How do I manage google groups and modify user attributes without domain wide delegation?
I want to give GSAs direct access to modify Google users. I can't find current docs on this so assuming it's not possible right now?
It looks like this is only possible for working with groups:
https://workspaceupdates.googleblog.com/2020/08/new-api-cloud-identity-groups-google.html
I need to give a GSA access to read group membership and also modify user attributes.
Right now I:
- create an admin a G Suite user
- create a GSA with domain wide auth with these scopes
Impersonate the G Suite user with the GSA and modify user attributes like this:
service = create_directory_service("G SUITE USER")
service.users().update(userKey=uKey, body=myAttributes).execute()
Do I still need domain wide delegation to modify user attributes? Or is it supported now as well?
You can follow this guide to create a Service Account, turning on the Admin SDK API (which allows the service account to provision/manage the users), and authorizing it.
The Service Account created can be used then to provision/manage the G-Suite users, here is a guide on how to manage user accounts using the Directory API, which is part of the Admin SDK.
In short, yes it is possible to manage users too, by using Service Accounts, not just groups.
- App Engine says "Your runtime version for ruby33 is past End of Support", but it isn't
- Trigger Google Cloud Build with Google Cloud Scheduler periodically
- GCS 'Storage Object Viewer' role cannot view objects
- How to parse json format output of : kubectl get pods using jsonpath
- GCS - Read a text file from Google Cloud Storage directly into python
- Unable to recreate Private Service Access on GCP
- Github Action treats a succesful ` gcloud build ` as a failure
- Getting "Configuration is not authorized" error while deploying GCP Vertex AI Agent on App Engine
- How to make a BigQuery data backup minimizing financial costs?
- Generate GCP auth identity-token in JAVA
- Are GCP default firewall-rules a security-concern?
- Permissions error fetching application - Gcloud app deploy
- google cloud pub sub multiple subscriber for the same message with the same subscription
- Mass update table and column descriptions in google big query
- CloudFlare 400 Error When Calling OpenAI Completions API on CloudRun
- Proper implementation of post-startup script in Vertex AI Instances
- Firebase RTDB: Best approach to split data access
- Deploy a container to Cloud Run after pushing to Artifact Registry automaticlly
- Creating a cloudsql instance in the VPC network of my Project
- Google Cloud platform performance: how many users
- Bash Indirect expansion doesn't seem to work in cloud build bash scripts?
- Some scopres missing from Google Gmail API oAuth Consent Flow
- How do I list all the top-level folders in given GCS bucket?
- How can I prevent certain HTML tags from being stored to Firestore with firestore.rules?
- Google Cloud Functions - ImportError: cannot import name 'InvalidKeyError' from 'jwt.exceptions'
- GCP - User ... does not have permission to access projects instance
- curl failing in Google Cloud Build when using a secret
- Google Cloud Compute Engine refusing connections despite firewall rule
- How to I return JSON from a Google Cloud Function
- Making Exact Copy of Server Google Cloud