up via google-oauth2 (social connection) using joe#gmail.com. Once complete, he gets added to my users in Auth0, all great.
A few months later, Joe comes back to my site, and being a busy guy, he forgets he signed up to my site before. This time, he decides to sign up using my custom Email and Password form, that will add the user to the Username-Password-Authentication (database connection). so he signs up there using joe#gmail.com again, and everything goes well, he is now listed in my user's section in my Auth0 dashboard.
This is the problem, I now have two joe#gmail.com accounts, one with google-outh2 and one with Username-Password-Authentication. I really can't have this, I need a unique email address, regardless of the ID Auth0 supplies.
Does anyone know how I can make email address in my user section 100% unique? I'd think a rule would do this, but it appears rules only apply AFTER a user has been registered, so I can't run a rule before adding?
the only way I can see doing this right now is make my own checks and delete via the management API, but that is a really long and messy way to do it I feel.
Any help will be appreciated here!
Thanks!
Auth0's default behavior is to create a new account in the database for every unique entry. Since the user created using Google has a unique id (based on google-oauth2), and the user created using the sign-up form has a unique id - they will technically be considered two separate accounts. In order to resolve this disparity, you can establish a means with which the account data can be merged. In the documentation linked provided above, there are examples of three possible ways of doing this:
Automatic Linking - which involves creating a specific rule to merge users based on matching emails
User-Initiated Linking - which involves providing a UI for users to opt into merging users with matching emails
Suggested Account Linking - which involves setting up a rule that is linked into the UI
One important thing to consider is that the data returned from different social identity providers may not be normalized the way that data is normalized onto the Username-Password-Database. For example, while auth0's default for emails is to lowercase the information, google-oauth2 may return emails as Uppercased - creating the potential for non-matching emails when checks are made using strict equality
The option you are looking for is called account linking.
You can find more info at https://auth0.com/docs/link-accounts
I'm building a website and I added "Sign in with Slack" button.
I'm using omniauth-slack (latest 8b2371) and it works well.
But I want to allow only the users from my own Slack team.
There is team parameter, but the behavior is not so good (https://api.slack.com/docs/oauth).
It automatically choose the team only if a user is signed in to the team.
Otherwise, the user have to type their team domain manually.
And it gets worse if the user is signed in to another team; it attempts to sign in with the other team although my team id is specified (even, one cannot change/choose the team domain to sign in, there is Authorize button only).
I can disallow the users from other team by checking their team id in the callback action, but I don't want to confuse my team members when they sign in my website with Slack.
Does anyone have the same problem?
Use the workspace's subdomain instead of the Slack default in the authorization URL. In python-social-auth docs this was as simple as defining a new backend, e.g.:
class MyTeamSlackOAuth2(SlackOAuth2):
AUTHORIZATION_URL = 'https://myteamhere.slack.com/oauth/authorize'
And using it instead of the stock one. I don't know what the parallel action would be in omniauth but I will leave that as an exercise for the reader. :)
I am currently working on a project that is designed based on SQL and VB.NET. The idea as the following: there are different permissions for users. The administraotr grants each user specific permissions. The idea is illustrated as the following:
For example, user A can get the following permissions:
He is able to add new tender, modify existing tender, add new customer.
User B has the following permissions:
He is able to view existing tenders, add new employees, ... and so on.
The idea of how to implement it in SQL and VB.NET is:
Creating a new table called Permission with the following fields:
UserID (foreign key for the user ID), for each permission there will be a single field so there will be 12 field.
Now, in VB.NET there will be 12 buttons (i.e. Add new tender, Delete tender, ....). Each button will enabled and disabled based on the value of the field (if the field = 1, the button will be enabled).
Here is an example:
In this case, for this user the buttons with the red lines will be enabled and the rest will be disabled, based on his permissions.
It is obvious that this way is SILLY and is not professional to be implemented.
I need your recommendation of how to enhance it.
Thanks
Ideally you want to use an external authorization framework e.g. Microsoft's claims-based authorization or better yet, XACML - the eXtensible Access Control Markup Language.
When you use externalized authorization, all you need to write in your code (if at all) is:
"Can I enabled button foo?". That's a question you send off to the external authorization engine. If you use an engine that "runs on XACML", then you get policy-based, attribute-based access control where you could easily define that:
users that are assigned to a customer can add tenders for that customer
Check out open source solutions or vendor solutions such as Axiomatics, the vendor I work for. Also check out available resources on XACML e.g. http://en.wikipedia.org/wiki/XACML or XACML videos on YouTube.