Anyone have best practices or gotchas for running :gam: on multiple domains?


Badge +2
  • Active Member / Beta Tester
  • 248 replies

Anyone have best practices or gotchas for running 0366f7b39b11255a.gif on multiple domains?


38 replies

Userlevel 3
Badge +1

almost didn't thread.. use gam sections!


Open Thread in Slack
Userlevel 3
Badge +1

if you are using one gcp project to manage multiple, you have to trust your app on admin.google.com/ac/owl


Open Thread in Slack
Userlevel 3
Badge +1

and the gcp project has to be marked external and in production


Open Thread in Slack
Userlevel 3
Badge +1

i have spoken


Open Thread in Slack
Badge

This would be a good youtube video to do a deep dive on for the workspace group


Open Thread in Slack
Badge +2

Precision of language issue on my part - separate workspace tenants. So if I’m running GAM for tenant A locally in Terminal, should I just run it in GCP console for Tenant B?


Open Thread in Slack
Badge

This is where I’d like to actually see how some other people are doing it. I personally have always created a new project in each tenant that I’m managing and just use gam select client A etc. So completely different projects for each client and different authorizations for each one. But as I understand it, there is a way to just set up one project and authorize it across multiple clients so you don’t actually need to create a new project for each client. That is one of the things I’m not as clear on how to do or what the implications are


Open Thread in Slack
Userlevel 3
Badge +1

i use one project for most in the same vm. not necessarily in the same project.


Open Thread in Slack
Userlevel 3
Badge +1

if you are doing large GAM jobs and need API quota, multiple projects. if not, then one would suffice. security posture of each domain is to be considered as well (trusting oauth client ids, whether they allow project creation in the org, setting up domain wide delegation, etc.)


Open Thread in Slack
Userlevel 3
Badge +2

Yep. Good video to talk about tbh.


Open Thread in Slack
Userlevel 3
Badge +2

I only ever use one project.


Open Thread in Slack
Userlevel 3
Badge +2

Except when I don't lol


Open Thread in Slack
Userlevel 3
Badge +1

haha yea, not having to reconfigure oauth consent screen (especially now that it asks for more information) saves time.


Open Thread in Slack
Userlevel 3
Badge +2

yep


Open Thread in Slack
Userlevel 2
Badge +2

Pro tip ; make sure to make some terminal profiles with some visual distinctions so you dont run your commands on the wrong domain 😂



Open Thread in Slack
Badge

That’s another thing I’d love to see someone walk through is something like that. I’m not completely sure how to do that



Open Thread in Slack
Userlevel 3
Badge +1

i think @nosubstitute uses alias? still have to try it out.



Open Thread in Slack
Userlevel 3
Badge +1

https://better-it.slack.com/archives/C2DMQ0BGE/p1603132072010900?thread_ts=1603122188.005600&cid=C2DMQ0BGE found it



Open Thread in Slack
Userlevel 3
Badge +1

welp, i messed up my .bashrc somehow

image.png?pub_secret=2aaed629d6

Open Thread in Slack
Badge +2

Not gonna lie - none of this thread has made any sense.



Open Thread in Slack
Userlevel 3
Badge +1

i had a similar thread in #gam in macadmins this morning.. writing a medium article hopefully that will make it a bit easier to understand



Open Thread in Slack
Badge +2

Yeah, I see a reference to this in the docs, but I can’t quite put it together.



Open Thread in Slack
Userlevel 3
Badge +1

https://docs.google.com/document/d/1gBJYaY7IWO3XpU-sA4fGshfzEBuQ75Y7Vugyy2QLq8Q/edit#heading=h.cvros6cy7igq this one?



Open Thread in Slack
Badge +2

I’ll take a look at that one. I was referring to https://github.com/taers232c/GAMADV-XTD/wiki/gam.cfg



Open Thread in Slack
Badge +2

The more I look at it, the more I think my question should have been - should I just run GAM in cloud shell on the secondary Workspace tenant? I don’t foresee needing to access it as much as our primary tenant, so if I don’t have to jump through a bunch of config hoops to run in locally, that would be dope.



Open Thread in Slack

Reply