Clever Geek Handbook

How do I get the CustomerId (or other primary key) for a Google Apps account?

When a user logs into our Marketplace V2 app, we need to know which Google Apps account the user belongs to.

id_token contains the parameter "hd" (domain name), but this is not sufficient because a Google Apps account can have multiple domains.

CustomerId seems like a good primary key for matching users with the correct Google Apps account. The problem is that it doesn't seem to be included in the id_token. Is there any way to figure out what the CustomerId of the user is.

An Administrative SDK would be one option, but in almost all cases, calls to the Administrator SDK fail with "Domain cannot use API". I read in the previous answer that Google will automatically (re) enable API access when an admin installs the Marketplace app, but that can't be true because a call to the admin SDK almost never works.

Does anyone have any suggestions on how to get the client key or other primary key otherwise, or some other trick to get the admin SDK to work (without telling people to change their Google Apps vulnerability settings because this is in pretty much defeats the Marketplace easy install point).

Thank!

+3


source to share


1 answer


To make the admin SDK work after installing the app on your Google Apps site, you must:

  • add admin SDK to cloud project

  • add the Google Apps SDK to your cloud project

  • go to the Marketplace app config and add the required admin SDK scope

Once installed, your service account will have permission to call the admin SDK on the domain where your marketplace app is installed.

Document Status: Use the Retrieve User command to get the customerId .

So, you will need at least this area:



In addition, you will need to find out the domain administrator's email address.

On a side note: I believe you can use "my_customer" as a replacement for the customer ID in API calls, at least for the admin SDK.

update: http://googleappsupdates.blogspot.be/2014/09/new-features-in-admin-sdk-custom-user.html Historically, only admins were able to access data in the admin SDK. Starting today, any user (not just administrators) will now be able to invoke the Directory API to read the profile of any user in the domain (of course, we will respect the ACLing settings and profile sharing settings).

+4


source






More articles:


All Articles