We are using Google for corporate since last 5 years. There have been many dozens google groups created by different site/business division/local administrators. Now we need to know, for each employee, which all groups he is a part of. Does google provide any API to fetch this details ?
Yes. The Directory API has a function to Retrieve all groups for a domain or the account. Here's a part in the docs that I think is what you are specifically aiming for:
All groups for the account — Use the customer argument with either my_customer or the account's customerId value. As an account administrator, use the string my_customer to represent your account's customerId. If you are a reseller accessing a resold customer's account, use the resold account's customerId. For the customerId value use the account's primary domain name in the Retrieve all users in a domain operation's request. The resulting response has the customerId value.
Related
Is it possible to get DocuSign Signing groups from account ABC and create same Signing GROUP in account XYZ? We know that we can create signing groups using DocuSign API. Our main concern is that We want to create/import Signing Groups with same SigningGroupID.
As we are saving Signing group ID in our application processes and we want to use same Signing group IDs in some other user account.
Could you please confirm us if this is possible and will not cause any issues?
Is there any other option available for us?
Signing groups are an account object. That means they are part of a specific account. They use a numeric identifier (up to 1,000,000) that is unique inside the account and is generated randomly when you use the API to create a new one.
There's no way to set the group ID directly.
Your best solution is to have a mapping table in your database that maps your groups to your accounts. Another solution is to first make an API call to obtain (list) all the groups and find the one you want and its ID. That solution is less recommended as it requires an extra API call each time.
Our account department has asked me a question, that I didn't know the answer to.
Must first tell, that we are on a hybrid environment.
Each month I export our users from Azure, to forward it to the accounting department. Which then distributes the license costs for the internal department the user works in.
Our problem is that the department field in AD, isn't detailed enough as some of the departments have sub-departments. These sub-departments isn't mentioned in the field, cause we use that for our e-mail signatures, and we do not want to have these in official communication.
The accounting department is asking, if we can enrich the export, with a department number.
So is there a way, where I can use some of the other fields on the users AD object, that gets synchronized to Azure, and again gets into the export from the Active users list?
If your users are synchronized from on-premise AD to Azure AD, you could use the onPremisesExtensionAttributes property of the user object. There are fifteen extensionAttributes in onPremisesExtensionAttributes, you can store the department number in any one of them.
After storing them, you could refer to this link and this post to sync the attributes to Azure AD and get the attributes.
We use Azure Active Directory(OpenId and OAuth2) for authorization and authentication needs.
We also would like to keep users' profiles in one of our microservices, let's name this service "User Preferences".
The service will store many specific fields required only for one of our products and it is why we don't want to store them in Active Directory(custom fields).
Having all of this, we are searching for the best Azure AD field we can use to connect user's profile to Active Directory account.
There're several candidates:
UPN - in some cases JWT doesn't contain it
ObjectId - always available, but not read-friendly and unique in multi tenant structure
Unique Name - should be used only to display it on UI(recommended by Azure)
Could you please recommend the best field for our case?
Compiling my comments as an answer:
Object id or name identifier (sub claim) are the only immutable fields you can choose from. Using the UPN is dangerous as it can be changed.
Object id is unique across directories, though if you support multiple tenants you should store the tenant id (tid) as well.
UPN can change when an admin changes it.
And also, if a user is invited as a guest to other AAD tenants, they'll have an object id per directory, it won't be the same.
I am new to Netsuite.
While creating accounts on Netsuite, I found that i can create multiple accounts with same email ID (Netsuite does not check whether the email id is unique or not).
Is there any specific scenario where creating multiple accounts with same email ID will be useful in Netsuite ?
You can associate one email address to multiple Netsuite account. When you login it will redirect you to a window where you can select the account where you want to use the existing login session.
No, It doesnt add or make any advantages to administration at all. You SHOULD NOT associate two separate employees with the same Email ID. Besides, when you set the same email to be associated across different places, it will force logout the current user when the next user attempts to login.
Advantage for the user for sure as they have access to all the roles associated to employee, customer, and partner records associated to their email address. Definitely no advantage for NS administration. If you are looking to do scalable things for implementation, then you need to do mass updates within netsuite across entities...don't try to use a single email placeholder as a shortcut for users or access as this gets derailed by the logout mechanism I mentioned above. If you absolutely need multiple users to have access, you could do something like a limited partner or customer center role to an employee that can act as a parent for all assigned customers within their territory...but that basically is manipulating the system to work differently than intended and could be considered a violation of NS TOS...I would suggest to avoid this as it could mean they could shut off your account and access to your customization.
Is there any way to locate a DocuSign account using the accountName property (and not the account Id)? The REST API only has a method to get account info by Id.
No you can not get account info based on the account name, only the accountId. The accountId is part of the URL that you use in the REST request and the equivalent does not exist for account names unfortunately. If you want to do it by account name what you can do is create a simple lookup table that links account names to account Ids, and based on the account name use its corresponding accountId for the request.
For reference, this is the request that is currently supported