How to "copy" Google Identity from one PC to another - google-identity

We use Alteryx(an ETL tool). The files are called "workflows". The workflows can connect to google sheets. The software uses google identity to "log in" to google sheets just like any other website that you can "use google" to log in.
There are 2 ways for the software to be run:
From a user's desktop WITHIN a local copy of the Alteryx software itself
Uploading a workflow from your local desktop to the "gallery"(server). The workflows are then run from front-end web interface.
The gallery is a front-end web interface that sits on a Windows Server 2016 box.
The issue I'm running into is that even though all the token info is stored inside the workflow, they CANNOT be run from the gallery web interface because the users cannot go through the google log in process because they cannot log into the server as if it was a normal desktop(I can since I'm an admin on the Windows Server box).
So, my question: Is there a way to "copy" whatever google identity information is created on a user's local PC that allowed them to connect to google sheets, email it to me, so I can then add it to the server that houses the Alteryx Gallery?
Thanks,
Craig

Related

Acumatica report authoring and single sign-on

Our users authenticate to Acumatica using OAuth2-based SSO with Google as the identity provider. They do not have passwords to access the system (we generate very long, strong passwords which are discarded as soon as SSO is set up).
I don't want to go into all the reasons why SSO is important to us. It's critical, and I'll leave it at that. SSO was a policy and business requirement for us to select Acumatica.
The Report Designer doesn't seem to support OAuth2.
Is there a way we can give users the ability to download the RPX files via the browser, edit them outside the browser, and then upload the changes via the browser, using only SSO credentials?
Also, where can I get the source code to Report Designer? I'd love to see if I can add OAuth2 support myself.
There are 2 types of report in Acumatica:
Standard Reports
Analytical Reports
The links above describe how you can customize these reports using Acumatica Cloud ERP.
You can notice that standard reports have the following limited customization possibility using Cloud ERP:
You can adjust the report settings to meet your specific informational
needs. For example, you can specify sorting and filtering options and
select the data by using report-specific settings—such as financial
period, ledger, and account. You can configure additional processing
settings for each report.
Analytical reports have more customization possibilities through Cloud ERP:
The Analytical Report Manager is a web-based tool for creating and
modifying analytical reports. Users can design and run custom
analytical reports using advanced data selection criteria, data
calculation rules, and customizable report layout design features. By
using the Analytical Report Manager, you can: Create the layout and
structure of reports based on your business requirements. Define data
selection criteria for the report with a high level of granularity.
For example, data sources can include a range of accounts,
subaccounts, and financial periods. Use advanced formulas to calculate
values based on the information extracted from the data source. Create
consolidated reports based on the data from multiple data sources or
other analytical reports. Localize data used by a report if
multilingual support of user input is enabled.
Acumatica marketing material shouldn't refer to the standard report editor (Windows Form Desktop Application) as part of the Cloud ERP product. The reason for this is quite simple, a Windows Desktop application is not a cloud product, it can't be accessed with a browser and is not supported on unix/apple OS.
Analytical reports designer support SSO OAuth since the designer is running on the Cloud ERP product.
Standard reports designer doesn't support OAuth. You could fill a feature request for it though. Our marketing material should not refer to standard report customization as part of the Cloud ERP product because the designer requirements are different.
We strive to make every feature available on Cloud ERP platform. At the moment these are the features not available on Cloud ERP to my knowledge:
Standard Report Editor
DeviceHub, this is a Windows program that acts like a device
spooler so you can access windows desktop hardware like printer
and scales from the Cloud ERP.
Login page customization, this can't be achieved through
Customization Project Editor, you have to change files manually on
the server.
From now on, I'll focus on the Standard Report Designer, the Windows Desktop Application.
The designer uses the Web Service API to communicate with Acumatica Database.
Besides loading and saving RPX files the report designer also uses the Web Service API for features in 'File->Build Schema' dialog like 'Load Schema'. If your user are not using the 'Build Schema' features then having only the RPX file locally should be enough to allow them to modify the report using the designer.
Code for loading and saving RPX files is located in PX.Reports.Design.ReportUtils class which is part of PX.Reports.Design.dll assembly. It's using the SOAP API which to my knowledge is not the preferred API to use OAuth, the REST Contract API is recommended for OAuth enabled Web Services. Refactoring the PX.Reports.Design.dll assembly to use REST Contract API instead of SOAP API isn't trivial.
That said I believe it's possible to load and save RPX files using the Rest API and you could write a wrapper for the report designer to handle that task as long as you forgo 'Build Schema' feature. I'll touch on that at the end of my answer.
You can find the documentation for using OAuth with Rest API here
There are two ways you can use Acumatica Web Service, attended or unattended.
Attended use requires a user to enter his credentials in some form of UI before using the web service. The report designer uses this form of authentication.
The alternative for unattended use is to configure and save the authentication credentials before using the web service. That way an automated program can use web service API without requiring a user sitting in front of the computer.
Unattended use typically doesn't involve OAuth because you can't have a user dedicated to the task of authenticating. For example, if you integrate Acumatica with an ecommerce provider, requiring him to use OAuth authorization to push the orders to Acumatica is problematic because that process usually doesn't involve a UI where a user sitting at the computer provide authorization.
You could technically create a OAuth access token that never (rarely) expires for this task but it circumvents the purpose of OAuth which is having temporary access tokens to mitigate man in the middle attacks. Certifications that mandates use of OAuth typically forbid use of tokens that never expire. That's why requesting OAuth for automated process can raise eyebrows and lead programmers to question your security policies.
Now let's get to possible solutions for your problem. You'll have to assess whether your security policies allows use of unattended web service without OAuth authorization. If that's the case then your job will be much easier. If not then you'll likely run into similar problems later on if dealing with third party web service integration for Acumatica is required.
In order to write a wrapper over the report designer you'll have to write a windows desktop application and have the '.RPS' file type associated with your wrapper instead of being associated with Acumatica report designer.
When a user clicks the EDIT REPORT button on the website, a '.RPS' text file is generated in memory on the server and the user browser is redirected to that file in order to download it locally. When the user clicks on the RPS file, windows launches the associated program (Acumatica report designer) and passes the RPS file path by command line parameter. The report designer then presents the authorization dialog where user can enter his credentials and the report RPX file is downloaded by the Web Service API.
Example of the content of an RPS file:
ServiceUrl|http://localhost/AcumaticaInstance/
ReportName|gl633000.rpx
User|admin
The idea is to have your wrapper parse this RPS file, download the associated RPX file using the Web Service API that comply with your security policy and then launch Acumatica report designer for this RPX file using command line parameter:
"c:\...\ReportDesigner.exe" "c:\...'gl633000.rpx"
When you launch the report designer you want to halt your main thread until the user closes the report designer. Framework methods that do this are typically named 'wait for exit'. Before closing the report designer the user would save the RPX file. After the designer is closed your main thread will resume and you can then re-upload that RPX file to Acumatica database using Web Service API.
The easy way would be to create a report designer user to use Web Service API in unattended mode. You could store those credentials locally (in encrypted form) wherever you see fit and never expose them in UI. When making Web Service call you decrypt those credentials on the fly. In such a scenario the asset to protect is the decryption key.
If use of attended web service is required for OAuth support you will need to implement a UI to get those credentials. If you have to use Google login page for entering the credentials you would have to include an embedded browser in your wrapper for that purpose.
As a remainder, note that this solution will enable you to modify the report definition in the RPX file but will not enable you to use report designer features that require web service API like 'Build Schema'.

TFS express access for remote users

I have a TFS express configured on my windows server. Is it possible to invite a remote user on his email address, so that he can connect to the server and access project collections? I had been through few similar SO posts, and tried to explore almost all parts of the admin panel, but could't found such feature.
(I know this is available in case of visualstudio.com, but I need to invite a remote user to my locally hosted TFS).
Question:
- Is it even possible to allow remote user to access my TFS?
- If so, how to authenticate him?
Other Info: TFS is perfectly configured, and is accessible remotely as http://xyz:8080/tfs
No this is not possible. When TFS is installed on-premise it reads its users from the Windows Active directory and/or local Windows Server users.
When TFS is configured to be accessible remotely, like you say using an externally visible domain name, you need to register a Windows user either in Active Directory (preferred) or locally on the server.
To make your life easier, consider employing Visual Studio Team Services, the cloud service based offering that offers mostly the same services TFS does. It also provides 5 free users, doesn't need to be installed and maintained on a Windows Server, doesn't cost you a Windows Server license and allows you to invite people using their Microsoft Account/Windows Live ID.

Authentication / account requirement for Tableau JS-API

I am working on web application for visualization and learning feasibility of using JSAPI in application to pull in reports from tableau.
My understanding on topic is limited from online reads of dev doc and demo.
- Author creates reports, dashboards, workbooks on tableau desktop/server and publishes it on tableau server.
- Tableau server will require a license for author personnel account.
- Web application can use JSAPI to access those reports, workbooks or dashboards.
Is my understanding correct?
Does does every user of web application needs separate credentials to view reports on app?
You can use a single account for accessing reports in your web application as long as you do not want to have some specific reports for particular users.

App for Office for Desktop and 3rd party authentication

I am initiating an App for Office project and I am trying to find out something critical.
Can I use my ASP.NET MVC built-in OAuth authentication to pair it with a Live account so my app logs-in the user into MS Office for Desktop apps.
This is needed so I can access OneDrive and use the share file editing there.
The architecture so far is:
Files stored in a single OneDrive or SharePoint server (TBD)
Desktop Office apps (Word and Excel) where the users work.
App for Office, installed in their Word and Excel. Users can authenticate on the back-end ASP.NET MVC server, using any 3rd party email address and a password.
I have used OAuth in ASP.NET MVC projects but not in integration with Office in an App for Office.
So, my question is if this idea is possible and HOW, or I have to give everyone an Office 365 account so they can connect via the integrate Office for desktop.
As we in our small company like to benefit from the OneDrive functionality, and also want to have selected shared and group folders offline available, we found a more or less perfect workaround.
We use the Goodsync software to synchronize. For this you create a sync job within Goodsync for the folders you want to have offline- available. Such a sync definition / call it folder pair / has a reference to the local folder, and on the other side a reference to the OneDrive folder. The reference to the OneDrive folder you describe like this: „sds://d.docs.live.net//“.
The OneDrive CID you can see for any shared OneDrive folder in OneDrive web whithin its web address (example: https://OneDrive.live.com/?cid=xxxxxxxxxxxxxxxx) . Similarly it works for OneDrive group folders.
Our experience is very good with this workaround, only to be aware to have all rights for the shared One Drive folder, then Goodsync can even create or delete folders within shared OneDrives.
Good luck! Wolfgang from Salzburg
For everyone's benefit, I will explain what we have done.
We are using Azure Active Directory and manage all users there. We connected SharePoint site to it and it has a OneDrive behind. Now our App for Office connects to that using SharePointContext from here and it magically works.

How can I authenticate users using their Windows login credentials?

How can I let my Intraweb XI application authenticate users using their Windows login credentials? The application runs as a service on Windows servers.
We need to only allow network users to access some of our Intraweb applications.
I'm not familiar with Delphi, but it sounds like you want Active Directory integration (assuming here that you already have a AD Infrastructure in place that does the authentication, since you say "Windows login credentials").
If that's the case, then perhaps Deepak Shenoy's white paper on Active Directory Service Interfaces or the Stack Overflow question about integrating Delphi with Active Directory will point you in the right direction.

Resources