Hello All,
I have created B2C Signin Policy using B2C default policy( from screen, not a custom policy) in development environment. Now I want this policy to move to different Environment say Quality Environment. How to copy all configuration of B2C Signin policy of Development to Quality environment?
We are building a service where we use AAD to authenticate users. We also have the need to read the groups the user is member of from AAD, so that we can resolve the permissions the user should have in our system (we shadow some of the groups from AAD in our system and have system specific permissions stored on our side). However, what we face is that to query AAD for the permissions of the user, it seems our app needs to have permission of reading all groups (full directory) in AAD.
Question is, how can we make our app privileged in AAD to only read certain groups from the directory?
Running the Register-AzureADPasswordProtectionProxy cmdlet returned no errors, but my Agents were reporting no registered proxy service found.
Enabling the Trace log and re-running Register-AzureADPasswordProtectionProxy returns the following error:
ProxyCertificatesPopulator: Microsoft.DeviceRegistration.JOSE.JoseException: The certificate validator indicated that the signingCertificate is not trusted
at Microsoft.DeviceRegistration.JOSE.JWSHelper.ValidationWorker2(String JWS, X509Certificate2 expectedSigningCert, ICertificateValidator certValidator, X509Certificate2& signingCert, Byte[]& payload)
at Microsoft.DeviceRegistration.JOSE.JWSHelper.ValidateSignature(String JWS, ICertificateValidator certValidator, String& payload) at ServiceCommon.Converters.ProxyCertAndChainConverter.Convert(ProxyCertAndChainSerialized proxyCertAndChainSerialized) at
ServiceCommon.ServiceInfrastructure.DataPopulatorServiceComponent3.UpdateCurrentPublicDataIfNecessaryWorker(FileContentAndPath1
latestContent, Boolean fromBackup) at ServiceCommon.ServiceInfrastructure.DataPopulatorServiceComponent3.UpdateCurrentPublicDataIfNecessary(FileContentAndPath1
latestContent, Boolean fromBackup) at ServiceCommon.ServiceInfrastructure.DataPopulatorServiceComponent3.PopulateDirectoryFiles()
at ServiceCommon.ServiceInfrastructure.DataPopulatorServiceComponent3.HandlePopulateDirectory(Object state, Boolean timedOut)
Proxy and AD servers are 2012 R2 with latest updates, including the Universal C update. AD is using DFSR replication.
Hello, I'm new to Azure and I want to make it clear about AAD B2C.
I'm creating a web service which includes user login so I created a new tenant of AAD B2C to manage users' accounts.
I found out that since I've created a new directory, there are no resources like Blob Storage that I created in the original directory.
I want to make it clear that which is more common for the development.
a) AAD B2C directory is used for the users' management only and create other resources in the original directory.
OR
b) Create all resources in AAD B2C directory for the same service.
I'm sorry my explanation is not good, so ask me if you don't understand what I want to say.
Hi,
I am new to Azure and cloud, We have a requirement to move all my on-premises users to cloud, can anyone please suggest us the best process to migrate.
Requirment:
Thank you,
Uday
Trying to access my new Lynda LinkedIn Learning using my account I have the following error:
Sorry, but we’re having trouble signing you in.
Please advise.
fim*****@gmail.com
frm****@live.com
Hi
I am using my student email and when I go into active directory it appears to have synced up with the college and has all the colleges emails and groups migrated over. I have sent them an email to explain this but for me this means I can't create or delete anything as my permissions from the college have carried too.
My question is if there is a way to safely remove all this data from my azure active directory so I can carry on with the practical aspects or should I just wait until the college implement a fix to this as quite a lot of information has been carried over that I would hope they will be trying to prevent it from sharing.
Also I cannot add a custom domain either.
Thanks
Gary
Hi Microsoft Azure Team,
I have an .NET Core 2 solution with 2 Projects. 1. SPA 2. Web API (Both will be hosted into Azure Web Apps later)
I am using Azure AD B2C with MSAL.js to login to the SPA and call the authenticated endpoints in the Web API project.
I would be converting the SPA to a Progressive Web App later.
As per the documentation, after the user logs in to the SPA, acquireTokenSilent can be used for making subsequent calls to the Authenticated endpoints.
I am able to login to the SPA, and use acquireTokenSilent to get the access token and able to call my Web API endpoints in the Web API project.
My problem is the acquireTokenSilent is taking 4 - 5 seconds (from my local development machine, js are not bundled yet) to get the access token.
I will be testing after deploying these both as Azure Websites (with JS bundled) at a later stage.
Will I face this performance lag after bundling the JS files and deploying in Azure?
Kindly advice for performance improvement, since this is making my app very slow.
Hi,
I have added an enterprise app manually and have enabled single sign on. Single sign on works through the applications website, but not through the applications app on the iphone and android. Is there a setting to allow an app to use single sign on?
Thanks
Shane
We have a federated domain using OneLogin cloud directory for Identity Management. There is no active sync between AAD and Onelogin, so we synchronise the 2 directories by manually adding the Immutable ID to OneLogin Cloud Directory.
Our user is successfully authenticated by OneLogin, but cannot access O365.
Error message: AADSTS51004: To sign into this application the account <ImmutableID> must be added to the directory ___?
This issue just occurred as of Thursday 17th Aug. Before this user worked perfectly.
Help would be greatly appreciated.
Hi I would like some help setting up a Hybrid AAD Join environment.
1. I have got a domain and some domain joined workstations that I want to make Azure AD registered too.
2. I have created a SCP
Now I want to be able to add them to Azure.
I cant see the option under account settings in Windows 10.
Please help.
Thanks
Hello,
I am using Azure Hybrid AD Joined, which is working fine to connect the device to Azure. But when I run the commanddsregcmd /status the user state does not join unless the user is local admin.
Is it possible to connect the user without them being Local Admin?
I have an internal corporate web app that needs to access corporate SharePoint Online. I want to call OAuth2 to take the user through the authentication process so the web app can retrieve an access_token and then call the Microsoft Graph API. I am using Django 1.11/Python 2.7.
I have registered the app in the corporate Azure Portal, but when I call the /authorize endpoint the user sees what appears to be the wrong login page. I expect the user to see a page that shows the app's name and permissions, but all the user sees is a basic sign-on page. Moreover, when the user enters his corporate email address he sees an error that says “There was an issue looking up your account”. The user has been added to the register app's "Users and Groups".
As far as I can tell, everything is configured correctly.
I have Googled this like mad, but not found any help.
UPDATE: When called from a proper server, the call to /authorize is working correctly on IE11, but failing as described above on the latest Firefox and the latest (Windows) Chrome. When called from a local server (i.e.,http://127.0.0.1) the call to /authorize fails as described above on all browsers.
UPDATE 2: It turns out the call to /authorize from a server is NOT working correctly on IE11. After Grant Permission is selected, I am getting an "invalid parameters" error.
Any suggestions would be greatly appreciated.
Thanks.
Hi,
I'm having trouble with old removed roles which I deleted in AWS IAM: they do not get removed from Azure.
When I assign a role to an Azure User within the enterpreise app it still shows the roles which I deleted 10 days ago.
The provision tab says, it only synced 12 Objects (roles), but the role tab includes 20 objects - 8 roles were deleted.
We recently converted one of our .NET applications from WIF to Azure AD authentication. Under WIF, the IIS logs contained the username in the traffic so that we could crawl the logs and generate usage analytics.
Under Azure AD, anonymous authentication is needed in order for it to work. Our IIS logs now show "-" as the user and our analytics engines are not reporting proper data.
Is there a way to re-integrate the use of Azure AD to add the user back to the IIS logs?
hello I have a free azure account . I would like to add azure active directory services subscription.
can anyone share the steps?
Azure AD has Source property. The Graph API return user profile which does not has Source.
How can I access this property in code?