I am using the GSuite Admin SDK, Directory API (https://developers.google.com/admin-sdk/directory/v1/guides/manage-users) to add and list users,
After adding a new user (using this endpoint: https://www.googleapis.com/admin/directory/v1/users) I try and check if that user exists in the user list or not (using this endpoint: https://www.googleapis.com/admin/directory/v1/users?customer=my_customer).
Every time I do these steps I could not find the newly created users, there seems to be a problem with synchronization.
Is there any solution for this without changing the access token?
thnx for the help.
Related
In my app the user accounts are created beforehand and are persisted on Keycloak. The problem is that I can not get the idp (google) to automatically link to existing accounts.
Everytime I try to login with one I get a token exchange error: federated_identity_account_exists. I checked the users in keycloak and they are not duplicated and idp is also not linked. I have been scratching my head for the past couple of hours on this one.
I tried using the first broker login flow on keycloak and also creating my own, but to no avail.
My own flow went something like this
Create user if unique (alternative)
Automatically set existing user (alternative)
but also tried just
Automatically set existing user (required)
I am new to OrcardCMS. I have been working with it for some days with no issue, but yesterday I got one which I have not been able to solve since then.
I am creating a headless CMS with Graphql and Facebook login. I test my app with Postman and the integrated Graphql interface in the admin panel.
There are two users so far: the admin and me with my Facebook account. I set my FB user account to Author role, which means I can only query the content items which I own. I set up the OIDC server as well so I can authenticate with Postman and also can sign in to the admin panel.
When I set my FB account role to Administrator, I can query all the content items (not just the ones that I created - this is OK). I assume that if I set my role to Author, I should be able to query only my content items. The strange thing is that when I set my role to Author, I get an error: GraphQL.Validation.ValidationError: Authorization is required to access the field. player.
Is it a bug or I did something wrong?
GOAL: Create users in Azure Active Directory using our Global Admin account from an API.
PROBLEM: Every single way I try, I get "unauthorized".
WHAT I'VE TRIED:
I've been focusing mostly on this: https://graph.microsoft.com/v1.0/invitations
I've tried as outlined here
the "Authorization Bearer {token}" is problematic -- I can't seem to properly retrieve tokens, using any of the built URLs recommended (ie, combining ClientID & TenantID in the URL.)
I've tried the relevant portions of this, including creating the app, setting permissions on the app, trying both Web API and Native. I'm able to get a code back, but using it always comes back with Unauthorized.
As an aside, I am using Nintex to run this web service, as it is part of my workflow. Typically, web services don't give me issues. So, this sucks.
I'm missing something, here. Any thoughts or direction?
UPDATE: Removed the word "method" - bad choice of phrasing.
If you want to use Microsoft Graph explorer to create user as the global admin, you could use POST https://graph.microsoft.com/v1.0/users, and the required permission is:
Permissions
For the details, you could read Create user.
Global admin runs as a user by default. To grant access to Active Directory, you need to elevate permissions in the portal.
I'm not convinced you have the permissions to create the user, and that's why I think you're getting the error.
Also, try and avoid using Global Admin. Create a Service Principal and provide more granular permissions.
Good morning I am using internal mulesoft Access Management APIs API Reference. I have successfully setup my postman to get the security token after login, and even executed successfully the /api/users/me. However, regardless of the access provided to the connection/login user, i can't get the full list of users (/api/users), receiving a Not authorized error. Let me explain the context. We are running on a federated platform, so we can't manage the users registration from the console, but need to wait until they login through SSO the first time to grant access to the correspondent business group and role. There is a complain as the users need to send the admin a note letting know of their successful first login, and afterwards wait to receive the access to the business group. After they login for the first time, their profiles are created in the root org. You can see them only when you are in the master organization. However, you can't get their new user id when you request a list of users of this master organization (/api/organizations/{orgId}/users). We are looking to execute this /api/users in a batch app that runs periodically and do a cross verification to get the users not associated to any orgid or role. This way we can avoid the requirement of the user sending a note to the admin. When I execute the /accounts/api/users, (API Call), we receive a 401 Unauthorized response, despite the token is correct as it is working fine with the others APIs. there is no mention of any other parameter or requirement in the API reference.
Please advise what can be done to solve this authorization error and complete our app. Thank you in advance.
Had the same issue but figured it out.
Instead of calling /api/users, you should be calling
https://anypoint.mulesoft.com/accounts/api/organizations/{orgId}/members
to get a list of users
I am trying to configure Grafana for my organization. I was able to configure LDAP and MySQL database pretty easily but when I try to invite a new user to an org in Grafana, it always asks the user to join Grafana.
This would be an OK behavior if at that point Grafana would authenticate against LDAP. Instead, it creates a new user in its own database. This would lead to conflict with LDAP in case the user's AD passwords changes.
This works perfectly when a user had previously logged in to Grafana. An invite sent after would directly take the user to login page.
Is it possible to do the same in case the user is not already registered in Grafana? I really want to avoid saving user credentials in Grafana database.
Any help would be appreciated. Thanks.
I am not a Grafana expert, but looking through the source code on GitHub it certainly seems that new user registration will not go through LDAP. This is obvious in the LDAP related configuration file where you see the read-only credentials needed to look up users in the LDAP directory. A read-only administrator in LDAP will not be able to create new users as this would be necessary during a registration step. The code also indicates that registration creates temporary users in the internal store.