You all know this page.. Is there ANY way to customize this page somehow?
I thought using an iframe and custom the HTML but Google won't let
me embed their websites..
I thought using a Google Site and inserting a login gadget but there
is no login gadget.
What I want is a custom page where my clients can login to their gmail, drive....
What I want it's not impossible, this guys http://www.cloudcodes.com/custom-login-page.html offers you the possibility to custom the login page and even redirect you to another page after you've logged in.
Directly editing the native login page at accounts.google.com is not possible.
However, for Google Apps accounts, you have the option to set up the Single Sign On service, which allows you to authenticate through a third party provider (Or yourself, if you have the ability). What GControl are offering is this service, although they've labeled it misleadingly, to make you believe your actually editing the login page, rather than redirecting your users to a secure login.
They do it very well though, leveraging the Google Apps APIs to allow you to write and setup the service in their own console.
Source: I installed the service and tried their free trial, and they simply used the APIs to enable SSO on my domain.
Edit for clarity: SSO setup is not available for consumer Gmail.com accounts.
Related
I have developed a web application written in just pure HTML.
<html>
My code goes here
</html>
And I have deployed it to MS Azure. I'm now looking for a way to authenticate this web application with Active Directory so only my organisation's employees can access it.
I have done tons of research online and it seems like there are many ways to do this. However, I'm looking to do it by "adfs/ls/wia" (correct me if I'm wrong).
The reason why I would like to do it only in that way is because:
I'm going to embed this web application into a dashboard.
In order to view that dashboard, users (employees) need to go to a specific website:
https://<dashboard>.<myorganisation>.com
And then users will be redirected to a sign-in page with this address:
https://fs.<myorganisation>.com/adfs/ls/wia
After signing in (with users' active directory accounts), users will be redirected back to the dashboard's website. The URL is now looking like the following:
https://<dashboard>.<myorganisation>.com/#/site?:isFromSaml=y
And then users can freely browse the dashboards (without having to sign in again) until they close their browsers. So I guess some sort of tokens/sessions are being kept.
My question is:
I would like to authenticate my web application with the same way and since it's only accessed after users have signed in, how do I by-pass this authentication step? What do it need to put on top of my HTML code or is there a way to configure this in MS Azure already?
Thank you so much!
The easiest way is to have two Relying Party in ADFS - one for dashboard - one for web application.
Then you will get SSO across them.
I had logined into Azure portal with my company account which sets up ADFS. Now, I want to use another account to login into Azure Portal. However, when I try to open portal.azure.com , it always redirect me to my company login page. I don't want to login agin and there is no section to switch account to my personal account.I can only use another accounts in my company. I hope I make sense about it.
Question: The login page is always redirected to my company login page. How do I get back the orginal login page without loginning and logout again.(I know that It may work with clearing the broswer cache but I don't want this, I need some cache)
Try to input this url in your broswer and Enter to go.
https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fgraphexplorer.azurewebsites.net%2F
Then you will find that you can logout the orginal accounts. When you try to go to https://portal.azure.com, you can just use any account as you want :
I test this method in both Chrome and Edge, it works.
For me personally, Firefox's Multi-Account Containers solves this issue very well.
I can be logged in simultaneously to however many accounts I want and they are all neatly isolated.
The reason you run into this problem by the way is that this is a feature of Azure AD.
It's called Single Sign-On.
You sign in once, you are authenticated to all apps which use O365 auth.
There are two different ways you can try.
Try to clear your browser cookie only on domain login.microsoftonline.com.
use https://portal.azure.com/example.com instead of https://portal.azure.com. example.com is your personal account domain.
I've noticed recently that some major online services (google, yahoo) are using a 2 page process to log users in. The first page asks for a user name and then once submitted a second page then requests the password.
Whats the reasoning behind doing it this way? Is it more secure?
There might be more to it than this, but:
Google for work integrates Google services with a custom domain. In such setups, it is possible that the authentication is handled by company's own LDAP (or whatever) server. In such cases, after entering the email, user is redirected to log in at their company's site rather than Google.
So, in general, it allows the actual authentication to be handled somewhere else according to the given username.
I have an IIS website on a server internal to my domain that is also published via azure application proxy, which is secured using windows authentication. Our AD structure is hosted locally and published to Azure AD via AD connect.
Users visiting from outside the domain are authenticated first via the login.microsoftonline.com page.
My problem is that users external to the domain are on shared devices and need to change users occasionally, and I can't figure out how to do that.
I have read that navigating to an url like https://login.microsoftonline.com/{tenant id}/oauth2/logout?client_id={client id}&post_logout_redirect_uri={???} is supposed to achieve this, but after arriving at the login page and logging in as a different user, when we return to the site the user turns out not to be the user that authenticated, but remains the same user as before the attempt to change the user.
I have also read that deleting the cookies named like AzureAppProxyUserSessionCookie, AzureAppProxyAnalyticCookie and AzureAppProxyAccessCookie can help, but doing so does not seem to make any difference.
I thought that perhaps the browser was auto-authenticating or pre filling in forms etc, but turning those features off does not affect anything.
My questions are:
Are any log-off / log-on via Azure AD event logs kept that I can view, and if so, where?
How are you meant to log-off for my scenario?
I am developing a chrome plugin which allows the users to email any web content from a html page. For that, I need to use the google authenticator api to allow users to log into their google accounts for sending emails. The OAuth2.0 specs require the redirect_ui parameter which is the url to be called after google authenticates the user. My question is whether it is possible to skip this parameter. I don't want the plugin to be hosted anywhere. I am thinking that it would be hosted locally on the user's machine.
Thanks in Advance.
Google has made a library specifically for using OAuth in Chrome extensions. You can check out the tutorial here.
In case someone stumbles upon this answer in 2017+, extensions (in Chrome and FF) now have a chrome.identity API.
It takes care of the OAuth dance for you, and provides you with a virtual redirect address https://<your-extension-id>.chromiumapp.org/ that will be intercepted by the browser. That way, you can provide a redirect URL without hosting anything.