[英]G Suite SSO, restricted to company accounts, in Python and Flask?
Let's say I work for mycompany.com
. 假设我为mycompany.com
工作。 I'm building an internal web app in Flask for accessing some company data. 我正在Flask中构建一个内部Web应用程序来访问一些公司数据。 It will not be hosted on Google's App Engine. 它不会托管在Google的App Engine上。
At mycompany
, we use G Suite for email, calendars, etc. I have access to the G Suite Admin Console and can make whatever changes necessary. 在mycompany
,我们将G Suite用于电子邮件,日历等。我可以访问G Suite管理控制台,并可以进行必要的更改。
What I'm trying to do is to provide Google Authentication in the Flask app, but only for people that work at mycompany
, that have a @mycompany.com
email address through the company's G Suite account. 我要做的是在Flask应用程序中提供Google身份验证,但仅适用于在mycompany
工作的人,他们通过公司的G Suite帐户拥有@mycompany.com
电子邮件地址。
I've spent a good amount of time poking through Google's documentation and I've found the web authentication example and the Authenticating Uses with Python example. 我花了很多时间来浏览Google的文档,我发现了Web身份验证示例和Python身份验证使用示例。 I've run both examples. 我已经运行了两个例子。 Neither restrict access to mycompany
's G Suite accounts. 既不限制访问mycompany
的G Suite帐户。
Do I need to implement that logic myself or does G Suite provide a mechanism to use SSO authentication restricted to company members? 我是否需要自己实现该逻辑,或者G Suite是否提供了一种机制来使用仅限于公司成员的SSO身份验证?
Looks like I need to create a custom SAML app and that I can use the python3-saml library to accomplish that. 看起来我需要创建一个自定义SAML应用程序 ,我可以使用python3-saml库来实现这一点。 There's a demonstration Flask app in the library. 库中有一个演示Flask应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.