I am using Microsoft Graph API to send messages to private users in Microsoft Teams. I registered an App in Azure Active Directory, gave proper permissions and called the API and was able to successfully send the message.
My question is what would be the most efficient way to deliver this integration to different clients? Do we have to register an App in every azure directory of the client individually, or is there a way I can publish the app that I have created with all the API permissions required and the administrators can install the app in their azure directory
You would have to publish your application in your home tenant as a Multi-tenant application.
When a user from the client's tenant access your app, they will be prompted for login and post that either the user or an admin will have to consent to the app and the required permissions. This will create a service principal in the corresponding user's directory where the consent objects are stored. This way you don't have to register application in each directory.
You can follow the steps listed here for more detailed instructions to convert your application into a multi-tenant app.
Related
How to differentiate between users created via GCDS sync from Ldap server and user created in Google workspace by Admin console or using APIs.
I have created some users in Google Workspace using Admin Console and I used GCDS and synced some users from LDAP Server. Is there any way to find which users are created by GCDS.
Checked if there is any user attribute in Google workspace to differentiate on-prem synced user or Admin console created user, but no luck.
When I want to use Google's Gmail API within my web application in order to receive and send emails, then must this web application be deployed in the Google Cloud as a precondition and any on-premise hosting will fail? Is this the price one must pay to use it?
Your application's code can be hosted anywhere you want. However, you do need to create a Google Cloud account to create a project, enable the APIs and get the application credentials:
Cloud APIs use application credentials for identifying the calling applications. Credential types include API keys, OAuth 2.0 clients, and service accounts. You can use Google Cloud console to create, retrieve, and manage your application credentials. For more information about application credentials, see Authentication Overview.
Once you have your project's credentials you can just create the code within your current app and use the credentials wherever they are needed. You can refer to one of Google's quickstarts for that.
Sources:
Getting started with Google Cloud APIs
Developing on Google Workspace
Gmail API Overview
I have been working with the Android Management API to try and manage the policy of my company's existing enterprise. My company account has the Owner role within the organization and the roles Owner and Service Account Admin for the service account mentioned later.
I followed the Quickstart Guide to get familiar with the API and made some modifications for a more permanent solution along the way such as creating a service account with the Android Management User role via the Google Cloud Platform and generating a JSON key to acquire credentials rather than going through the OAuth2 flow like in the guide. This allowed me to authenticate properly, but when it comes time to patch the policy as such,
androidmanagement.enterprises().policies().patch(
name=policy_name,
body=policy_json
).execute()
I get the following error:
<HttpError 403 when requesting https://androidmanagement.googleapis.com/v1/enterprises/XXXXXXXXX/policies/<policy_name>?alt=json returned "Caller is not authorized to manage enterprise.". Details: "Caller is not authorized to manage enterprise.">
I have verified that the service account I am authenticating with has the Android Management User role, and thus has the androidmanagement.enterprises.manage permission.
I have also attempted to make this call with an elevated admin role in the organization.
Is there a chance that I need to have created the enterprise with my own account to manage the enterprise? The guide suggests that an organization can create multiple enterprises. In which case, would I need to create a new Google account not associated with my organization's enterprise and create a new enterprise that way?
It is advisable to use your own google account to call Android Management API since your organization account may not be compatible with the quickstart.
To access the Android Management API your service account requires the androidmanagement.enterprises.manage permission, which can be granted by the Android Management User role (or roles/androidmanagement.user). Kindly check this link for details regarding creating a service account.
Please keep in mind that the enterprise you created as part of the colab instructions can only be managed using the colab itself. To allow your cloud project to manage an organization, you will need to create one using the client configuration from your cloud project.
What we are trying to do is set up our MVC .NET application with Azure Connected Services within Visual Studio. We are trying to connect to the Existing Azure AD Application. We have the correct domain selected, and also the correct redirect URI
We need to be able to read directory data to determine user group but we don’t have client secret
This is the error we get
Make sure your existing Azure AD application is registered as:
Accounts in this organizational directory only (Devchat only - Single tenant) or Accounts in any organizational directory (Any Azure AD directory - Multitenant).
Other types are not supported to be updated in this case.
You can refer to this document to register an application for a quick test.
I am working on adding support for our cloud storage solution to MS Teams but there is no central server you can send http messages to and get meaningful relies back from. I have no experience with creating Teams apps so I was hoping someone with Teams apps experience could tell me if this is even possible. At this point I only need my app to work on Windows and OS X.
This is how I would like my Teams App to work:
Each member of the team already has our cloud storage app running locally on their machine which provides access to the files.
Within MS Teams the user adds a file reference to a message via a message extension that would result in a link unfurl creating a card that contains an 'Open' button. The URL in the card would be one generated by our locally running cloud storage app. Other members of the team could then open this file by clicking the 'Open' button. The action of the open button would be to send the URL to our cloud storage app that would then open the local copy of the file on that team members machine.
Is it possible to do something like this within a Teams app? The communication between the Teams app and our cloud storage app would be done over our own protocol.
If it weren't for the fact that all bot communication must be done over https rather than http the local cloud storage app could act as the server.
All the communication in Teams with 3P apps needs to happen over https public endpoint. You could use ngrok to tunnel to local.