Google Project同意设置为“内部"/“谁是我的组织的成员"以及如何管理会员? [英] Google Project with consent set to internal / Who is a "member of my organization" and how do I manage members?
问题描述
免责声明: https://console.cloud.google.com/support/社区在这里领导.Google的文档太恐怖了,所以给了我一个机会,让我不会被低估到dev/null
Disclaimer: https://console.cloud.google.com/support/community leads here. Google's documentation is horrific so giving this a whirl on the off chance that I don't get downvoted to the depths of dev/null
出于迫切需要,我正在将监视我们的Gmail访问的私人应用程序迁移到OAuth 2,并且在此过程中,有必要创建一个 OAuth同意屏幕.由于此应用程序仅在内部使用,因此为应用程序类型"选择"内部"是最有意义的-如下所述:
Out of impending necessity I am migrating a private application that monitors our Gmail accts to OAuth 2, and as part of this process it was necessary to create an OAuth consent screen. Since this application will only be used internally it makes the most sense to choose "Internal" for Application Type - which is described as follows:
只有在您的组织中拥有Google帐户的用户才能授予对此应用程序请求的范围的访问权限.
Only users with a Google Account in your organization can grant access to the scopes requested by this app.
该项目的用户由两个所有者"组成-我自己使用我的个人Gmail帐户,属于公司G Suite帐户一部分的另一名员工.
The users on this Project consist of two "owners" — myself using my personal Gmail acct, and another employee who is part of the company G Suite account.
我的问题是 谁 是我组织中的用户"?这是基于项目所有者吗?我的非G-Suite帐户(该项目的所有者)是否符合条件?G Suite帐户中包含一个成员是否会自动关联其他员工帐户?可以在任何地方实际看到这些用户或直接对其进行管理吗?
My question is who qualifies as a "user in my organization"? Is this based on the project owners? Does my non-G-Suite account (which is an owner of the project) qualify? Does the inclusion of one member in a G Suite account automatically associated the other employee accounts? Is the anywhere to actually see these users or manage them directly?
我实际上想添加其他几个帐户,但仍将应用程序保持私有状态,但是我对Google如何确定哪些gmail帐户将能够授权该应用程序感到困惑.
I'd actually like to add another couple accounts to the mix but still keep the application private, but I'm confused about how Google determines which gmail accounts will be able to authorize the app.
更新:为澄清起见,当我以G Suite成员的身份登录时,在与项目所有者位于同一域中的情况下访问同意页面时,一切都很好.但是,我们在同一G Suite帐户中管理着其他成员,这些成员位于不同的域下,因此我得到以下消息:
UPDATE: To clarify, when I visit the consent page while logged in as a member of our G Suite on the same domain as the project owner, everything is fine. However, we have other members managed in the same G Suite account who are under a different domain and for these I get the message:
错误403:org_internal 该客户端仅限于其组织内的用户.
Error 403: org_internal This client is restricted to users within its organization.
此外,我什至无法使用 我自己的电子邮件(该应用程序的创建者和所有者) 授予访问权限.我想知道如何添加自己和其他G Suite成员,以便能够在不公开使用的情况下授予对该应用程序的访问权限.下面建议我将它们(或它们的域)添加到Google Cloud IAM中,但是我不清楚如何使它正常工作.我自己的电子邮件已经在IAM中以所有者"的角色存在,并且显然不满足要求.
Furthermore, I am not even able to grant access using my own email which is the creator and owner of the application. I'd like to know how I can add myself and the other G Suite members to be able to grant access to the application without making it public. It was suggested below that I add them (or their domain) to Google Cloud IAM but I'm unclear about how to get this working. My own email does already exist in IAM with role of "owner" and apparently that doesn't satisfy the requirement.
推荐答案
为了将内部应用程序用于OAuth,该项目必须属于与所有用户都与同一GSuite客户关联的组织.
In order for internal apps to be used for OAuth, the project must belong to the organization associated with the same GSuite customer as all the users.
非GSuite帐户不能由内部应用程序使用.在此处有关于此的更多信息: https://support.google.com/cloud/answer/6158849#public-and-internal .
non-GSuite accounts cannot be used by internal apps. There's more information about this here: https://support.google.com/cloud/answer/6158849#public-and-internal.
这篇关于Google Project同意设置为“内部"/“谁是我的组织的成员"以及如何管理会员?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
