I am trying to get deleted groups from user via rest api in Okta.
I cant see any anything which gives me information of deleted groups from user in Okta.
How can i detect if group is removed from user in okta.
Related
How to access the Azure Active Directory group in Angular for a logged in user using MSAL.
I am able to authenticate the user using MSAL. But I am not able to access the AAD group of the user.
I have a public facing web site where we are implementing a ADMIN page for master data update etc.
My requirement is to display a ADMIN page if user is part of a specific AAD group like "AD_Project_Admin". Also I want to display a BUTTON only if user is authenticated and if user is part of AAD group like "AD_Project_Admin".
Any help on this will be appreciated.
The Directory API throws a 'Not Authorized to access this resource/api' error when I try to list the groups in a domain as a non-admin. But gmail autocompletes the group names (which means it is able to retrieve the list of groups) for non-admin users as well. Is there a way to get the list of groups or search from the list of groups in a domain without being an admin?
The best way to do if you are not an admin user, is to impersonate the admin by using a service account. You need to enable domain-wide delegation for your service account to impersonate a domain admin when making a request. See this SO post and another discussion for this github post.
We are trying to implement a "Login With Google" feature for an internal admin dashboard web app connected to our GSuite account. We want to limit login to this dashboard in two ways.
Only members of our GSuite domain can login to the dashboard
Only users in our domain belonging to a specific group within our domain can login to the dashboard
So far we have been able to accomplish number 1 above but not 2. Using a query param to the oauth2 API we can limit the domain. What we have in mind to accomplish number 2 is after the user within our domain is logged in, get their group information and validate that they are in the proper internal group or log them out. The issue with this is it seems only GSuite admin accounts are allowed to make API calls to the Directory API for this information. Is there no way to get the group information for a user with their own access token or using a service account? Ideally we don't want to have to provide a specific admin user within our GSuite account's personal credentials in our application to get this working. Is there a better way to proceed?
Thank you in advance for any help!
I am creating a SCIM complient APP for OneLogin. I have implemented SCIM API. It works fine for /Users Request.
But I am not getting what will be the format for /Groups Request and when it will be sent. In which format they are sent and How to assign groups to people. And how to apply mapping for it..I Have read this article( https://developers.onelogin.com/scim/implement-scim-api ) on provisioning for this but it doesn't give me clear insights.
Also, Can one user be in multiple groups?
The first step would be to configure your application to first enable provisioning for the Groups attibute in your SCIM connector (this tells OneLogin that your application supports Groups)
Once that's done, you should 'Refresh Entitlements' and OneLogin will call the app's groups endpoint to retrieve what groups are available to assign users to.
From there you can add Rules to the application in OneLogin that assign users to groups and users can be assigned to as many groups as you want.
Details can be found here: https://developers.onelogin.com/scim/create-app
I am using google api for user to login. I could make oauth already and I can get access token from user to let them use my service
But I want to display current user groups s/he has membership
I can't use admin sdk because that user is not admin and has no permission to get list of group
Are there any api to get list of groups that user exist? Or are there anyway to have master access token to use admin SDK?
Unfortunately there is no Google Groups API that non-admins can use. However, you can configure your application to use the user's authorization for most requests, but use an admin's authorization for requests to the Admin SDK.