Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Support for Multiple Admin Emails to Retrieve Group Lists from Different Google Workspaces #2895

Closed
2 tasks done
vsychov opened this issue Apr 12, 2023 · 2 comments
Closed
2 tasks done

Comments

@vsychov
Copy link
Contributor

vsychov commented Apr 12, 2023

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

The Google connector in Dex currently supports auth via multiple google domains, but fetching group lists only from a single Google Workspace. However, this limitation makes it imposible for organizations with multiple different Google Workspaces to retrieve their groups, even if all of them have domain-wide delegation since each domain will have its own adminEmail address.

E.g. 2 google workspaces:
domain1.com - adminEmail need be setted to admin@domain1.com
domain2.com - adminEmail need be setted to admin@domain2.com

Proposed Solution

I suggest fixing this behavior by introducing an additional configuration parameter called adminEmailsMapping, while marking the current adminEmail parameter as deprecated. The new configuration parameter should look like this:

adminEmailsMapping:
  domain1.com: admin@domain1.com
  domain2.com: admin@domain2.com
  domain3.com: super-mega-admin@domain3.com
  ...

If this proposal is accepted, I will prepare a PR with the corresponding changes.

Alternatives Considered

I have considered the possibility of using multiple instances of the Google connector, but this would lead to increased UX complexity for end users.

Additional Information

The implementation of this feature would greatly improve the user experience for organizations with multiple Google Workspaces, enabling them to manage their groups more efficiently.

@vsychov
Copy link
Contributor Author

vsychov commented Apr 13, 2023

Hi, @JoelSpeed, @nabokihms, @sagikazarmark, @bonifaido, @rithujohn191, @justaugustus what do you think?

@vsychov
Copy link
Contributor Author

vsychov commented Apr 23, 2023

Closed by #2911

@vsychov vsychov closed this as completed Apr 23, 2023
vsychov added a commit to vsychov/dex that referenced this issue Apr 23, 2023
…Lists from Different Google Workspaces

Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com>
nabokihms pushed a commit that referenced this issue Jun 7, 2023
…2911)

Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com>
palexster pushed a commit to palexster/dex that referenced this issue Oct 4, 2023
…Lists (dexidp#2911)

Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com>
michaelliau pushed a commit to FlockFreight/dex that referenced this issue Oct 4, 2023
…Lists (dexidp#2911)

Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant