We recently switched our team to Google Apps and with that, everyone got a Google Apps account . However, for those of us with a GMail account as well, this makes it so that bringing up Gmail in your browser opens up either your personal account or your Google apps account.
Even though GMail has multiple Sign-ins enabled for both of my accounts, I still have to spend time switching through both accounts.
I was wondering if there was a way to specify the account I wanted to use in the URL directly, which would allow me to create a bookmark for GMail for both of these accounts:
something like:
http://mail.google.com?a=firstaccount#gmail.com
http://mail.google.com?a=workaccount#googleappsdomain.com
I just don't believe anyone at Google has never thought of this! :-)
The same question applies to all of Google's services too I guess (docs, sites, etc...)
https://mail.google.com/a/googleappsdomain.com/
This works like a charm, with one exception: regular gmail.com accounts. https://mail.google.com/mail/ will direct you to the inbox for whichever account you logged in as first. My work around has been to make sure I log into my personal e-mail first (but this at least avoids having to log into the rest in a specific order).
For an access to multiple gmail adresse you can use this :
https://accounts.google.com/ServiceLoginAuth?continue=http://mail.google.com/gmail&service=mail&Email=yourname#gmail.com
Related
I'll try to be as brief and comprehensive as I can.
Objective: To be able to upload PDF files generated after filling an HTML form to my personal OneDrive.
I have been looking into this for a few days now and cannot for the life of me figure out the proper way to set up the app and permissions in the Azure portal for this to work. I was initially using the Personal Microsoft accounts only option but quickly realized that would mean having to sign in. Then I tried the Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) option. So this seemed to be a step in the right direction as the end-user does not need to do anything. I could use Application Permissions which would work without a signed-in user. That is basically what I want.
This lead to another issue, Tenant does not have a SPO license. After looking up more, it seems that to use the OneDrive APIs, you need to have a subscription. Like I mentioned, I am using a personal account (free).
I also tried daemon (since I can use application permissions and work without a user signed in). But based on the Microsoft Graph Get Files Permissions, Only Delegated permission is supported for personal Microsoft account.
I am trying to achieve this through PHP and using the libraries that are recommended everywhere. I honestly think that I am finding this much more complicated than it really is but I really can't figure out where I'm going wrong.
In conclusions, I can't answer these questions:
Can a personal free account (with student subscription or not) be used to access OneDrive?
If so, what supported account type is ideal for this?
And finally, is there anywhere I can follow to do this?
P.S. I have tried a lot more things I mentioned here, so in case anyone thinks of something I should have done, ask me and I'll update you.
You have tried many and got many correct conclusions.
To make a personal account access the personal OneDrive, you have to use delegated permission. Application permission is not supported in this scene.
I know your requirement is not to sign in interactively. Unfortunately it's not supported to use ROPC flow for personal accounts.
So the only option is to use auth code flow or implicit grant flow. Both of them require you to sign in interactively.
In summary, uploading files to personal OneDrive using non-interactive login is not supported.
I have a running website, where users already have accounts. And I am trying to create a Google Assistant agent, accessible on Android, to help users access their information.
My issue is that I can't detect returning users on Android Smartphones, each time they have to sign in.
I tried Anonymous User Identity, but it is soon to be deprecated.
Is there an other way to keep track of users?Using some kind of userId that I can store, so I can make "my own Acount Linking" linking the person/Smartphone with already existing user accounts.
There are a few angles to your question.
Is there any way to keep track of users?
Yes... but...
You can store a userId that you generate in the user storage area. You do need to treat this like you would a cookie, so some jurisdictions might impose restrictions on this, but this is one approach to moving from the anonymous ID that is being turned off soon.
But...
How do I let them log into my service through the Action?
That is the problem. The General Policies states the following limitation for collecting user data:
Authentication Data
(including passwords, PINs, and answers to security questions)
Don't collect authentication data via the conversational interface (text or speech).
After a user's account has been linked, PINs or passwords may be used as part of a second verification process.
So you need to use Account Linking to connect to the existing account on your service.
How can I do Account Linking if I don't require Google Sign-In?
You can still use Google Sign-In for Assistant if it will (or may) provide the information as part of the profile that match what you have. So it doesn't need to use the same account - just have the same email (for example).
But that still may not be enough.
For other cases, you can look into setting things up to work with an OAuth server that you control.
So why use Google Sign-In if I setup an OAuth server that uses Google Sign-In?
Google Sign-In is good for a more streamlined flow, if you can use it. It can be done completely with voice, such as with a smart speaker, instead of requiring the user to go to a phone to complete the login. So if you have the user's email address in your account system, and you also get this from Google Sign In, then you can connect the two accounts.
In some cases, such as if the user is expected to have logged into the account on your website first, they won't even need to do that. If both the voice client and web client use the same Google project, then authentication will take place automatically.
I have tried to set up every email client available for linux, ubuntu 14.04 and each and every one fails. I'm looking to find what the common element is that causes authentication to fail in each and every instance. Is it because google has changed their authentication algorithm and nobody has kept up with the changes?
It seems that Google, sometime late in 2014 started blocking apps that are using IMAP/SMTP PLAIN authentication by default. It also seems no Linux email client has addressed this change (at least that as far as I have found).
It had only affected me recently. The change only propagated to me now, in February of 2016. I found this out by attempting to install one email client after the other; kmail, evolution, claws, sylpheed, thunderbird. Finally, after reading Gmail blocking mutt I found out that my mail account had been tampered with by Google to reject anything other than OAuth. One way to fix this is to
Allow less secure apps: ON
in the "My Account" settings.
I received a very nice email from Microsoft Google expressing their dismay that I would choose anything other than their email client to access my gmail account:
Hi ... ,
You recently changed your security settings so that your Google Account ...#gmail.com is no longer protected by modern security standards.
Please be aware that it is now easier for an attacker to break into your account. You can make your account safer again by undoing this change here, then switching to apps made by Google such as Gmail to access your account.
Don't recognize this activity?
Review your recently used devices now.
Best,
The Google Accounts team [emphasis mine]
Apparently the only "modern security standards" are Google's security standards. And for why the above is FUD see:
What are the dangers of allowing “less secure apps” to access my Google account?
Also, lmao, apparently "business users" of gmail do not need this security "improvement." I assume this is so because Google does not want to really make a needed security change (otherwise why leave business users out of this), but rather to strong-arm Mom and Pop into using their email software.
Bad Google.
I wish there was a central, fully customizable, open source, universal login system that allowed you to login and manage all of your online accounts (maybe there is?)...
I just found RPXNow today after starting to build a Sinatra app to login to Google, Facebook, Twitter, Amazon, OpenID, and EventBrite, and it looks like it might save some time.
But I keep wondering, not being an authentication guru, why couldn't I just have a sleek login page saying "Enter username and password, and check your login service", and then in the background either scrape the login page from say EventBrite and programmatically submit the form with Mechanize, or use an API if there was one? It would be so much cleaner and such a better user experience if they didn't have to go through popups and redirects and they could use any previously existing accounts.
My question is:
What are the reasons why I shouldn't do something like that?
I don't know much about the serious details of cookies/sessions/security, so if you could be descriptive or point me to some helpful links that would be awesome. Thanks!
Edit:
I'm familiar with OpenID and the APIs. I was really wondering about the security/legal/confidentiality side of things. I understand the confidentiality part totally, don't know if there's anything legally written down about this, but assuming it's under ssl, and I don't store any of the data (will store the cookies and tokens), what are the security implications?
If I come to your website and give you my gmail password, what guarantee do I have that you won't read all my emails and even send a few of your own? And what if you become a little smarter and say 'people reuse passwords, I might just as well try if this password works for his bank account'.
As a user, I don't trust your site with my password. Period.
The whole point of Open Id and OAuth (that's what RPX uses) is to get around the above issue. I can give your website restricted, revocable and configurable access to my facebook account, all without giving your website my facebook password.
The UI is confusing, I agree. But with time people will understand what its all about, and it will be a lot better.
As already said above:
The site (or the site owner) accessing your {google|yahoo|etc} account cannot be trusted not to change your password and kick you out of your account.
But I feel there are other good reasons:
Many people use the same password on more than one site ore account (some could have the same password on gmail and paypal) and the site owner could abuse that
The site owner doesn't want to be held liable for other site owners abusing your account
The site owner could not be able to store your username and password in secure fashion. The site needs to be able to access them automatically. So on the server hosting there is stored everything needed to access those credentials.
And the hosting usually happens in a shared or virtual server with the hosting company administrators (and sometimes - if the hosting company isn't too conscious - fellow users) able to access them.
Security and Confidentiality. Period.
Even some websites like Facebook discourage using this approach in their TOS i believe. If so, it will be illegal to do so.
I've got a gmail account that I use to check my IMAP mail from my domain right now and its working OK. I want to move to using google apps for my domain so i dont have to setup accounts etc using my hosting company. Can I do that with my existing google account or do I have to loose my gmail and get a brand new account etc setup again?
I believe this question should be for SF or SU.
Anyway, if you want to use name#yourdomain.com, it has nothing to do with your name#gmail.com. They will be independent.
More G.apps FAQ here, read "How is Google Apps different from a free #gmail.com account? ".
I've been through the process, and although I didn't actually want to tie my #gmail.com account to the Google Apps domain, I didn't see any way this could be done.
I've been very happy with the result, FWIW.