Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

User life cycle in Azure AD

May 3, 2019, 3:14 am
$
0
0

Hi

I have the user records stored in an on premise Database. The user accounts are created, deleted and updated in this database. I want these users in DB to be synced to Azure AD. I am looking for ways to do periodic synchronization of these DB users into Azure AD so that if users are created, updated or deleted in DB then those accounts are automatically created, updated or deleted in Azure AD.<o:p></o:p>

Kindly let me know if there are ways in Azure AD  to automate the user synchronization from DB (or a CSV file).


Search

AADConnect - How to list orphaned user objects from O365/Azure AD

May 3, 2019, 12:14 am
$
0
0
Sometimes the deleted objects from On premises AD is not getting deleted from Azure AD. So how do we find the list of orphaned user objects from Azure AD so that we can delete the same.

Regards, Nidhin.CK

Password reset inconsistencies between O365 and Azure portal. Identifying federated domains.

May 23, 2019, 1:20 am
$
0
0 
Hi,
I have some questions around B2B guest accounts.

1. Should we able to reset guest passwords in our Azure AD? We have an option to do so within O365, but AAD says this is not possible. Why is this?
2. Why do guest accounts appear as _hotmail.com#EXT#@contoso.onmicrosoft.com within O365, but @hotmail.com within Azure AD?
3. How can we identify if a partner domain is federated with O365 already?
4. Some of our partners have not completed O365 migration, so they're in a semi migrated state with some users in AAD and others still on premise. This causes issues with B2B. What's the best way to deal with this?
Thanks

How do I solve the error "The signature is invalid" when sending a https request to a web api in Visual Studio?

June 19, 2019, 7:40 am
$
0
0

I have set up a web api in Visual Studio with active directory authentication but when I make a https request with token returned from active directory, I get this error:

Server →Microsoft-IIS/10.0
WWW-Authenticate →Bearer error="invalid_token", error_description="The signature is invalid"
X-Powered-By →ASP.NET
Date →Wed, 19 Jun 2019 14:32:50 GMT
Content-Length →0

Any help would be greatly appreciated.

Thanks

Gareth

 

Dropbox for Business App Provisioning Error - User Hard-Delete

June 21, 2019, 12:08 pm
$
0
0

This a continuation of the following issue:

https://social.msdn.microsoft.com/Forums/en-US/6fa352a1-0888-4dc8-9b18-58bc6b0aacfc/dropbox-for-business-app-provisioning-issue?forum=WindowsAzureAD#af6a59d7-1879-4954-9145-28b8127a66df

In order not to wait 30 days, for the test account to become hard-deleted in Azure AD, I manually, through PowerShell, forced the hard-deletion. 

The provisioning service caught this, but generated a Failure Event, in the Audit Logs, that I do not understand.

---------------------------------------------

STATUS REASON

Failed to process User 'c8915182-7c06-49ef-a5e4-3ab5b60b572e'; Error: Received response from Web resource. Resource: https://www.dropbox.com/scim/v2/Users?filter=userName+eq+"dbmid:AADvyf1vQVr02Hio1zG8kEX4DBE_RaX3PfM" Operation: GET Response Status Code: InternalServerError Response Content: rpc error: code = scim/unknown source = scim/meta_scim_shim/scim.MetaScimShim/UsersGet desc = 'dbmid:AADvyf1vQVr02Hio1zG8kEX4DBE_RaX3PfM' did not match pattern '^['&A-Za-z0-9._%+-]+@[A-Za-z0-9-][A-Za-z0-9.-]*\.[A-Za-z]{2,15}$' . This operation was retried 0 times. It will be retried again after this date: 2019-06-21T17:57:47.9204002Z UTC

------------------------------------------------

then followed up by this one, a short time later:

------------------------------------------------

STATUS REASON

We will attempt to retry an operation that previously failed on User 'c8915182-7c06-49ef-a5e4-3ab5b60b572e'; Error: Received response from Web resource. Resource: https://www.dropbox.com/scim/v2/Users?filter=userName+eq+"dbmid:AADvyf1vQVr02Hio1zG8kEX4DBE_RaX3PfM" Operation: GET Response Status Code: InternalServerError Response Content: rpc error: code = scim/unknown source = scim/meta_scim_shim/scim.MetaScimShim/UsersGet desc = 'dbmid:AADvyf1vQVr02Hio1zG8kEX4DBE_RaX3PfM' did not match pattern '^['&A-Za-z0-9._%+-]+@[A-Za-z0-9-][A-Za-z0-9.-]*\.[A-Za-z]{2,15}$' . This operation was retried 0 times. It will be retried again after this date: 2019-06-21T17:57:47.9204002Z UTC

DETAILS

ResourceType: User Identifier: c8915182-7c06-49ef-a5e4-3ab5b60b572e Matching value: dbmid:AADvyf1vQVr02Hio1zG8kEX4DBE_RaX3PfM Modification: Delete Fault: ErrorCode: SystemForCrossDomainIdentityManagementInternalServerError, ErrorSource: None, ExceptionMessage: Received response from Web resource. Resource: https://www.dropbox.com/scim/v2/Users?filter=userName+eq+"dbmid:AADvyf1vQVr02Hio1zG8kEX4DBE_RaX3PfM" Operation: GET Response Status Code: InternalServerError Response Content: rpc error: code = scim/unknown source = scim/meta_scim_shim/scim.MetaScimShim/UsersGet desc = 'dbmid:AADvyf1vQVr02Hio1zG8kEX4DBE_RaX3PfM' did not match pattern '^['&A-Za-z0-9._%+-]+@[A-Za-z0-9-][A-Za-z0-9.-]*\.[A-Za-z]{2,15}$' , Exception: , Scope: None, TenantActionable: False, Transient: False Creation time: 2019-06-21T17:57:47.9204002Z Processed this many times: 0 Origin: Source EscrowType: EscrowedEntryDefault

-------------------------------------------------------------

 

How to get access token through REST assured ?

June 20, 2019, 8:08 pm
$
0
0 
("Auth URL", AUTHORITY1)("Access Token URL", ACCESSURL)("Client ID", CLIENT_ID)("Client Secret", CS)("Scope","read")("Grant Type","Client Credentials")
Where and how to find these values?

Azure B2C Pricing

June 20, 2019, 9:37 pm
$
0
0

Hi, 

We are trying to figure out pricing option for Azure B2C. Few questions:

1. Is it possible to have access_Token expiry time set to 30 days(without usage of refresh token) 

2. If we use Azure B2C as IDAM for securing Azure APIs, does the token validation (offline or online) is also charged by Azure B2C? 

3. If we have refresh token setup for 90 days and we use it to request for access token (if point 1 is invalid), will it be charged? 

4. If accesstoken is setup for 24 hrs and we use refresh token for fetching new access token, will it 2 authentication request on Azure B2C. 

Regards,
Mohit

Get-AzRoleAssignment : Exception of type 'Microsoft.Rest.Azure.CloudException' was thrown.

June 20, 2019, 11:11 pm
$
0
0

I am trying to use the cmdlet Get-AzRoleAssignment using a service principal as advised. But I am receiving an error when doing this: Exception of type 'Microsoft.Rest.Azure.CloudException' was thrown. 

I tried to add API Graph permission but that did not help, maybe I am missing something but I can't find the requirments for this cmdlet.

I already added:
Besides the API permissions the account is owner and is able to perform other cmdlets without error.

Version:

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Cmdlet          Get-AzRoleAssignment                               1.3.0      Az.Resources

Bart Scheltinga | www.bartsp34ks.nl | MCSA


Search

Authentication on Azure Functions for various client

June 11, 2019, 8:54 pm
$
0
0

I am trying to build an app, exposing its services ONLY via Azure Functions

1. Without any ASP.NET Web pages (for now).

2. Support external login such as Google and Facebook.

3. Supports mobile devices (google and iOS) and other devices via javascript (post/get).

All is good, except when it comes to authentication. I found quite some articles, some of which contains obsolete information as the platform continues to evolve exponentially. There are Identity platform V1, Identity platform V2.0, Azure AD, AD B2C and a few more different terms. Given my situation, which should (and should not) I be looking at?

User deleted then the UPN changed to EXREMOVED when it was restored

January 16, 2017, 7:52 am
$
0
0

Greetings,

I  am auditing the Restore User event in Azure and I deleted a user.  Then I restored the user and when I look at the event and Restored User, the UPN was set to   EXREmoved  with what looks like an attached GUID instead of its proper name.

I deleted a number of users and restored them and they all come back fine with the proper UPN except for this one.

Has anybody seen this or have an answer as to why it happened? 

Thank you,

Brian

Changing my OWA redirect notice for office365 migrated mailboxes

June 22, 2019, 8:24 am
$
0
0
When I first set up my azure account I did with the username jimbo@mydomain.com - I removed that account from azure however when I set up hybrid migration for users going to the old server for email, they get this notice - 
Use the following link to open this mailbox with the best performance:
 outlook.com/owa/jimbomydomain.onmicrosoft.com
More details...

Is there a way for me to change that so that the notice for a migrated mailbox that should go to office365 gets this from exchange?  /outlook.com/owa/mydomain.onmicrosoft.com or  outlook.office365.com ?

Hybrid set up, have all email travel through MS and not go through my on prem server?

June 22, 2019, 8:28 am
$
0
0
If I have a hybrid set up, is there a way to have all traffic for accounts on the cloud to pass only through MS and not go through my on prem server?   Right now if I send email from a migrated mailbox, I noticed when looking at the header on a received email from that account that the email is going through our exchange server.   I'm concerned about if our internet is down and that user is remote but wants to be able to send email.

After installation of AADConnect when login in to office 365 services account name is local AD account name, not email address

June 22, 2019, 9:35 am
$
0
0
I installed AADConnect with password hash synchronization to synchronize local AD passwords and Office365 passwords. Everything works fine, except when users login in to office 365 services they must use their local AD account name instead of the email address, e.g., email address is typically: firstname.lastname@companyname.com, but local AD account is something like: username@ad.companyname.com. Is it possible to change the configuration so that users could use the email address instead of the local AD account name?

365 migration cleanup?

June 22, 2019, 8:31 am
$
0
0

Hello,

If I have a hybrid config, are there any dns changes or things in office365 and or exchange I should do that email flows to office365 first instead of to my on prem email server?

Error message - Your organization has deleted this device. To fix this, contact your system administrator and provide error code 700003.

June 18, 2019, 8:39 pm
$
0
0

Hi,

I think I'm the administrator, however I have no idea what this means. I did have to recently apply an update to Office 365 apps on the desktops and laptops our small business has.

It seems that through that process I managed to delete my work desktop from being recognised as an 'official' work computer by our organisation.

It seems that I need to someow go into Azure Active Directory and get the device readded. However, it seems that the options that should be selected are selected.

Thank you for any assistance.

Russell

Search

Does Windows Azure supports OAuth 2.0 SAML Bearer Assertion Flow??

April 2, 2015, 4:10 am
$
0
0
Does Windows Azure supports OAuth 2.0 SAML Bearer Assertion Flow, in which SAML assertion can be used to request an OAuth access token when a client wishes to utilize a previous authorization.

Is it possible to convert a SAML token (assertion) to OAuth 2 JWT access token?

February 10, 2019, 2:04 am
$
0
0

We are exposing some APIs which are protected by checking for OAuth2 access tokens.

Some clients should access these APIs but apparently their easiest authentication with Azure-AD is using some module based on SAML (the apps are built on Mendix platform). 


Is there a way for them to obtain a JWT access token for a user whoch has been authenticated using SAML?



No verification code sent to new guest user in Azure Active Directory

June 23, 2019, 5:54 am
$
0
0

I'm newbie to Azure and not sure if I posted to the right forum. Please advise if it should be changed.

I created a new guest user in Azure Active Directory using OTP for user login. I'm confused why users from an organization got the verification code, but the other not, though I didn't change any setting. In addition, in the first organization that it sent OTP to some users, even in the same organization, some users were assigned as an External Azure AD, The OTP setting is as below.

SAML 2.0 Custom Attributes

June 7, 2019, 12:03 pm
$
0
0

We are using Azure as IDP server.

In User Attributes and claims.

I have added claim like that

firstname -> user.givename

But in SAML Response 

<Attribute Name="http://schemas.microsoft.com/identity/claims/firstname"> <AttributeValue>umesh</AttributeValue> </Attribute>

But I want only firstname as a key like that

<Attribute Name="firstname"> <AttributeValue>umesh</AttributeValue> </Attribute>

is it configurable?

while same settings is working MS ADFS

Thanks in Advance

Umesh

How to configure AzureAD SSO to send Nameid using "unspecified" format in SAML token

April 30, 2018, 3:49 pm
$
0
0
For a SaaS application, below NameID value is passing in the SAML claim "

<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">robjo@phi.com</NameID>"

I need help in changing name id value to unspecified which is a requirement for it to authenticate however in Azure application SSO blade, there is no option to change the 'User Identifier' attribute, so it can pass value as unspecified. 

Where in Azure I  can change the  Name ID (User Identifier) to make this change? 

Thanks in advance,

Alex


Alex

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>