Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Not able to create subscription in multi tenant

November 22, 2019, 5:57 am
$
0
0

Hi...

Have created an multi tenant app in Azure.

Am fetching authorization code.

Am fetching access token using this authorization code

Now am unable to create subscription using this oauth token.

Using this oauth token am able to fetch users from 2 different tenant. But am unable to fetch messages and create subscription.

Please let me know if there is any specific permission we have to give in our app to create subscription and get messages in multi tenant use case

Note: This application in azure works perfectly fine for single tenant use case.

Am getting below error

"error": {
    "code""InvalidRequest",
    "message""Subscription validation request failed. Must respond with 200 OK to this request.",
    "innerError": {
      "request-id""d68aa439-904e-41dd-9b8b-4d3ea3269f1b",
      "date""2019-11-22T13:46:42"
    }
  }

Search

Subscription Change Directory

November 22, 2019, 6:30 am
$
0
0

Hi

I want to change a SubscriptionA from AzureTenantA to AzureTenantB via Subscription Change Directory.
UserA has The Role Assignment Owner on SubscriptionA and is also a Global Admin on AzureTEnantA.

I have added UserA as guest in AzureTenantB. What kind of permissions do I need to assign UserA in AzureTenantB?

I have read the:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory

Giving UserA Global Admin on AzureTenantB enables me to use the Change Directory (I can see the destination directory now). But is Global Admin required?

brgs

Bjørn Roalkvam

On-premise application published on Microsoft Azure AD "Myapps"

November 22, 2019, 7:12 am
$
0
0

What will be the best way to publish a «on-premise» application into Azure AD «MyApps»?

1- Using the Application Proxy?
2- Create a VPN betwenn Azure and customer site?
3- Put the application in front of the Internet through Firewall and WAF? 

We need to consider about 5000 simultaneous users during peak periods.

I know which one is my favotite, but I need the opinions of others... 

Many thanks.

Martin R.

Azure AD - MFA Unblock Fraud Alert Users without Global Admin role

November 15, 2018, 12:01 pm
$
0
0

Hi Team,

Is there any specific directory role for accessing MFA authentication page in Azure AD except Global Admin role ?

How to unblock user from MFA fraud alert user without Global Admin role ?

MFA setup is Cloud only this is not On-premises environment.

AD B2C: Keep Me Sign In expiration time for built in sign in signup flow

November 22, 2019, 8:02 am
$
0
0

Hi,

What is the expiration time for Keep Me Signed In (KMSI) cookie for the built in Sign/Sign Up user flow in AD B2C?

I've tested the functionality on a built in flow and it doesn't seem to remember me and it's logging me out after couple of minutes, and I can't see any additional cookie being created if the KSMI is checked.

Thanks


Need azure login user Details in our MVC web application

November 22, 2019, 9:32 am
$
0
0
One of my web application is Configured of App Service app to use Azure AD login, We need azure login user Details in our web application, Please suggest us how can we get login user details ?

aka.ms logon for Ingite information

November 22, 2019, 12:05 pm
$
0
0

I have probably a really unique issue. Several years ago, I created a Live.com account with my work email address. Then, our company moved to O365/Azure using our on-prem UPNs. They were then associated with our corporate email addresses. When I log in to the Ignite page with my non-federated email address, I see my scheduled, etc. just fine. When I try to log in to aka.ms to get the resources from Ignite, I get this error:

AADSTS50020: User account 'emailaddress from identity provider 'live.com' does not exist in tenant 'Microsoft' and cannot access the application '405e80fc-f8e6-40e6-b6b9-e5bcc7e6813e'(RedirectionUxProd) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Any way someone could help me?

Roles Missing from Token

November 21, 2019, 7:20 am
$
0
0

I have setup an app and provided delegate permissions for Mail.Read.Shared and Mail.ReadWrite.Shared.  The token I get back from baseUrl/{tokened}/oauth2/v2.0/tokendoes not contain any roles.  Can you tell me what is causing this?

Thanks,

Samuel

Search

Azure SSO Claims Attribute Transformation

November 21, 2019, 5:43 am
$
0
0
I am looking at configuring SSO for a Gallery App, and have hit a upon an issue with the unique identifier.  The preferred unique identifier for the application is email address, but it doesn't accept certain special characters, one of which is apostrophe.  This causes a problem as we have a number of users that utilise this character within their email address.  Is there a way of transforming user.mail Daniel.O'Donnell@Ireland.net to Daniel.ODonnell@Ireland.net (removing the ')?

Yubico and Microsoft now enable you to forget passwords with the YubiKey and Azure AD

November 23, 2019, 2:24 am
$
0
0

Hi,

Does anyone have this working with Azure AD? 

I have been researching and trying to get it setup. I was able to enable it for webbased apps, like Portal.office.com and Portal.azure.com. So I can assume that most part is setup correctly. (Yubikey 5)

When I try to use it on the windows lock screen, it complains about "no valid certificate has been found". I do have a certificate, and it came from Azure AD security settings setup.

I hope someone can send me into the right direction. 

Regards

Michel

Azure App - AcquireTokenByUsernamePassword

November 23, 2019, 11:35 am
$
0
0

Hello. I'm attempting to log into my App that is registered in Azure. If I get the username or password incorrect I get the appropriate message that the user is unknown or the password was incorrect. However, If I enter the credentials correctly I receive the below message and stack trace.

I am using Unity to interact with the libraries. I have followed the examples online but I am still having issues with logging in correctly. Has anyone seen the same issue and what did you do to get it working?

Thanks for helping

---------------------------------------------------------------------------------

 Response status code does not indicate success: 406 (NotAcceptable). ---   

at Microsoft.Identity.Client.WsTrust.WsTrustWebRequestManager+<GetMexDocumentAsync>d__2.MoveNext () [0x00103] in <be6702be34b4420fba044c42668ddcee>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () [0x00000] in <567df3e0919241ba98db88bec4c6696f>:0 
  at Microsoft.Identity.Client.WsTrust.CommonNonInteractiveHandler+<PerformWsTrustMexExchangeAsync>d__5.MoveNext () [0x00093] in <be6702be34b4420fba044c42668ddcee>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () [0x00000] in <567df3e0919241ba98db88bec4c6696f>:0 
  at Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest+<FetchAssertionFromWsTrustAsync>d__4.MoveNext () [0x00165] in <be6702be34b4420fba044c42668ddcee>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () [0x00000] in <567df3e0919241ba98db88bec4c6696f>:0 
  at Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest+<ExecuteAsync>d__3.MoveNext () [0x00159] in <be6702be34b4420fba044c42668ddcee>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () [0x00000] in <567df3e0919241ba98db88bec4c6696f>:0 
  at Microsoft.Identity.Client.Internal.Requests.RequestBase+<RunAsync>d__14.MoveNext () [0x001d7] in <be6702be34b4420fba044c42668ddcee>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () [0x00000] in <567df3e0919241ba98db88bec4c6696f>:0 
  at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor+<ExecuteAsync>d__5.MoveNext () [0x000bb] in <be6702be34b4420fba044c42668ddcee>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <567df3e0919241ba98db88bec4c6696f>:0 
  at System.Runtime.CompilerServices.TaskAwaiter`1[TResult].GetResult () [0x00000] in <567df3e0919241ba98db88bec4c6696f>:0 
  at MSTeams+<>c+<<Start>b__0_0>d.MoveNext () [0x002aa] in D:\Refinitiv\Eikon\Assets\Scripts\Behaviors\MSTeams.cs:51 
UnityEngine.Debug:Log(Object)
<<Start>b__0_0>d:MoveNext() (at Assets/Scripts/Behaviors/MSTeams.cs:63)
UnityEngine.UnitySynchronizationContext:ExecuteTasks() (at C:/buildslave/unity/build/Runtime/Export/Scripting/UnitySynchronizationContext.cs:104)



Azure Application Users and Roles

November 24, 2019, 1:14 am
$
0
0

Through Powershell, I can list all the users who are assigned to a Azure application. But how can I list all the users assigned to an Azure Application, as well as which roles these users belong to in the application? It seems I can either list all the users assigned to an app or list all the roles for the app, but haven't find a way to list them together, to show all the users and which role in the app each user belongs to, through Powershell? Thanks in advance.


AADSTS65001 error trying to access mt Web API from Angular client

November 15, 2019, 8:58 am
$
0
0

Hi

I have and angular project talking to .Net Core 3.0 Web API, authentication Azure AD.  Apps setup for both, have followed instructions to expose API and then Grant Permissions.  Client app logs in successfully but get this error at the point it trys to call my web api.

Anyone got any ideas?

Regards

Mike

Move AAD connect server from on-premise to Microsoft Azure.

November 1, 2019, 1:08 am
$
0
0

Hi 

I have two question in my mind:-

1.what is the process if moving the server? 

2.what we need to check from on-premise side for smooth movement?

Please help me to understand for smooth movement.

Azure AD Domain services from pay-to-go migrate to CSP

November 6, 2019, 12:18 am
$
0
0

Hi all,

Since my company is using the Azure Active Directory (AD) Domain Services, VPN , O365 account and one File server VM at the azure with pay-to-go payment method. Can i move/migrate these service to the Azure Cloud Solution Providers (CSP).

Thanks all reply.

Search

Problem with Azure AD password Writeback

November 18, 2019, 6:31 am
$
0
0

Hi

I've connected my AD with Azure AD connect. accounts are well synced from AD on premise to O365. I've added the password writeback, activated all opptions and licenses. But when I try to reset from reset website.I have the message that the onpremise is not reachable.

We could not reach your on-premises password reset service. Check your sync machine's event log

sometimes it works and says that I don't reach password complexity (just 6 characters.).

that's strange. When I changed from AD to O365 it works fine. is there any ports to open to authorize Azure AD to have access to onpremise AD ?

Thx

Stéphane

Azure AD is not working in China network

November 24, 2019, 9:42 pm
$
0
0

Hi,

I am working on Mobile Application, 

Why Azure AD login screen is not be shown in China network, I am getting error shown below.

  • AuthenticationAgentContinuationHelper.SetAuthenticationAgentContinuationEventArgs (System.Int32 requestCode, Android.App.Result resultCode, Android.Content.Intent data)
  • MainActivity.OnActivityResult (System.Int32 requestCode, Android.App.Result resultCode, Android.Content.Intent data)
  • Activity.n_OnActivityResult_IILandroid_content_Intent_ (System.IntPtr jnienv, System.IntPtr native__this, System.Int32 requestCode, System.Int32 native_resultCode, System.IntPtr native_data)

(wrapper dynamic-method) Android.Runtime.DynamicMethodNameCounter.6(intptr,intptr,int,int,intptr)

Do I need to change Azure portal configuration fo china network? Please help me with this


Unable to add API permissions

November 19, 2019, 1:24 am
$
0
0

Hi,

I'm trying to add API permissions to my app but there doesn't seem to be a button for me to do so. I've managed to do this a few days ago but the button that I was using seems to be gone.

Here's a link showing what I'm seeing - https://ibb.co/7GF9V38

Am I missing something here? Would appreciate any help.

Thanks.


AD user accounts defaulting to USA when it should be Australia. How do I change the default region location?

November 24, 2019, 10:06 pm
$
0
0
Everything was fine until a week or so ago. Now AD user accounts defaulting to USA when it should be Australia. How do I change the default region location?

Azure SSO SID??

November 19, 2019, 12:30 pm
$
0
0

Connecting to an external company with SSO, and we were initially going to use local ADFS using the SID. they are needing to use SID rather than email due to email addresses changing(ie: staff gets married and email changes).

But, this doesn't appear to be something that will work with Azure SSO.. I know this is likely something simple that im just overthinking.

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>