Limiting access to less secure apps to protect G Suite accounts
71 views
Skip to first unread message
droske
Sep 13, 2019, 2:30:34 PM9/13/19
to GAM for G Suite
Hello All,
Google recently announced that they would be limiting access to enabling less secure apps for Admins, but rather offering the setting to individual users. Does anyone know if Google will provide an API so admins can enable via GAM after the change is made? Our IDAM needs LSA enabled :-(
Thanks,
Doug
Jay Lee
Sep 13, 2019, 2:51:59 PM9/13/19
to google-ap...@googlegroups.com
Why does your identity management require young lower your security? This is probably a question you should be demanding of the vendor...
To answer your question, no I've heard of no plans for any API to manage LSAs
Jay
--
You received this message because you are subscribed to the Google Groups "GAM for G Suite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/3ee32c70-5568-4535-9b24-5073e8b68579%40googlegroups.com.
Doug Roske
Sep 13, 2019, 2:59:23 PM9/13/19
to google-ap...@googlegroups.com
Thanks Jay -
Because OneLogin leaves something to be desired.............
You received this message because you are subscribed to a topic in the Google Groups "GAM for G Suite" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/KvfUD4X79TE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp_%3DLEdCfojJ56EJi6Q-PkYcKD5whXT-1TG-srsshUOyng%40mail.gmail.com.
Doug Roske
Samuel
Sep 16, 2019, 1:57:19 AM9/16/19
to GAM for G Suite
I'm interested in your "problem"
are you using G Suite directory to authenticate users in OneLogin ?
We also use OneLogin, It's not fully enabled so how you use it can be interesting
Le vendredi 13 septembre 2019 20:59:23 UTC+2, droske a écrit :
Thanks Jay -Because OneLogin leaves something to be desired.............
On Fri, Sep 13, 2019 at 11:52 AM Jay Lee <jay...@gmail.com> wrote:
Why does your identity management require young lower your security? This is probably a question you should be demanding of the vendor...To answer your question, no I've heard of no plans for any API to manage LSAsJay
On Fri, Sep 13, 2019, 2:30 PM droske <dro...@summitps.org> wrote:
Hello All,--Google recently announced that they would be limiting access to enabling less secure apps for Admins, but rather offering the setting to individual users. Does anyone know if Google will provide an API so admins can enable via GAM after the change is made? Our IDAM needs LSA enabled :-(Thanks,Doug
You received this message because you are subscribed to the Google Groups "GAM for G Suite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-manager+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/3ee32c70-5568-4535-9b24-5073e8b68579%40googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "GAM for G Suite" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/KvfUD4X79TE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-manager+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp_%3DLEdCfojJ56EJi6Q-PkYcKD5whXT-1TG-srsshUOyng%40mail.gmail.com.
Doug Roske
Sep 16, 2019, 12:12:40 PM9/16/19
to google-ap...@googlegroups.com
Yes, currently we have Onelogin setup SAML with GSuite (Idp).
"We also use OneLogin, It's not fully enabled so how you use it can be interesting " ?
On Sun, Sep 15, 2019 at 10:57 PM Samuel <samuel....@gmail.com> wrote:
I'm interested in your "problem"are you using G Suite directory to authenticate users in OneLogin ?
We also use OneLogin, It's not fully enabled so how you use it can be interesting
Le vendredi 13 septembre 2019 20:59:23 UTC+2, droske a écrit :
Thanks Jay -Because OneLogin leaves something to be desired.............
On Fri, Sep 13, 2019 at 11:52 AM Jay Lee <jay...@gmail.com> wrote:
Why does your identity management require young lower your security? This is probably a question you should be demanding of the vendor...To answer your question, no I've heard of no plans for any API to manage LSAsJay
On Fri, Sep 13, 2019, 2:30 PM droske <dro...@summitps.org> wrote:
Hello All,--Google recently announced that they would be limiting access to enabling less secure apps for Admins, but rather offering the setting to individual users. Does anyone know if Google will provide an API so admins can enable via GAM after the change is made? Our IDAM needs LSA enabled :-(Thanks,Doug
You received this message because you are subscribed to the Google Groups "GAM for G Suite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/3ee32c70-5568-4535-9b24-5073e8b68579%40googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "GAM for G Suite" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/KvfUD4X79TE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp_%3DLEdCfojJ56EJi6Q-PkYcKD5whXT-1TG-srsshUOyng%40mail.gmail.com.
--Doug Roske
--
You received this message because you are subscribed to a topic in the Google Groups "GAM for G Suite" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/KvfUD4X79TE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/9e43150d-9655-4466-b98b-a431df02b825%40googlegroups.com.
Eric Sowa
Jan 30, 2020, 11:01:49 AM1/30/20
to GAM for G Suite
Is there a gam command to identify users using LSA. We received a report from google which is only 25 users, and I am puzzled as 75% of the organization receives a EAS google profile from airwatch
Jay Lee
Jan 30, 2020, 3:25:49 PM1/30/20
to google-ap...@googlegroups.com
You can see which users have allowed LSA with this command. Note the date of the report, it will lag by a few days.
gam report users fields accounts:is_less_secure_apps_access_allowed fulldatarequired accounts
I'd recommend moving these users into their own OrgUnit with LSA still allowed and then disable for everyone else to prevent issue from growing any larger. Then you can work with the LSA users to get them migrated over to more secure apps before the LSA deprecation date.
Jay
Jay Lee
Jan 30, 2020, 3:49:11 PM1/30/20
to google-ap...@googlegroups.com
Actually a better command would be:
gam report users fulldatarequired accounts,gmail fields accounts:is_less_secure_apps_access_allowed,gmail:last_imap_time,gmail:last_pop_time
so you can get some idea if user might be using LSA via POP or IMAP protocols. If neither of those is up to date then user is probably using CalDav / Activesync on a mobile device.
Jay
Jay Lee
Reply all
Reply to author
Forward
0 new messages