Comment by nodamage

2 days ago

> If I log in using Google oauth, you already know the Google account is active.

You know there is an active Google account but (for the public OAuth integration option) it can be any Google account from any workspace, or no workspace.

"A public application allows access to users outside of your organization (@your-organization.com). Access can be from consumer accounts, like @gmail.com, or other organizations, like @partner-organization.com." [1]

> Yes, but that's an additional check, separate from the one you suggested would eliminate the issue:

If you set up an internal OAuth integration option no separate check is necessary, it will actually restrict access to users of your workspace.

"An internal application will only allow access to users from your organization (@your-organization.com)." [1]

You can use the SAML integration option as well. [2]

[1] https://support.google.com/cloud/answer/6158849?hl=en#zippy=...

[2] https://support.google.com/a/answer/6357481

0 comments

nodamage

No comments yet

Contribute on Hacker News ↗