Whitelisting Google Apps test

-
G Suite offers several whitelisting options, for apps in the following categories.

API Permissions for Google products:

  • G Suite: Gmail
  • G Suite: Drive
  • G Suite: Calendar
  • G Suite: Contacts
  • G Suite: Admin
  • G Suite: Vault
  • G Suite: Apps Script Runtime
  • G Suite: Apps Script API
  • Google Cloud Platform: Cloud Platform
  • Machine Learning
  • Cloud Billing

API Permissions for installed apps

  • Evernote (Web Applicaton)
  • SmartSheet (Web Applicaton)
  • Disqus.com (Web Applicaton)
  • Code Blocks (Web Applicaton)
  • Google Wallet (Web Applicaton)
  • Evernote (iOS)
  • SmartSheet (Web Applicaton)
  • SurveyMonkey (Web Applicaton)
  • PDF Mergy (Web Applicaton)
  • Pinterest (Web Applicaton)
  • Lucidchart (Web Applicaton)
  • MindMup 2.0 for Google Drive (Web Applicaton)

API Permissions for Trusted Apps

  • Code Blocks (Web Application)

Internal App Settings: Trust domain-owned apps is on

Other App Whitelist Settings

  • Marketplace Settings: Allow Install=Allow users to install only whitelisted applications from G Suite Marketplace
  • Marketplace Apps (Apps > Marketplace apps)
    This page is to install by default for different orgs
    • Elastica on for everyone
    • Digication on for selected orgs
    • LucidChart on for selected orgs
    • can add: anything in gsuite marketplace
  • G Suite Marketplace (Apps > Marketplace apps > Whitelisted Marketplace apps)
    This page is to whitelist various apps
    • MindMup 2 for Google Drive
    • can add: anything in gsuite marketplace, but the add button defaults to (most common?) 60 objects

Tests for various configurations on PC browser (not Android or iOS)




If app is domain-installed and IS whitelisted (Mindmup 2 for Google Drive):



If app is not domain-installed and IS whitelisted: (Digication)



If app is domain-installed and not whitelisted (Bitium):


takes you to a local login page

If app is not domain-installed and not whitelisted (Cacoo):

********************************
A user can use their Google credential to oauth to third party services.
A list of issued tokens is visible to admins at:
https://admin.google.com/uth.edu/AdminHome?pli=1&fral=1#Oauth2ScopeManagement:subtab=installed

Using Google credentials to oauth to third party services (Evernote).
If the third party is using Google authentication ONLY:
Login screenshot 1:
Login screenshot 2:
Login screenshot 3:


The user can see permissions granted via the token:


If the third party is attempting to access a restricted Google tool (like Drive), an error is generated (e.g. IFTTT)
Login screenshot 1:
Login screenshot 2:
Login screenshot 3:
Login screenshot 4:
Login screenshot 5: Error when attempting to add Google Drive:



d




Comments

Post a Comment

Popular posts from this blog

Canvas, Cidi (Kennethware) and Mobile-First

-
Image
"Mobile First" is one of the newest terms in web-based application design. It indicates that a site or web application was written to display gracefully on both small-screened mobile devices and a large-screened desktop. Canvas and Cidi Design Tools are Mobile First. Students will see a pleasant, un-cluttered display no matter what device they use for Canvas. This page is meant to provide some examples to illustrate these applications' Mobile First design. Course home page (desktop browser): Course home page (mobile browser): Course home page (Canvas app): Syllabus page (desktop browser): Syllabus page (mobile browser): Syllabus page (mobile app)
Read more

For Admins: Adding a new Catalog to Canvas Catalog

-
Image
This assumes all policy requirements have been satisfied; those are outside the scope of this tutorial. Scenario 1: Create a Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Catalogs" in the top navigation menu, then "+ Catalog" Step 3: For URL type, choose Path, then set the following options: Name: A human-readable name for your catalog Path: A unique string of lower case letters, numbers, and dashes. This will go to building a URL so people can access your catalog directly. Parent catalog: Admins for the parent catalog will have rights in this new catalog too. About: A short description of your Catalog Step 4: Click "Save" Scenario 2: Add an Admin to the Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Subcatalog Admins" in the top navigation menu Step 3: In the Account Admins search box, find the person you want to add as an admin. Note they must exist in https://uthealth.instructure.com as
Read more

For Admins: Running a Postman Collection

-
If there are multiple iterations of a single API call, each with different parameters, it makes sense to use a PostMan collection to automate those calls. For example, this course: https://uth.test.instructure.com/courses/26911 We want to undelete ten enrollments from a section in this course. The undelete command is: POST https://uth.test.instructure.com/api/v1/sections/26959/enrollments?enrollment[user_id]=5227&enrollment[enrollment_state]=active But the enrollments we want to undelete (by user id) are: 5227, 10564, 106, 10697, 12375, 12715, 1305, 1307, 1327, 1441 Step 1: Create a data file (csv) that looks like this: userid 5227 10564 106 10697 12375 12715 1305 1307 1327 1441 Step 2: Move the POST command to its own folder in PostMan. It will be the sole API call in that folder/collection Step 3: Modify the POST command to: POST https://uth.test.instructure.com/api/v1/sections/26959/enrollments?enrollment[user_id]={{userid}}&enr
Read more