search

GAM-team / GAM

command line management for Google Workspace
https://github.com/GAM-team/GAM/wiki
Apache License 2.0
3.44k stars 466 forks source link

Mark "Google Project Creation" as trusted app early in GAM setup #1658

Closed jay0lee closed 10 months ago

jay0lee commented 10 months ago

Today we walk admins through marking their new client ID as a trusted app within admin console API controls. However we don't mention the need to mark GAM's project creation project ID:

297408095146-fug707qsjv4ikron0hugpevbrjhkmsk7.apps.googleusercontent.com

as a trusted app. I'm hearing from more and more customers (EDU especially) that run into this roadblock during setup.

We need to recommend the trust in a similar manner to the trust for their own client ID. We should also indicate that it may take a few hours for the trust to take effect. For many customers that won't matter since they aren't working from an allowisted apps only posture but if they are and the new trust hasn't propogated the admin may need to wait before they can authorize the client ID and continue project creation and setup.

@taers232c FYI

taers232c commented 10 months ago

I have this: https://github.com/taers232c/GAMADV-XTD3/wiki/Authorization#authorize-gam-to-create-projects

Ross Scroggs @.***

On Aug 31, 2023, at 10:27 AM, Jay Lee @.***> wrote:

Today we walk admins through marking their new client ID as a trusted app within admin console API controls. However we don't mention the need to mark GAM's project creation project ID:

297408095146-fug707qsjv4ikron0hugpevbrjhkmsk7.apps.googleusercontent.com as a trusted app. I'm hearing from more and more customers (EDU especially) that run into this roadblock during setup.

We need to recommend the trust in a similar manner to the trust for their own client ID. We should also indicate that it may take a few hours for the trust to take effect. For many customers that won't matter since they aren't working from an allowisted apps only posture but if they are and the new trust hasn't propogated the admin may need to wait before they can authorize the client ID and continue project creation and setup.

@taers232c https://github.com/taers232c FYI

— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1658, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL6XCCEA2J73GWXN6VDXYDCO5ANCNFSM6AAAAAA4GM7XGI. You are receiving this because you were mentioned.

jay0lee commented 10 months ago

Yep but not everyone reads the instructions 😁 we should make it a step GAM walks you through on project create.

On Thu, Aug 31, 2023, 1:47 PM Ross Scroggs @.***> wrote:

I have this: https://github.com/taers232c/GAMADV-XTD3/wiki/Authorization#authorize-gam-to-create-projects

Ross Scroggs @.***

On Aug 31, 2023, at 10:27 AM, Jay Lee @.***> wrote:

Today we walk admins through marking their new client ID as a trusted app within admin console API controls. However we don't mention the need to mark GAM's project creation project ID:

297408095146-fug707qsjv4ikron0hugpevbrjhkmsk7.apps.googleusercontent.com as a trusted app. I'm hearing from more and more customers (EDU especially) that run into this roadblock during setup.

We need to recommend the trust in a similar manner to the trust for their own client ID. We should also indicate that it may take a few hours for the trust to take effect. For many customers that won't matter since they aren't working from an allowisted apps only posture but if they are and the new trust hasn't propogated the admin may need to wait before they can authorize the client ID and continue project creation and setup.

@taers232c https://github.com/taers232c FYI

— Reply to this email directly, view it on GitHub < https://github.com/GAM-team/GAM/issues/1658>, or unsubscribe < https://github.com/notifications/unsubscribe-auth/ACCTYL6XCCEA2J73GWXN6VDXYDCO5ANCNFSM6AAAAAA4GM7XGI>.

You are receiving this because you were mentioned.

— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1658#issuecomment-1701496055, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABDIZMCMWAUBGPQGVPU3HLDXYDE2RANCNFSM6AAAAAA4GM7XGI . You are receiving this because you were assigned.Message ID: @.***>

taers232c commented 10 months ago

Don't read the instructions! What the ...?

Will do.

Ross Scroggs @.***

On Aug 31, 2023, at 10:50 AM, Jay Lee @.***> wrote:

Yep but not everyone reads the instructions 😁 we should make it a step GAM walks you through on project create.

On Thu, Aug 31, 2023, 1:47 PM Ross Scroggs @.***> wrote:

I have this: https://github.com/taers232c/GAMADV-XTD3/wiki/Authorization#authorize-gam-to-create-projects

Ross Scroggs @.***

On Aug 31, 2023, at 10:27 AM, Jay Lee @.***> wrote:

Today we walk admins through marking their new client ID as a trusted app within admin console API controls. However we don't mention the need to mark GAM's project creation project ID:

297408095146-fug707qsjv4ikron0hugpevbrjhkmsk7.apps.googleusercontent.com as a trusted app. I'm hearing from more and more customers (EDU especially) that run into this roadblock during setup.

We need to recommend the trust in a similar manner to the trust for their own client ID. We should also indicate that it may take a few hours for the trust to take effect. For many customers that won't matter since they aren't working from an allowisted apps only posture but if they are and the new trust hasn't propogated the admin may need to wait before they can authorize the client ID and continue project creation and setup.

@taers232c https://github.com/taers232c FYI

— Reply to this email directly, view it on GitHub < https://github.com/GAM-team/GAM/issues/1658>, or unsubscribe < https://github.com/notifications/unsubscribe-auth/ACCTYL6XCCEA2J73GWXN6VDXYDCO5ANCNFSM6AAAAAA4GM7XGI>.

You are receiving this because you were mentioned.

— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1658#issuecomment-1701496055, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABDIZMCMWAUBGPQGVPU3HLDXYDE2RANCNFSM6AAAAAA4GM7XGI . You are receiving this because you were assigned.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1658#issuecomment-1701502054, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL4A5S7WFKOISRBNZ3LXYDFFNANCNFSM6AAAAAA4GM7XGI. You are receiving this because you were mentioned.

taers232c commented 10 months ago

$ gam select RDS.test create project WARNING: Config File: /Library/Application Support/GAM/gam.cfg, Section: RDS.test, Item: oauth2service_json, Value: /Library/Application Support/GAM/RDS.test/oauth2service.json, Not Found

It's important to mark the GAM Project Creation Client ID as trusted by your Workspace instance.

Please go to:

https://admin.google.com/ac/owl/list?tab=configuredApps

  1. Click on: Add app > OAuth App Name Or Client ID.

  2. Enter the following Client ID value:

    297408095146-fug707qsjv4ikron0hugpevbrjhkmsk7.apps.googleusercontent.com

  3. Press Search, select the GAM app, press Select, check the box and press Select.

  4. Keep the default scope or select a preferred scope that includes your GAM admin.

  5. Press Continue

  6. Select Trusted radio button, press Continue and Finish.

  7. Press Confirm if Confirm parental consent pops up

  8. Press enter here on the terminal once trust is complete.

Ross Scroggs @.***

On Aug 31, 2023, at 10:50 AM, Jay Lee @.***> wrote:

Yep but not everyone reads the instructions 😁 we should make it a step GAM walks you through on project create.

On Thu, Aug 31, 2023, 1:47 PM Ross Scroggs @.***> wrote:

I have this: https://github.com/taers232c/GAMADV-XTD3/wiki/Authorization#authorize-gam-to-create-projects

Ross Scroggs @.***

On Aug 31, 2023, at 10:27 AM, Jay Lee @.***> wrote:

Today we walk admins through marking their new client ID as a trusted app within admin console API controls. However we don't mention the need to mark GAM's project creation project ID:

297408095146-fug707qsjv4ikron0hugpevbrjhkmsk7.apps.googleusercontent.com as a trusted app. I'm hearing from more and more customers (EDU especially) that run into this roadblock during setup.

We need to recommend the trust in a similar manner to the trust for their own client ID. We should also indicate that it may take a few hours for the trust to take effect. For many customers that won't matter since they aren't working from an allowisted apps only posture but if they are and the new trust hasn't propogated the admin may need to wait before they can authorize the client ID and continue project creation and setup.

@taers232c https://github.com/taers232c FYI

— Reply to this email directly, view it on GitHub < https://github.com/GAM-team/GAM/issues/1658>, or unsubscribe < https://github.com/notifications/unsubscribe-auth/ACCTYL6XCCEA2J73GWXN6VDXYDCO5ANCNFSM6AAAAAA4GM7XGI>.

You are receiving this because you were mentioned.

— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1658#issuecomment-1701496055, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABDIZMCMWAUBGPQGVPU3HLDXYDE2RANCNFSM6AAAAAA4GM7XGI . You are receiving this because you were assigned.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1658#issuecomment-1701502054, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL4A5S7WFKOISRBNZ3LXYDFFNANCNFSM6AAAAAA4GM7XGI. You are receiving this because you were mentioned.

jay0lee commented 10 months ago

that looks good, we may need to adjust wording in future based on feedback. A few things to note:

Thanks Ross!