stackoom
  简体   繁体   中英

Using google workspace admin API, how to identify slack workspace of the my org users who log into slack using company's email via Gsuite SSO?

 原文  2022-05-31 14:09:52       google-api/ slack-api/ google-admin-sdk/ google-workspace/ google-admin-audit-api

Question

I am capturing the logins of my org users into slack using google workspace admin reports API as mentioned in the doc here: https://developers.google.com/admin-sdk/reports/v1/appendix/activity/saml#login_success

I want to identify the workspace that these users are login into. How can I identify this?

Here's the sample response that I get from the reports API:

{
  "kind": "admin#reports#activities",
  "etag": "\"SsISqFfgRYY11XaGpPyQF5FTf1EAwqUmKLMPaD85FHw/evu1UTmScwnBzMj7rPtBftM3N2k\"",
  "items": [
    {
      "kind": "admin#reports#activity",
      "id": {
        "time": "2022-05-25T17:51:08.913Z",
        "uniqueQualifier": "35251594669533645",
        "applicationName": "token",
        "customerId": "C02a9qd29"
      },
      "etag": "\"SsISqFfgRYY11XaGpPyQF5FTf1EAwqUmKLMPaD85FHw/U-RQigEfldlDShA5VdJAIizlnsQ\"",
      "actor": {
        "email": "vibhu@cloudeagle.ai",
        "profileId": "116721330888590133060"
      },
      "ipAddress": "18.206.76.246",
      "events": [
        {
          "name": "authorize",
          "parameters": [
            {
              "name": "client_id",
              "value": "606092904014-s1u3idjanlbhr4ns5b1hcjgfn63cr9nh.apps.googleusercontent.com"
            },
            {
              "name": "app_name",
              "value": "Slack"
            },
            {
              "name": "client_type",
              "value": "WEB"
            },
            {
              "name": "scope_data",
              "multiMessageValue": [
                {
                  "parameter": [
                    {
                      "name": "scope_name",
                      "value": "openid"
                    },
                    {
                      "name": "product_bucket",
                      "multiValue": [
                        "IDENTITY"
                      ]
                    }
                  ]
                },
                {
                  "parameter": [
                    {
                      "name": "scope_name",
                      "value": "https://www.googleapis.com/auth/userinfo.email"
                    },
                    {
                      "name": "product_bucket",
                      "multiValue": [
                        "IDENTITY"
                      ]
                    }
                  ]
                },
                {
                  "parameter": [
                    {
                      "name": "scope_name",
                      "value": "https://www.googleapis.com/auth/userinfo.profile"
                    },
                    {
                      "name": "product_bucket",
                      "multiValue": [
                        "IDENTITY"
                      ]
                    }
                  ]
                }
              ]
            },
            {
              "name": "scope",
              "multiValue": [
                "openid",
                "https://www.googleapis.com/auth/userinfo.email",
                "https://www.googleapis.com/auth/userinfo.profile"
              ]
            }
          ]
        }
      ]
    },
}

I am wondering if it is possible to identify the slack workspace from the above response or would it need other API endpoints and parameters.

1 answers

solution1
 2  2022-05-31 21:52:15

keep in mind SAML is an authentication method that allows a Service Provider such as Slack in this scenario, use Google credentials as Identity Provider (IdP). That being said once the Authentication flow is completed usually the IdP doesn't have any control or access to the app activity.

In other words once the login is completed Google is blind about what users do in the app interface.

For that reason I am afraid what you are trying to achieve is not possible. In the Google Reports API link you shared data you can obtain is limited to failed/successful login details.

Testing the call to the Reports API you can see there is no additional details useful to your purpose:

在此处输入图像描述 在此处输入图像描述

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get Google workspace/gsuite user profile picture via email id Access Google Drive of ALL Users in Customer's Google Workspace Domain using Admin Login How to change the users default language for GSuite via google api? How to use service account to authenticate google workspace admin api? Google Picker API for Google Workspace users only How to create google workspace by API Is there a way to programmtically check via an API on that status of Google Workspace Apps? Error while trying to send email from google workspace from asp.net core web api app using Google.Apis.Gmail In Rails, is it possible to limit who can log in with google using the api? Having issues with the Appscript pulling data from Google workspace using Reports API
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM