Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Change autogenerated UTF-8 %userprofile% path when logging into Windows 10 with Azure AD credentials

August 21, 2019, 3:16 am
$
0
0

Hi all

As a developer, I'm testing out various frameworks and what not. However surprisingly, an increased number of them break when the user profile path includes a UTF-8 character - in my case ø. Finding workaround for each case is super unproductive, so I want to change my name or the path at least :)

When logging in on a fresh machine (Windows 10) for the first time using my Azure AD account, I'm automatically allocated my full name (without spaces) as the %userprofile% path, so c:\users\SørenOxenhave\. Naturally, I could change my display name in Azure AD and then get an ASCII compatible path, but I feel like there should be another solution like fallback to first part of my email address or likewise.

Can I do anything in the Azure AD setup, or my profile setup or on the local machine to change this?

I appreciate any help.

Thanks!

Søren

Search

Configure AAD Sync Error

September 2, 2019, 7:32 pm
$
0
0

Hi all

I had a sucesfull conectivity with my domain controller and aad, after reinstall my domain (on-premise) appears this msg, I checked my MFA in azure and portal.office365 and all is disable

what is the problema, my tenant is comunidadwindows10.onmicrosoft.com

Octavio Rdz thanks in advance

Okta Migration to Azure AD

June 15, 2016, 8:38 am
$
0
0

Hello

I have a customer that is evaluating the possibility to decommission Okta and move to Azure AD.

I haven't found any guidance or best practice about how to migrate from another identity management providers to Azure AD.

One specific customer question is related to users and groups that have been provisioned in SaaS applications such as Box, once  Box is integrated with Azure AD will be able to recognized and managed the users and  groups that were provisioned by Okta?.

Thanks

 

azure pass account expiry date

September 4, 2019, 4:47 am
$
0
0

any one know where kan i find the expiry date in azure pass account?

Azure AD Conditional Rule

September 4, 2019, 5:27 am
$
0
0

I'm setting up a conditional rule, but when I get to the "Conditional" option it is greyed out, how do I fix this



Cookies not clearing on sign out

September 3, 2019, 8:26 am
$
0
0

Hi,

I'm using this code to sign out of my ASP.net Website.

string callbackUrl = Url.Action("SignOutCallback", "Account", routeValues: null, protocol: Request.Url.Scheme);

            HttpContext.GetOwinContext().Authentication.SignOut(
                new AuthenticationProperties { RedirectUri = callbackUrl },
                OpenIdConnectAuthenticationDefaults.AuthenticationType,
                CookieAuthenticationDefaults.AuthenticationType);

It is running in an Azure App Service/App Registration using the AD from my Azure domain to authenticate the user.

The entire project is based of the template provided in Visual Studio 2019 when you select New Project/ASP.NET Web Application and select Work or School Accounts and Cloud - Single Organisation for authentication and select my domain from my Azure account.

The problem is when you select Sign Out on my web page, this code runs and you see the Microsoft page to log the user out but when I browse back to my website I am still logged in. It doesn't seem to clear the cookie from the browser.

Thanks in advance for the help. 

How to delete saved Bitlocker recovery keys from Azure AD device objects?

September 2, 2019, 11:55 pm
$
0
0

I use Azure AD and Intune, which automatically encrypt my AAD joined devices with Bitlocker and back up the recovery keys to Azure AD, accessible from the Azure AD device objects. 

That is great, but I can't seem to find any button to delete these keys after hard drive changes, re-imaging, decryption/re-encyption etc, which cause additional recovery keys to be uploaded but the old ones not automatically removed. 

This causes duplicate/stale keys on some devices. I understand that it is easy to tell which keys are good via the Bitlocker drive ID, but I'd imagine there should be a way to remove them if needed without deleting the entire device object.

Any information on this would be greatly appreciated.

Authentication and consent

September 4, 2019, 8:11 am
$
0
0

Hello,

We have a Azure Web App that we're trying to set up for authentication.

We're trying to use Enabled for users to sign-in = Yes and User Assignment Required = Yes.

When we do this it says it requires admin consent.  The only permission we're trying to use is Sign In and Read Current User's Profile, which doesn't specifically require admin consent.

If we turn off the User Assignment Required it works by allowing the users to grant consent, but we can't control who has access.

Does anybody have any insight on how to get the authentication to work so we can control the access, but not use the admin consent?  Our Azure is managed by a parent organization and we don't have full administrative rights into the Azure portal.

Thanks,

Luke Brandt

Search

In Azure AD, SCIM delete call does not happen when user is unassigned from the app

September 4, 2019, 8:33 am
$
0
0

Scenario:

User is assigned to a SCIM enabled app in Azure AD. Enterprise admin unassigns the user from the app. In this case, SCIM delete call should go to the app provider. Azure AD logs it as"soft delete " but SCIM api call doesn't happen. 

Is this a bug? If not, what is the reason of doing so & how app provider will know that user's permission has been modified.


Demote Windows Server Active Directory

September 4, 2019, 8:56 am
$
0
0

Hi,

I have configured the full hybrid setup (Azure AD, Windows Server Active Directory with Azure AD Connect and Azure AD Domain Services).

Is it possible to remove AAD Connect and demote the Windows Server Active Directory, so only the Azure AD with Azure AD DS is left?

Regards

Azure App registration: OpenIDC

September 4, 2019, 9:06 am
$
0
0

I am trying to integrate UIpath Orchestrator application.

I have registered app with test which works fine however for Production they have Redirect URI of Load balance which has two node. Nothing is happening when we click on Azure button on application page. Any clue how to proceed with troubleshooting ?

Thanks in Advance  

Utilizing SSO for an External Application for B2C Users

August 29, 2019, 12:04 pm
$
0
0

I've got a B2C tenant created and would like to allow the users in my B2C tenant to SSO to an external application (I don't manage or host). The external application has support for setting up SSO using SAML.

https://stackoverflow.com/questions/47324231/how-to-configure-sso-for-azure-ad-b2c implies that you could set this up the same way you would on a normal AD instance, via creating a Non-Gallery Enterprise Application. However if I try and do that it says that I need a premium Azure license to create the Enterprise Application. I was not successful in trying to acquire a premium license and am thinking maybe that's because this is a B2C AD instance maybe it is not even possible to get a premium license for a B2C AD instance. Before pursuing further, is it possible to get a premium license for a B2C AD instance and if so, would getting that allow me to setup the SSO to the external application? 


Passwordless Authentication with AD using Yubikey (FIDO2) on Linux without browser

September 4, 2019, 11:11 am
$
0
0

Hi,

I'm trying to use Yubikey to authenticate to AD using FIDO2. And I want to do this without a browser but through Yubico's host library. Can this be done? And can this be done on a Linux machine instead of Windows?

 

Are there any endpoint or WebAuthn server to use in order to connect with AD?

Thank you so much.

Best,

Zoe

 

Trailing slashes in the Application ID URI for App Registrations

September 4, 2019, 11:19 am
$
0
0

Previously we were able to register apps with a trailing slash in the Application ID URI, as I still have several applications that have the trailing slash. Now we are unable to register new applications with a trailing slash. We have a large number of clients that already have a trailing slash so asking them all to change this isn't possible. Is there a workaround to get a trailing slash in the Application ID URI? I can't seem to find one so I'm wondering what can be done.

The error message that is shown when you attempt to leave a trailing slash on the URI is:

The application ID URI must be a valid URI starting with HTTPS, API, URN, MS-APPX. It must not end in a slash.

Passwordless log in problem with Yubikey (wrong length of UserHandle)

September 4, 2019, 11:32 am
$
0
0

Hi, 

 

I tried to use Yubikey to log in following this documentation (https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#user-registration-and-management-of-fido2-security-keys)

The link to enable the security key doesn't work. https://myprofile.microsoft.com

I got these errors: 

If not logged in the user:

"User account does not exist in tenant 'Microsoft Services' and cannot access the application '8c59ead7-d703-4a27-9e55-c96a0054c8d2'(My Profile) in that tenant. "

If user already logged in:

"Oops, seems  like the organization you tried signing into hasn't activated the new profile experience at this time. Please contact your admin for more information."

Then I figured to register Yubikey with this link https://account.live.com/proofs/Manage/additional

But I can successfully logged in with Yubikey if I put in the username while failed to logged in when no username given. Although when no username given and plugged in Yubikey, the browser will pop out to ask me to choose a user. Then I got the following error: "Length of userhandle not correct. "

So, my questions are: 

1. What is the New Profile? How should I activate it?

2. Why the log in will work with the username put in but not when without the username even though we can choose the user?

I noticed the documentation are being updated constantly these days. Can someone help me to answer this? Thank you so much.

Best wishes,

Zoe

Search

Problem with Single Sign-On on SharePoint

September 4, 2019, 3:56 pm
$
0
0

ok, im following this guide: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/sharepoint-on-premises-tutorial

but i can make it work, it displays me this error: Sorry, but we’re having trouble signing you in. AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding. sharepoint

1- I think im configuring something bad in the $realm variable, so can you tell me what i need to put in it?

2- is there something im missing?

3- my site it's local, so i think i cannot test it via web

Yordy Corrales

AD B2C Custom Policies App/Object Id externalization

August 30, 2019, 12:21 am
$
0
0


Is there a way in which we can send IEF , Proxy IEF App id, graph api extensions app  ids ,  or any user defined variables constant for an environment as input parameters to the policy or may be in the Top header <TrustFrameworkPolicy> Tag and use across the policy

Something like in For example : <TrustFrameworkPolicy>has  tenant id and the same is used in the policy in the following syntax {tenant} 

Trying to associate Office 365 Azure Active Directory with existing Azure account.

September 3, 2019, 9:50 pm
$
0
0

I'm trying to associate our Office 365 Azure Active Directory with our existing Azure account and all the documentation (https://docs.microsoft.com/en-us/graph/associate-account) I see online says that you have to select the Active Directory node, then select the Directory tab and, at the bottom of the screen, select New. But I can't find those options. First I don't see an "Active Directory" node, so I have been working with "Azure Active Directory" instead. Second, I can't find a Directory tab or a New button under "Azure Active Directory" menu. As I continue through the steps, I can find options that are similar, (ex: "Create a directory" instead of "Custom Create") but none get me to where the instructions say I should end up.


OAuth02 on azure API management

September 2, 2019, 7:17 am
$
0
0

Hello 
I try to generate azure api mangment  for function on azure function app and its work fine but i need to apply OAuth02 becouse security i went to OAuth02 on portal and put this value:

Client regestration page url : https://placeholder.contoso.com

Authorization grant types: Authorization code

Authorization End point :https://login.microsoftonline.com/********/oauth2/authorize

Token End Point :https://login.microsoftonline.com/ ********/oauth2/token

Authorization request method:GET

Client authentication methods: in the body 

Client credentials:*******
Client Id:*******

and on final i make save  i need to know what i need to change to work authentication

Thank you

Read only access to only available Virtual machines in azure portal

September 4, 2019, 10:43 pm
$
0
0

Hi,

Is it possible to provide Read only access to only available Virtual machines to a user in azure portal. The user wants to check how may VM's present at a point of time and check the VM's set up.

I knew that we can provide read access to Resource groups, but didn't find any article specifically providing access to only VM's.

Thanks

shravani

shravani

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>