How do I use "Intelligent account protection" in google identity platform? - google-identity

Official introduction: Identity Platform is integrated with Google’s intelligence and threat signals to help detect compromised user accounts.
Where can I find documentation for "Intelligent account protection"?
I tried looking here https://cloud.google.com/identity-platform/docs/how-to but couldn't find it.

Related

How to contact technical support for MS Graph?

I have found no way to contact any actual human beings for technical support regarding MS Graph service.
The graph support page doesn't contain any link to technical support: https://developer.microsoft.com/en-us/graph/support
Documentation issues are not either monitored by technical teams or the documentation issues are only meant to discuss the issues of the documentation (not in the actual service).
How to get support for technical issue such as:
https://github.com/microsoftgraph/microsoft-graph-docs/issues/3938
Browsing the documentation issues it seems the docs issues is full of technical issues that are not addressed by anyone in any reasonable time. The developer experience is not great if the service is not working as documented and there is no way to contact support.
You can raise a support ticket in portal.azure.com. Please click help+support, then select New Support Request and select Technical, and then Azure Active Directory App Integration and Development and Problem type as GraphAPI.
You can open a support request in the Azure portal by clicking the Help icon in the top nav (represented by a ?)
Alternatively if you have an Office 365 subscription you can contact support via the Microsoft 365 admin center by clicking the same icon and choosing the Contact support option.
Looking at the GitHub issue you linked, I'm not sure that support could help you here. The documentation does not list User.Read as an applicable permission scope for the getMemberObjects API.

Force sign up with the Google Identity Toolkit on iOS

Dear GIT team and Stackoverflowers,
I'm using the Google Identity Toolkit in my iOS app and most of it is pretty cool.
I have a question regarding the use of gmail email addresses (everything that's considered a gmail address). Is it possible to force the GIT SDK to create a new account instead of linking with a existing gmail account?
For instance, if I were to try to sign in into my iOS app using my gmail email address, is it possible to indicate to GIT that it should NOT redirect to the Google sign in page, but rather to create a new account?
We've found that this process is a bit confusing for some users and would like to find a way to possibly change the flow a bit.
Appreciate any feedback!
Another option is to use the Rollout Percentage feature in the Identity Toolkit configuration page of Google Developers Console. If you set the rollout percentage to 0, users with #gmail.com will be treated as password accounts. If the percentage is set to 100, all users with #gmail will sign in
Regarding the question "create a new account instead of linking with a existing gmail account?", Google Identity Toolkit creates an account for your application, by copying the email address, name and photo_url from the user's account at Google. These are two separated accounts.
Although I'm not using Gitkit in an iOS app, you should be able to uncheck Google as an authentication option by going to the developers console for the project and clicking APIs > Enabled APIs > Identity Toolkit API > Settings.

How to use google identity toolkit without importing users

Is there is any workaround for google identity toolkit where without importing users from identity server still we can use that using google identity toolkit.
Here is the example what we are trying to do :
Let say there is Identity provider Entity (Idp) and another Entity that is Service provider server (SP),Idp do not allow any one to export there users due to security but can set some trust with service provider so that you can allow login using there credentials without exposing there users on any other system.
So that is best workaround using Google Identity toolkit that can allow me to use it without importing any users in Google Identity toolkit but still we can login with any party we want with bare minimum configuration.
Basically we want federation without exporting users from any system but still want to connect with them using some trust agreement between parties so that we can provide them service using the existing user profiles any one having either on some system or enterprise or any of those who are our partners.
Does Any of google tools or technology gives one channel that we can use for the above user case or any work around if there is use google identity toolkit by avoid exporting or registering user on 2 different systems.
I hope there is so many trying or having same use case for there project can answer me or google people can approach this question.
Thanks
To use Google Identity Toolkit, you do not need to import your users into Google Identity Toolkit. The Identity Toolkit will automatically create a user account for federated login users.
There is one caveat though in this case. Google Identity Toolkit will not know the user's identifier in your system, and the authentication result (i.e. Google Identity Toolkit IdToken) will contains a newly generated user_id along with email, name and photo url etc.

What is the difference between Google Identity Toolkit, Google OAuth, Firebase Auth and Google+ sign in

For my understanding, Google Identity Toolkit provides a layer for login with different accounts, like Facebook, Yahoo etc. but how does that differ from the Google OAuth implementation? And regarding Google+ sign in, it is still using OAuth, but only enables login for Google accounts?
Update as of December 28, 2018:
Google is pushing a new service called Cloud Identity Platform.
Which is basically Firebase Authentication just for all GCP customers.
This service offers, like Firebase Authentication, an abstraction layer to any authentication platform (with easy 2-factor authentication starting at GA)
Google Sign-In and Smart Lock are both only the underlying "low level" technologies used by the Firebase Authentication and Cloud Identity Platform client SDKs.
Update as of June 15, 2016: It seems the guide mentioned in the original answer (below) is not kept up to date - the Google Identity Toolkit seems to be on its way out, apparently absorbed into the Firebase Authentication, which is not even mentioned in that guide.
Maybe a better starting point for checking the current Google authentication solutions might be the "Sign In + Identity" icon on the Products page.
Original answer:
I recently saw this Google Identity Platform guide for choosing between various Google identity solutions which may answer some/all of your questions:
https://developers.google.com/identity/choose-auth

adwords api to manage other accounts

We are trying to integrate Google adwords connectivity into our Marketing Analytics Web application, meaning we are creating an app that would allow small businesses to login to their AdWords accounts and manage them based on findings of our app.
The problem is that upon signing up for API Access AdWords is asking us to link 'our' adwords account to the app account as well. This does not make too much sense to us, why do we need to show our adwords account when we ourselves will not be the main users of the app. It almost seems that AdWords assumes only a couple of users will be using the API.
Is my thinking flawed here? Can anyone clarify?
Google does seem to assume that their AdWords API is used primarily for in-house reporting and account management (as well by advertising agencies managing accounts on behalf of their clients).
Even if you are building an app for general, public use, the app's Client ID, Client Secret, and Developer Token are still connected to your company's MCC account.
However, this does not cause a problem. Any AdWords account owner can authorize your app to access their data, without having to be your client.

Resources