SPOGOU

by Kim Nilsson (NoSubstitute) @ github.com/NoSubstitute

SPOGOU is an addon made to let non-superadmins Set easy-to-use Passwords Of Groups Of Users. So it's an acronym. :-)

I started working on this idea shortly before applying to become a Google Certified Innovator, the summer of 2020, and as such brought it into that amazing process as my Innovator project. It was initially a Google Apps Script bound to a Google Sheet, but I am planning to developing it into an addon published in the Google workspace Marketplace, so any admin can install and provide to the relevant users in their organisation.

For support with SPOGOU, just submit your problem as an issue on the project page on github., or give feedback on the Feedback page.

USAGE: To install SPOGOU, open a Google Sheet, go to Add-ons / Get add-ons, search for SPOGOU on Marketplace, open, click Install.

If, and only if, you have proper delegated admin access, will you be able to run SPOGOU's three steps. If you don't, SPOGOU will fail.

In the Add-ons menu you will find SPOGOU and run Start, which will create the necessary sheets for your process and also show sidebars with instructions on how to proceed.

Only the first step, Start, can be run with a user without delegated admin access. The following steps require delegated admin access.

Prepare Passwords - require the following scopes

https://www.googleapis.com/auth/admin.directory.group.member.readonly
https://www.googleapis.com/auth/admin.directory.user.readonly (but this scope isn't used, as you need to write to users in the next step)
https://www.googleapis.com/auth/script.container.ui
https://www.googleapis.com/auth/spreadsheets.currentonly
https://www.googleapis.com/auth/userinfo.email

Set Passwords - this, of course, requires a scope where you can edit the user.
https://www.googleapis.com/auth/admin.directory.user

So, before any user can actually use SPOGOU, the admin must assign the user those admin privileges. I recommend creating two separate custom admin roles, as the group privilege can't be limited to an OU, which the user privilege can. this means that a delegated admin can be restricted to only set passwords on users of a specific OU, for example students at their school.

You can always find my tools over on Github, linked top-right, but on these pages I also demo some of them.

This is also the information site with pages for terms of service and privacy policy for my tools.

My tools are usually completely free, but if you feel they have helped or improved your workflow in any way, you are welcome to PayPal me any amount you deem appropriate.