{"id":6105,"date":"2019-10-14T09:26:10","date_gmt":"2019-10-14T02:26:10","guid":{"rendered":"http:\/\/gcloudvn.wam.vn\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/"},"modified":"2023-05-04T15:09:04","modified_gmt":"2023-05-04T08:09:04","slug":"kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli","status":"publish","type":"post","link":"https:\/\/gcloudvn.com\/en\/kienthuc\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/","title":{"rendered":"Session duration control for Google Cloud Console and gcloud CLI"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/#Nhung_gi_dang_thay_doi\" >What is changing?\u00a0\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/#Ai_chiu_anh_huong\" >Who is affected?\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/#Tai_sao_ban_lai_su_dung_no\" >Why are you using it?\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/#Lam_the_nao_de_bat_dau\" >How to get started?\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/#Chi_tiet_bo_sung\" >Additional details\u00a0\u00a0<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/#Nha_cung_cap_nhan_dang_SAML_cua_ben_thu_ba_va_viec_kiem_soat_thoi_luong_phien_lam_viec\" >Third-party SAML identity provider and session duration control.\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/#Cung_cap_viec_kiem_soat_thoi_gian_co_dinh_khong_dua_tren_hoat_dong\" >Provides fixed time control (non-activity based)\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/kiem-soat-thoi-luong-phien-lam-viec-cho-google-cloud-console-and-gcloud-cli\/#Tuy_chon_xac_thuc_lai\" >Re-authentication option\u00a0<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Nhung_gi_dang_thay_doi\"><\/span><b>What is changing?\u00a0\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Google has publicly opened a beta to G Suite, Google Cloud Platform (<a href=\"https:\/\/gcloudvn.com\/en\/google-cloud-platform\/\">GCP<\/a>) v\u00e0 qu\u1ea3n tr\u1ecb vi\u00ean Cloud Identity c\u00f3 th\u1ec3 \u0111\u1eb7t th\u1eddi l\u01b0\u1ee3ng phi\u00ean l\u00e0m vi\u1ec7c c\u1ed1 \u0111\u1ecbnh cho c\u00e1c \u1ee9ng d\u1ee5ng v\u00e0 d\u1ecbch v\u1ee5 c\u1ee5 th\u1ec3. Sau khi phi\u00ean l\u00e0m vi\u1ec7c h\u1ebft h\u1ea1n, ng\u01b0\u1eddi d\u00f9ng s\u1ebd c\u1ea7n nh\u1eadp l\u1ea1i th\u00f4ng tin \u0111\u0103ng nh\u1eadp v\u00e0 ti\u1ebfp t\u1ee5c truy c\u1eadp: :<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">GCP Cloud Console<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">gcloud command-line tool<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any other application that requires Cloud admin scope\u00a0\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Settings can be customized for specific organizational units.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Note that this is designed to work on the web. However, the setting will apply to authentication on all platforms, including web and mobile apps where they exist. As a result, affected mobile apps may not function correctly when the feature is enabled.<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Ai_chiu_anh_huong\"><\/span><b>Who is affected?\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Only administrator<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Tai_sao_ban_lai_su_dung_no\"><\/span><b>Why are you using it?\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Many applications and services include sensitive data, and it is important that only specific users can access that information. . By requiring re-authentication, you can make it difficult for others to get that data if they gain unauthorized access to the device.\u00a0<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Lam_the_nao_de_bat_dau\"><\/span><b>How to get started?\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><b>Admins: <\/b><span style=\"font-weight: 400;\">Find session length control at Admin console &gt; Security &gt; Google Cloud session control (Beta). See google&#039;s Help Center to learn more about how <\/span><a href=\"https:\/\/support.google.com\/a\/answer\/9368756\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">set session duration for Google Cloud service<\/span><\/a><span style=\"font-weight: 400;\"> .\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>End users: <\/b><span style=\"font-weight: 400;\">If a session ends, users simply log back into their account using the familiar Google sign-in flow.\u00a0<\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Chi_tiet_bo_sung\"><\/span><b>Additional details\u00a0\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Nha_cung_cap_nhan_dang_SAML_cua_ben_thu_ba_va_viec_kiem_soat_thoi_luong_phien_lam_viec\"><\/span><b>Third-party SAML identity provider and session duration control.\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">If your organization uses a third-party SAML-based identity provider, cloud sessions expire, but users can be transparently re-authenticated. i.e. not actually asked for their credentials) if their session with a valid IdP at the time. This is intentional, as Google will redirect the user to the IdP and accept the validation from the IdP. To ensure that the user is re-authenticated, be sure to match the session timeout at the IdP with the session length you want to enforce.<\/span><\/p>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Cung_cap_viec_kiem_soat_thoi_gian_co_dinh_khong_dua_tren_hoat_dong\"><\/span><b>Provides fixed time control (non-activity based)\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Note that the new session control is a fixed time limit \u2013 it does not look for session activity or \u201cidle time\u201d. At the moment, Google Cloud and G Suite (<a href=\"https:\/\/gcloudvn.com\/en\/google-workspace\/\">Google Workspace customers<\/a>) does not support activity-based session expiration.\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Tuy_chon_xac_thuc_lai\"><\/span><b>Re-authentication option\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">When choosing a session length, the administrator will be able to choose:\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Between a range of preset session lengths, or set up a custom session length.\u00a0\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Whether the user needs the usual login information (password and, if configured, <\/span><a href=\"https:\/\/support.google.com\/a\/answer\/9176657\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">2-step authentication<\/span><\/a><span style=\"font-weight: 400;\">), or request<\/span><a href=\"https:\/\/support.google.com\/accounts\/answer\/6103523\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\"> security key<\/span><\/a><span style=\"font-weight: 400;\"> to re-authenticate<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-14885 size-full\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2019\/10\/pasted-image-0-2.png\" alt=\"Session duration control for Google Cloud Console and gcloud CLI 1\" width=\"640\" height=\"354\" \/><\/p>\n<p style=\"text-align: right;\"><strong>Update: Gimasys<\/strong><\/p>","protected":false},"excerpt":{"rendered":"<p>What&#039;s changing? Google has opened a public beta so that G Suite, Google Cloud Platform (GCP), and Cloud Identity admins can set fixed session lengths for apps\u2026<\/p>","protected":false},"author":1,"featured_media":6106,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6105","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kienthuc","entry","has-media"],"_links":{"self":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/6105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/comments?post=6105"}],"version-history":[{"count":0,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/6105\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media\/6106"}],"wp:attachment":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media?parent=6105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/categories?post=6105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/tags?post=6105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}