Using version 2.0.1 of the EMM, I am using the console API to programtically add the user to an existing policy and publish that policy to the device. Reading the API docs, I believe the order to be the following:
GET (/mdm-admin/policies/{id}) <--- This is working.
Update the policy JSON with the registered device owning user.
PUT (/mdm-admin/policies/{id}) <--- This works as well.
PUT (/mdm-admin/policies/apply-changes) <--- API returns 200
The following issues come to the forefront.
1) The Policy pack is never pushed to the device.
2) The restriction placed into the policy disappears from the policy.
Am I missing a step in the process to force that push to occur, and should I be pushing the entire policy or just the changed list of users?
"The restriction placed into the policy disappears from the policy."
Is a know intermittent issue in EMM 2.0.1 and you can prevent that issue by editing the policy after creating and check the restrictions are in order.If not do modify/include those restrictions and save the policy.
This is the best and out of the box work around possible.
Related
For some reason I deleted so called brand entity at my gcloud console. Now I want to create new one using the command in the console:
gcloud alpha iap oauth-brands create --application_title='EmojiRave' --support_email='rebelusgames#gmail.com'
But the console returns me back : INVALID_ARGUMENT: Request contains an invalid argument.
I've used different formats (using brackets and without them)
I've checked whether I have enough permissions to do it (I use owner account, so it's enough permissions)
I'm desperate.
There are two potential reasons for the failure:
1. Incorrect email address. According to the docs: "This [support] email address can either be a user's address or a Google Groups alias. [...] Note: The user issuing the request must be an owner of the specified support email address."
2. Project is not in an organisation. According to this source (see under limitations): If you're [..] outside a Cloud Orginization most likely you'll get an error on step "Creating oauth brand".
Overall, my suggestion is to update the OAuth Consent Screen via GCP Console.
Go to the Google Cloud Platform Console.
From the projects list, select a project or create a new one.
If the APIs & services page isn't already open, click on the Navigation Menu on the upper left and select APIs & services.
On the left, click OAuth Consent Screen.
Click Edit App.
First, it's not possible to delete the OAuth Consent Screen (Brand) once created. This can be seen from #DaImTo's answer, and the lack of delete option in both gcloud command and in the console.
I also tested your command on my Cloud Shell and it works fine as well. I've checked the documentation with regards gcloud alpha iap oauth-brands and it is currently in ALPHA state. It may change without prior notice and it may not be stable or work to all users. If you still want to use the CLI and request to be allow-listed regarding this command, my suggestion is to contact sales, as instructed on the issue tracker you've made.
I can't login to Stackdriver from the Google Cloud Console because of a login page redirect loop.
Here is the complete http request flow:
I can't provide you here the http request flow as stackoverflow said it looks like spam.
https://pastebin.com/im24CCnn
Request 3 and 9 are the login page of Stackdriver if presents me with ony the stackdriver logo and a single link with the text Log in with Google.
I've tried to restart the browser (Firefox) and clearing all caches and site data, with no change in behavior.
After some investigation, I figured out various causes for this case:
-1-
According to the documentation,
Stackdriver Monitoring relies on cookies from various Google sites to
manage Workspaces. If these cookies are blocked, you may find that you
get stuck in an endless authentication loop. Cookies can be blocked
accidentally, or by automatic updates pushed out as part of changes in
security policy at your location.
Solution:
-You must have third-party cookies enabled for the following:
google.com
accounts.google.com
apis.google.com
-Thus, after having cleared and enabled your browser cookies, make sure that they are not blocked, as for example by any extension like PrivacyBadger.
-2-
If you are logged into the browser with more than 1 account, it may cause a redirection behavior.
Solution:
-Try logging in from “Incognito mode”, or even a different browser to configure if the issue persists.
-Disable all your extensions and try again.
-3-
An update from the browser might interfere with the logging process in your browser.
Solution(same as the 2nd):
-Try logging in from “Incognito mode”, or even a different browser to configure if the issue persists.
-4-
If the version of the installed Stackdriver build is on Beta, then you might get this issue.
Solution:
-Uninstall Beta version and install a non-beta version of Stackdriver.
-5-
If nothing of the above works, please change your network and/or device and try again.
Additionally, during my research I came across few Feature Requests regarding the “Stackdriver Redirection Loop Issue”.
1-Allow the use of Google Cloud products without having cross-site tracking enabled.
2-Login loop attempting to access Stackdriver by using default settings of Firefox.
As soon as we can determine the cause, you can “star” the corresponding(one or more) Feature Request, so that it gets more visibility and also you may attach your email on the CC field, in order to get notified on any updates of the FR.
Clarification questions:
Were you able to login successfully to Stackdriver Monitoring before this issue occurred?
I am trying to hook a Xamarin project up to Google Play Services but keep receiving a SIGN_IN_REQUIRED error when calling Connect. I have read a few posts online but cannot determine what actually causes this error message.
I have setup the a game project and also setup an API with oAuth credentials. I have made sure that the same SHA key is being used in the API credentials and in the application while debugging but I am still not making any progress.
I am currently presuming that this is not a coding problem but rather something to do with the setup of the API services etc but have ran out of things to try at this point.
Firstly, to make sure your network connection is normal, you can run this demo in your network environment.developer.xamarin.com/samples/monodroid/google-services/… Donnot forget to change to clientID in string.xaml.Then , open the firebase console, find this app check the clientID if it is same with your code, and check the SHA-1 hash of your signing certificate.
I have registered my application here.
I have given all permissions to my App in that panel as well.
I specifically need Groups.ReadWrite.All which requires an admin ? requirement I am not sure what this even means.
https://apps.dev.microsoft.com/#/application/
Okay App is registered and redirect url has been copied.
Now I take that redirect url copy it and paste it into the admin panel for apps. At this link at App Registrations
https://portal.azure.com/
I am not sure why I have to register in two different panels, one which gives me a redirect url for my native app and the other that leaves it blank.
Great So then I setup my iOS app to make a graph request. This scope
https://graph.microsoft.com/Calendars.ReadWrite
I need to readwrite groups so I add this permission
https://graph.microsoft.com/Group.ReadWrite.All
It fails to authenticate.
I have checked that I have added the permissions to my app, and I have at this app registration panel https://apps.dev.microsoft.com/#/application/
Then I try to add the same permissions in the
https://portal.azure.com/
it gives me
Unable to Complete Request Validation Error, then doesn't do anything.
I tried to add a non admin permission same error.
So what is going on here ... ?
So even though they told me use the Graph API from now on moving forward in the docs I tried to go back to their office 365 SDK for iOS, it also has problems as I cannot get the pods to work as per instructions.
I am 100% sure after this issue is resolved I will need permissions
Note: I work at as a consultant for a bank so if someone can tell me what the azure administrator at the bank has to do to get my permissions escalated to admin status that would be great....
Thanks
Those are 2 different registrations,
Per this documentation (https://graph.microsoft.io/en-us/docs/authorization/auth_overview), for personal accounts like live.com or outlook.com, use the Azure AD v2.0, and for the enterprise, use the Azure AD.
So, for your case, I believe you need the latter, the azure AD.
For this to happen, as you said, go https://portal.azure.com/ and add the app registration.
In order to do so, you would need to
select "Azure Active Directory" and go "App registrations".
Once you create an app, you would need to select "native" for the iOS, and then under app access, under "required permissions" add "Microsoft Graph" followed by selected permissions you would like.
To answer the note, you would need permissions to create an app at the portal, otherwise, you would need to ask for that permission or have the admin create an app for you.
Some samples are available at https://github.com/microsoftgraph/ios-objectivec-connect-sample and https://github.com/microsoftgraph/ios-swift-connect-sample for iOS samples.
Hope this helps!
Background
Recently upgraded to Facebook SDK 3.2
Tested on both device and simulator (iOS 5.1 through 6.1)
Error is only present when attempting to authenticate Facebook test users.
Error
The Facebook server could not fulfill this access request: Temporarily unable to make API calls on behalf of XXXXXX.
UserInfo={com.facebook.sdk:ErrorLoginFailedReason=com.facebook.sdk:SystemLoginCancelled, com.facebook.sdk:ErrorInnerErrorKey=Error Domain=com.apple.accounts Code=7}
Steps to Reproduce
Clear simulator or manually remove Facebook account from device settings.
Create a test user via Facebook's accounts/test-users endpoint.
Add Facebook account in device settings.
Authenticate via openActiveSessionWithReadPermissions & accept the permissions dialog.
Expected Result
FBSessionStateHandler block returns with state == FBSessionStateOpen.
A nil NSError.
Actual Result
FBSessionStateHandler block returns with a error.fberrorCategory == FBErrorCategoryUserCancelled with the above user info trace.
Solution Attempts
I've followed the steps outlined in this question; namely checking my bundle name, ensuring my app type is set to Native/Desktop and setting my App Secret in Client to NO.
As well, I have ensured I am only asking for read permissions (ie. email).
I've even bypassed the Facebook SDK altogether by attempting to authentication with a ACAccountStore instance & got the same results.
Again, everything works fine with a regular user (non-test); so it must have something to do with the configuration & recent 3.2 changes.
1) Facebook 3.1 SDK splits read and publish permissions. Use only read permissions (e.g., email) in the first authentication call. Using both will break it and result in that generic error. It seems Facebook's SDK doesn't actually do what it's meant to do: fall back to older authentication methods. David tells me an updated Parse SDK will make the permissions split easier, but it will of course be up to Facebook to fix that bug in their SDK.
2) Independently, the issue I was having seems to have gone away after signing out of Facebook in the device's Settings, and then back in. Maybe a glitch in the iOS integration? (The permissions split issue still applies here, however. Make sure you do read first and publish (e.g., publish_actions) separately later, the first time you actually need it.)