Sending activation mail for New-GSUser

[ABricka]

Hello guys :)

Us in our company create user with "no password" and let the new user choose his password by clicking on "more action" > "Email Login Info". I don't fin any kind of solution for doing this with PSGSuite, do you think it's possible to improve this helpful feature for let users have some liberty ?

All the rest of fields needed works so good ! We just miss this "little" feature for having a simple automated new user script

Thanks a lot :)

Alex

[scrthq]

Hey @ABricka - Thanks for checking out PSGSuite! Password is unfortunately a required property when creating a new user (check out the Required Properties section on the Insert User API method here: https://developers.google.com/admin-sdk/directory/v1/reference/users/insert#required-properties).

There are a couple things that Google has in the Console that they simply don't have in the API, with this and the ability to force a user to logout of all of their current sessions being the ones that stand out in my mind.

If you have access to an external email of the new user (i.e. the one I'm assuming they provide to Human Resources during their onboarding, if applicable) or their new managers email, you could provide the new password to them and include the switch New-GSUser -ChangePasswordAtNextLogin .... in your New-GSUser call, then email that other account the new user details using Send-GmailMessage as sort of a welcome package.

[ABricka]

In fact by google the password is not sent and have to be set by the user after receiving the mail. That's why i've asked if you got this kind of feature cause we don't want to send clearly the password even if it's need to be changed.

However a "temporary" password is set during the user creation and works well but it's that mail sent to an external address with the link to change the password without writing it in clear we need :/ I will try to find a solution maybe with a shorturl who can give me the opportunity to the user to set his password without viewing the initial one in clear for the security.

But your PSGSuite tool is awesome and thanks a lot @scrthq for this !

[scrthq]

@ABricka - I getcha! I don't think there's any way to replicate that purely through the API, but I'd be happy to implement it if it's doable! IIRC, Google sends a special link that pre-authenticated for that user. That link doesn't exist on the User context from the API side, so it's a bit difficult to pull it out, if possible at all.

[ABricka]

@scrthq Yes that's it, it look like the screenshot attached in this comment. However, if nothing is like that in the API, I will try to do something manually by side of this project. I found a -notify parameter in powershell tool GAM but it's not what i need, it just notify me or the admin that the account is created but don't give any link to do a user's self-setting.

I hope to see any update from you on this part if google open the possibility to send this mail by the API.

[scrthq]

If you right-click that Sign-in button and grab the URL, does it contain anything that looks like a token in the URL? Do not paste that URL here. Does it contain anything that appears to map back to something that exists on that User's returned object somewhere? I'd be surprised if so, but that's the info that I'd be looking for myself!

I'll 100% let you know if that functionality gets added, regardless!

[ABricka]

I just thraw an eye on the link and we got a 48h valid token with no "direct link" with account created, no userid, no customerid, the link is like that (i do a privacy on the token to ensure security) :

https://accounts.google.com/RP?c="27chartoken"&uc=ac&hl=en&continue=https://admin.google.com&fc=1

I don't really know if it can help you but for exemple the reset password link is exactly the same type of link but the 27 char token change and I got a 28 char token so I think it will be hard to search by this side.

[scrthq]

Thanks for checking, @ABricka !! I don't think there's much we can do from the API/PSGSuite side, unfortunately. I don't believe those values are retrievable via API. I'll keep an eye out in case that changes though!

Thanks for using PSGSuite! 💖