Hi,
I am working on Azure AD and connected my Azure AD using Azure AD connect to my on-premises ADDS using Azure AD Connect utility. I was just looking that is it possible to synchronize both sides in a way that if some user is registered on Azure AD it automatically reflects on On-Premises AD?
Immediate help would be appreciated.
Thanks,
Hi,
I need to add facebook@ work and sales force into Azure AD connector SSO . But they need
SAML URL , SAML issuer URI and SAML certificate .
Which I don't have a clue how to find them. Please help. Thanks.
The menu on the left will NOT expand or open up, nor are any of the hyperlinks active.
https://azure.microsoft.com/en-us/documentation/services/active-directory/
Again, you can go to the main document page of any subcategory, but the navigation menu on the left is NOT responsive
Hello
i have a user i deleted from the office365 which sync with azure directory and that user is still able to login to his pc?
Hi,
For azure ad users who has registered for self service password reset with an mobile phone number, how can users change the registered mobile number to another number if they need to? Currently there is only ONE authentication method and no MFA enabled for them. Kindly advise. thanks.
I am trying to authenticate users that have registered in a specific Active Directory through some providers (Google + Microsoft accounts) . I need to do it in Xamarin Forms. Msal library is in Alpha stage and has no documentation yet. So i tried to authenticate registered users via OAuth Wrap protocol -Password token requests.
I would like to ask a few questions. First of all, can i authenticate users with http requests via wrap protocol ?? Or is this auth method available only for administrators ?? What url do i have to place in post request ? Because
https://namespace.accesscontrol.windows.net
authenticates only administrator.
My goal is to take the authentication token for each registered user.
Hi! I want to add a verified domain to my Azure AD and I wonder if this is the right way to do it?
Uri
url = newUri(serviceRootURL);
varadClient =newActiveDirectoryClient(url,async() =>awaitGetAppTokenAsync());
List<ITenantDetail> tD = adClient.TenantDetails.ExecuteAsync().Result.CurrentPage.ToList();
TenantDetailtenantDetail = (TenantDetail)tD.First();
VerifiedDomainnewVerifiedDomain =newVerifiedDomain();
newVerifiedDomain.Name =
"newdomain.company.com";
newVerifiedDomain.Capabilities =
"Email, OfficeCommunicationsOnline, OrgIdAuthentication, Intune";
newVerifiedDomain.Type =
"Managed";
tenantDetail.VerifiedDomains.Add(newDomain);
adClient.TenantDetails.AddTenantDetailAsync(tenantDetail).Wait();
Hi, we are evaluating B2C as an option for our brand sites.
So we have bunch of white-label sites that share a common functionality. The difference is really the view pages where there is some UI customization to suite the different brands.
I have some questions please:
Initially when I looked at this, I thought I can create a single B2C directory for all the sites and a separate application for each brand. Then I found out that the UI customization is for the entire B2C directory and not per app. If correct, then the only option is to create a B2C directory for each site which seems to be a little overwhelming.
Speaking of customization, this article says that the local account sign-in pages can be customized using the company branding feature and not the mechanism described in the article. This is confusing...u mean I can't use the policies customization feature?
In addition, can I customize the email templates? The ones that are sent to clients to verify password for example.
Regards
Khaled Hikmat
Hi all,
I got an error code: 2001 (BROWSER_CODE_CANCEL) when i'm trying to use following code
mAuthContext= new AuthenticationContext(Login.this, Constants.AUTHORITY_URL,
false, InMemoryCacheStore.getInstance());
mAuthContext.acquireToken(Login.this, Constants.RESOURCE_ID, Constants.CLIENT_ID,
Constants.REDIRECT_URL, Constants.USER_HINT, PromptBehavior.Auto, Constants.EXTRA_QP,
new AuthenticationCallback<AuthenticationResult>() {
private static final String TAG = "LoginActivity";
@Override
public void onError(Exception ex) {
if (ex instanceof AuthenticationException) {
Log.d(TAG, ex.getMessage());
} else {
Log.d(TAG, "Authentication error:" + ex.getMessage());
}
}
@Override
public void onSuccess(AuthenticationResult result) {
if (result == null || result.getAccessToken() == null
|| result.getAccessToken().isEmpty()) {
Log.d(TAG, "Token is empty");
} else {
// request is successful
Log.d(TAG, "Status:" + result.getStatus() + " Expired:"
+ result.getExpiresOn().toString());
}
}
}
);
}
who can help me?
Thanks a lot.
So I am trying to connect my device to my Active Directory, I typed in my log in, and I got this:
"Something went wrong
Confirm you are using the correct sign-in information and that your organization uses this feature, You can try to do this again or contact your system administrator with this error code 80004005"
I have configured my AD to "all" in users may join devices to Azure AD, and I also set it to unlimited too, I am also using the correct login and the user is in the AD (Sourced from Microsoft Azure Active Directory) Any idea where I could've gone wrong? Or something I didn't do?
I've been using Azure AD B2B for a while now, it's worked pretty well.
In the last few days though, new invites I've sent out don't seem to be getting created properly. I decided to test myself and send an invite to my personal domain. I went through the signup process, got my access code and entered it.
When getting back to the logging in properly for the first time stage, it indicates there is no account at all.
The error is below. The account appears valid and listed in our Azure AD, but even trying to reset the password indicates it's not a known ID:
Be sure to type the password for your work or school account.
Hello,
I am attempting to set up single sign on with concur using their Azure AD application. The configuration on my end is quite basic (just a few links) but I am now being met with the following error from Microsoft:
AADSTS65005: The client application has requested access to resource '00000002-0000-0000-c000-000000000000'. This request has failed because the client has not specified this resource in its requiredResourceAccess list.
Has anyone resolved this error before?
Thanks,
Dan
Hi,
I have a Office 365 subscription and I understand that I have only a basic Azure Active Directory
I access the Azure AD through the office 365 admin portal, as below
Then I was directed to a registration page, there I can update my details and a phone number, then I can click registered, I want to make it clear that I was not needed to input my Credit Card and no phone verification was prompted, I just enter the Azure portal after I clicked register.
Unlike the portal that I enrolled a trial with another email which provides you most functionality with lots of things to browse.
The portal shown to me is like this:
Ok, I think it is because I only have the free Azure AD.
Then I click to the Active Directory and enroll the trial of AD premium ( my main purpose is to test out the MFA)
To use the on premises MFA, I need to create a a MULTI-FACTOR AUTH PROVIDER,
When I click "Create ...." I simply cannot create one because the option does not appear below
Compare to what I expected.
I have a feeling that it is related to the Azure rights but I get lost at this point and don't know what I can do to get there.
Please help, thank you very much
Hi,
We're developing a native application which requires more than 10 delegated permissions to be added, but it seems there's a number limit on that. If we added more than 10, below error was shown.
Thanks,
Tian
Hi,
I followed the Build service and daemon apps in Office 365 and Performing app-only operations on SharePoint Online through Azure AD document to create a windows console application to communicate to SPO using Azure AD App-only token approach and got the above error message. the following is my steps:
static void Main(string[] args)
{
doStuffInOffice3651().Wait();
}
private async static Task doStuffInOffice3651()
{
string clientId = "[Azure AD application client id]";
string key = "xxxx"; //certificate password
//set the authentication context
//you can do multi-tenant app-only, but you cannot use /common for authority…must get tenant ID
//string authority = "https://login.microsoftonline.com/[tenant].onmicrosoft.com/oauth2/authorize";
string authority = "https://login.windows.net/[tenant].onmicrosoft.com";
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
//read the certificate private key from the executing location
//NOTE: This is a hack…Azure Key Vault is best approach
var certPath = System.Reflection.Assembly.GetExecutingAssembly().Location;
//certPath = certPath.Substring(0, certPath.LastIndexOf('\\')) + "\\O365AppOnly_private.pfx";
certPath = @"C:\OfficeDevPnP.PartnerPack.SiteProvisioning\Certs\OfficeDevPnPCert.pfx";
var certfile = System.IO.File.OpenRead(certPath);
var certificateBytes = new byte[certfile.Length];
certfile.Read(certificateBytes, 0, (int)certfile.Length);
X509Certificate2 cert = new X509Certificate2(certPath, key, X509KeyStorageFlags.MachineKeySet);
//var cert = new X509Certificate2(
// certificateBytes,
// key,
// X509KeyStorageFlags.Exportable |
// X509KeyStorageFlags.MachineKeySet |
// X509KeyStorageFlags.PersistKeySet); //switchest are important to work in webjob
ClientAssertionCertificate cac = new ClientAssertionCertificate(clientId, cert);
//get the access token to SharePoint using the ClientAssertionCertificate
Console.WriteLine("Getting app - only access token to SharePoint Online");
var authenticationResult = await authenticationContext.AcquireTokenAsync("https://xyz.sharepoint.com/", cac);
var token = authenticationResult.AccessToken;
Console.WriteLine("App - only access token retreived");
//perform a post using the app-only access token to add SharePoint list item in Attendee list
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
client.DefaultRequestHeaders.Add("Accept", "application/json; odata = verbose");
string url = "https://xyz.sharepoint.com/_api/web/Lists/getbytitle('TestLog')";
using (HttpResponseMessage response = await client.GetAsync(url))
{
if (!response.IsSuccessStatusCode)
Console.WriteLine("ERROR: SharePoint ListItem Creation Failed!");
else
Console.WriteLine("SharePoint ListItem Created!");
}
Console.ReadLine();
}I was able to get token without any problems. But no matter how I did, I always got the following 401 error message for REST API call:
{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{x-ms-diagnostics: 3001000;reason="There has been an error authenticating the request.";category="invalid_client"
SPRequestGuid: 25eb839d-0020-3000-0b4e-92f6dca2b3aa
request-id: 25eb839d-0020-3000-0b4e-92f6dca2b3aa
Strict-Transport-Security: max-age=31536000
X-FRAME-OPTIONS: SAMEORIGIN
SPRequestDuration: 212
SPIisLatency: 3
MicrosoftSharePointTeamServices: 16.0.0.5326
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
Date: Tue, 07 Jun 2016 20:19:53 GMT
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer realm="6f423eb7-7932-4e19-ae14-fa375038681b",client_id="00000003-0000-0ff1-ce00-000000000000",trusted_issuers="00000001-0000-0000-c000-000000000000@*,https://sts.windows.net/*/,00000003-0000-0ff1-ce00-000000000000@90140122-8516-11e1-8eff-49304924019b",authorization_uri="https://login.windows.net/common/oauth2/authorize"
X-Powered-By: ASP.NET
Content-Length: 453
}}
can anyone point me out what the problem is?Hi,
Currently I am building a web application to integrate OneDrive For Business and I am authenticating my app with 'AzureAD'. I am having some issues with access token. I am not able to get a access token with refresh token.
What is the validity of access token? I know we can get new access token with refresh token, but is there a validity for refresh token?
How long can I keep getting the access token with the refresh token with out asking the user to re-register with my application, can you please provide detailed explanation or link to the blog where I can get all the details
Hi,
I one of my .net MVC, we are using Azure active directory for Authentication. After keep the application page idle for even less then 40 minutes, user is getting 302 error code. On server application is executing 'RedirectToIdentityProvider' code block. As we are using Ajax call, we can't redirect user to login page.
I read that the Access token timeout is 1 hour. Is there any reason why it is expiring in less then a hour or is there any way to increase the token expire time?
Thanks
Ramesh Chandra
Hi,
When I want to create Azure Active Directory service on Azure portal, when I click create button, it redirects me to a page with this content:The Microsoft Azure Portal encountered an error while trying to access your subscription.
I have Pay-as-you-go subscription.
What can be the problem?
Thanks
I've been redirected here from another forum.
My problem is that when I'm trying to add a provided Azure AD account from my company to my windows 10 device I get an error code: 0xcaa2000bafter entering the credentials. I'm still able to access the account online through the office365 section, so I know that the account is active. Having done an online search on the issue hasn't taken me further in terms of solving this issue.
Where should I go from here?
Hi,
We have problems with Azure RMS + SP 2013 On-prem. In
our Pre-production environment, it all works great but in the Production
environment it's VERY slow to download protected files from SP. After
initial download to local PC all works OK but it's the initial download that
could take up to a minute. Same slowness can be observed when trying to view a
protected document in OWA but also here, only the first time.
Pre-prod and Prod used the same RMS connector and the
same Azure AD.
Anyway, anyone have experienced this issue? Any
suggestions on how to troubleshoot this?
Thx,
CJ