Whitelisting Google Apps test

-
G Suite offers several whitelisting options, for apps in the following categories.

API Permissions for Google products:

  • G Suite: Gmail
  • G Suite: Drive
  • G Suite: Calendar
  • G Suite: Contacts
  • G Suite: Admin
  • G Suite: Vault
  • G Suite: Apps Script Runtime
  • G Suite: Apps Script API
  • Google Cloud Platform: Cloud Platform
  • Machine Learning
  • Cloud Billing

API Permissions for installed apps

  • Evernote (Web Applicaton)
  • SmartSheet (Web Applicaton)
  • Disqus.com (Web Applicaton)
  • Code Blocks (Web Applicaton)
  • Google Wallet (Web Applicaton)
  • Evernote (iOS)
  • SmartSheet (Web Applicaton)
  • SurveyMonkey (Web Applicaton)
  • PDF Mergy (Web Applicaton)
  • Pinterest (Web Applicaton)
  • Lucidchart (Web Applicaton)
  • MindMup 2.0 for Google Drive (Web Applicaton)

API Permissions for Trusted Apps

  • Code Blocks (Web Application)

Internal App Settings: Trust domain-owned apps is on

Other App Whitelist Settings

  • Marketplace Settings: Allow Install=Allow users to install only whitelisted applications from G Suite Marketplace
  • Marketplace Apps (Apps > Marketplace apps)
    This page is to install by default for different orgs
    • Elastica on for everyone
    • Digication on for selected orgs
    • LucidChart on for selected orgs
    • can add: anything in gsuite marketplace
  • G Suite Marketplace (Apps > Marketplace apps > Whitelisted Marketplace apps)
    This page is to whitelist various apps
    • MindMup 2 for Google Drive
    • can add: anything in gsuite marketplace, but the add button defaults to (most common?) 60 objects

Tests for various configurations on PC browser (not Android or iOS)




If app is domain-installed and IS whitelisted (Mindmup 2 for Google Drive):



If app is not domain-installed and IS whitelisted: (Digication)



If app is domain-installed and not whitelisted (Bitium):


takes you to a local login page

If app is not domain-installed and not whitelisted (Cacoo):

********************************
A user can use their Google credential to oauth to third party services.
A list of issued tokens is visible to admins at:
https://admin.google.com/uth.edu/AdminHome?pli=1&fral=1#Oauth2ScopeManagement:subtab=installed

Using Google credentials to oauth to third party services (Evernote).
If the third party is using Google authentication ONLY:
Login screenshot 1:
Login screenshot 2:
Login screenshot 3:


The user can see permissions granted via the token:


If the third party is attempting to access a restricted Google tool (like Drive), an error is generated (e.g. IFTTT)
Login screenshot 1:
Login screenshot 2:
Login screenshot 3:
Login screenshot 4:
Login screenshot 5: Error when attempting to add Google Drive:



d




Comments

Post a Comment

Popular posts from this blog

Canvas, Cidi (Kennethware) and Mobile-First

-
Image
"Mobile First" is one of the newest terms in web-based application design. It indicates that a site or web application was written to display gracefully on both small-screened mobile devices and a large-screened desktop. Canvas and Cidi Design Tools are Mobile First. Students will see a pleasant, un-cluttered display no matter what device they use for Canvas. This page is meant to provide some examples to illustrate these applications' Mobile First design. Course home page (desktop browser): Course home page (mobile browser): Course home page (Canvas app): Syllabus page (desktop browser): Syllabus page (mobile browser): Syllabus page (mobile app)
Read more

For Instructors: Options for Catalog Listings

-
Image
There are several mandatory and optional settings that the E-Learning admins will need in order to list your course in Canvas Catalog . This document was written to help you understand those settings, and what impact they will have on your course listing. Required fields Listing Title: The title you want for your course (see first image below) Listing Path: A unique name for your course, for use in a URL. This must be loser case letters, numerals, and dashes only. Teaser: This is a short description to entice users to sign up for your course ( see Listing Image below ) Full Description : This is a long description about your course ( see Details Image below ) Please Note: "Teaser" is only used on the Listing Image, and the Listing Image is only used if "Visibility" is set to public  (see below) . Optional Fields Enrollment Cap and Wait List: Give a number listing the maximum number of students you want in the course at once, and whether you want users
Read more

For Admins: Adding a new Catalog to Canvas Catalog

-
Image
This assumes all policy requirements have been satisfied; those are outside the scope of this tutorial. Scenario 1: Create a Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Catalogs" in the top navigation menu, then "+ Catalog" Step 3: For URL type, choose Path, then set the following options: Name: A human-readable name for your catalog Path: A unique string of lower case letters, numbers, and dashes. This will go to building a URL so people can access your catalog directly. Parent catalog: Admins for the parent catalog will have rights in this new catalog too. About: A short description of your Catalog Step 4: Click "Save" Scenario 2: Add an Admin to the Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Subcatalog Admins" in the top navigation menu Step 3: In the Account Admins search box, find the person you want to add as an admin. Note they must exist in https://uthealth.instructure.com as
Read more