Hi All,
I am looking for possible ways to delete a user that is created using Azure ADB2C apart from manually deleting.
Thanks in advance :)
↧
Deleting User from Azure ADB2C
↧
After getting auth token for SharePoint online get HTTP 401 with it
Hello,
I am developing native app: C++ with HTTP so please don't suggest .NET or JavaScript libraries :) The app should access SharePoint Online. I used to use X-Forms-Auth and "FedAuth" cookie but now need to migrate to OAuth.
1) I have registered the app in azure portal (got secret, marked redirect URI, added read/write permissions for SharePoint)
2) Then I perform OAuth flow by opening browser with
https://login.microsoftonline.com/common/oauth2/authorize
?client_id=<CODE FROM AZURE PORTAL>
&response_type=code
&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
&resource=https://testorg.sharepoint.com/
it redirects to my redirect URI and I parse out the code, as expected. Then I do
POST https://login.microsoftonline.com/b51447fd-f997-4080-bf24-833070bc14bd/oauth2/token
client_id=<CODE FROM AZURE PORTAL>
&client_secret=<SECRET FROM AZURE PORTAL>
&grant_type=authorization_code
&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
&resource=https://testorg.sharepoint.com/
&response_mode=form_post
&code=<CODE FROM PREVIOUS STEP>
this also returns the expected JSON from where I get "access_token".
3) Later I call any SharePoint/WebDav API on https://testorg.sharepoint.com with the obtained token in auth header (Authorization:Bearer <TOKEN>) but get 401. However, all works fine when I follow X-Forms-Auth.
Can anyone help me here please?
I am developing native app: C++ with HTTP so please don't suggest .NET or JavaScript libraries :) The app should access SharePoint Online. I used to use X-Forms-Auth and "FedAuth" cookie but now need to migrate to OAuth.
1) I have registered the app in azure portal (got secret, marked redirect URI, added read/write permissions for SharePoint)
2) Then I perform OAuth flow by opening browser with
https://login.microsoftonline.com/common/oauth2/authorize
?client_id=<CODE FROM AZURE PORTAL>
&response_type=code
&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
&resource=https://testorg.sharepoint.com/
it redirects to my redirect URI and I parse out the code, as expected. Then I do
POST https://login.microsoftonline.com/b51447fd-f997-4080-bf24-833070bc14bd/oauth2/token
client_id=<CODE FROM AZURE PORTAL>
&client_secret=<SECRET FROM AZURE PORTAL>
&grant_type=authorization_code
&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
&resource=https://testorg.sharepoint.com/
&response_mode=form_post
&code=<CODE FROM PREVIOUS STEP>
this also returns the expected JSON from where I get "access_token".
3) Later I call any SharePoint/WebDav API on https://testorg.sharepoint.com with the obtained token in auth header (Authorization:Bearer <TOKEN>) but get 401. However, all works fine when I follow X-Forms-Auth.
Can anyone help me here please?
↧
↧
Not redirect to https:// post Azure AD authentication
Display name: myWizardAOF
Application type: Web app / API
Home page: https://mybpwizard-aof.ciodev.accenture.com/
Application ID: 893a0a82-cc28-4b29-a440-ac02054ba43d
Azure AD openID connect Authendication through https://login.microsoftonline.. is success, but post Authendication, it is not redirecting to https:// "Home page" url
Issue: Not redirecting to actual https:// "Home page" Url mentioned above, instead it is redirecting to http://
And once manually add https:// in browser app started loading correctly.
Please find Attached screen shot.
Kindly help to resolve this issue.
↧
AD user accounts defaulting to USA when it should be Australia. How do I change the default region location?
Everything was fine until a week or so ago. Now AD user accounts defaulting to USA when it should be Australia. How do I change the default region location?
↧
How to add and configure AAD application from the gallery programatically?
Hi team,
I am currently working on configuring federation from Azure AD to the AWS Management Console. Following the instructions in the below link works with some modifications
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial
Now, I need to be able to do the same configuration programmatically. I checked AAD Powershell commands but I could not find out how to use it to provision a pre-integrated applications from the Azure AD gallery like the AWS App. The commands seem limited in what they can do and are targeted at managing applications that have been already provisioned from the gallery or working with applications being developed in-house. (e.g. New-AzureADApplication).
The idea here is that I need to add 50 of these apps from the gallery and configure them programmatically. Any direction here would be appreciated.
Ihab
↧
↧
Store BitLocker recovery keys (for removable media) to Azure AD
Dear All,
We are using a configuration policy in intune in order to dissallow copying any data in removable media if are not encrypted with bitlocker.
Is there any way to store the encryption keys in Azure AD (currently the only options are to save o rprint the recovery key)
Kind Regards,
↧
Azure Active Directory
I am working on a POC for SSO integration with Azure AD for our product(SAAS Based).
I am stuck at SSO integration with our system, where we want to allow our customers to login in our application via SSO with Azure AD.
Here we have configured as required, and able to make the Login request, and get the response back, but as the response is Encrypted, we are not able to parse and proceed further. Our application is developed in JAVA. Here your little technical help will complete our POC and we will be in a position to develop complete and release it as a feature of our product.
Also is there any way to fetch all users of Azure AD through API ?
Thanks
Dinesh Radadiya
↧
how to integrate azure advanced App Service Authentication / Authorization to access azure devops API (tasks, pipelines)
we are trying to make a webpage where user can see all his assigned tasks, pipelines using devops api. The question
as we know azure supports the advanced app service authentication / authorization (EasyAuth) were tokens generally stored and managed from azure once user authenticates the request with azure AAD. so, how can we integrate this to have access the devops api.
Thanks.
↧
how to see what asserection is sending from a Mobile device?
Hi; we are using Azure SSO and I am trying to use SSO with Mobile App. Seems when login to the mobile app, the SAML assertion send has a different UserID format then when using browser. the format is nameid-format:persistent;
and the nameid is bunch of seem random characters. When I use the brower (even on the same mobile device) the assertion has the correct nameid format that is configured.
↧
↧
How to modify the setting/policy to change the SAML response condition?
I am debugging an issue with the SAML response from Azure AD. Besides the claims, I have everything set by default.
The conditions of the SAML response seems logical, not before -5 minutes before the IssueInstant time, and not after an hour after the IssueInstant.
However, I have logged in previously to Azure AD, before the condition. So, in the same SAML response, I have the AuthInstant few hours before the condition. Note that, based on the cookie info on browser, I have a 90 days of the login session validity. So, my SP failed my login due to the the issue instant not in acceptable window.
I have 2 questions here.
1. How do I modify the condition setting, so that the condition would be not before 90 days of the IssueInstant time?
2. Is it recommended to change the condition that what I am trying to do in #1?
Please help. Thanks!
↧
Group API calls not working
Reference:
https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http
https://docs.microsoft.com/en-us/graph/api/group-get?view=graph-rest-1.0&tabs=http
None of the group API calls are working. Tried passing group id, name, filters either getting a blank response with response code 200 or resource not found error.
Any help would be much appreciated.
Thank you.
↧
Upgraded Azure AD Connect - now getting 8344 errors on Export of local directory
performed in place upgrade of Azure AD Connect to 1.1.561.0
Export stage of synchronization is throwing an error on 400+ user objects.
Status: Completed - export errors
Permission Issue - Export tab shows error 8344 - Insufficient access rights to perform the operation.
↧
Adding Azure AD user using provisioning package
I followed the instructions to given here ( Microsoft Link ) create a provisioning package using Configuration Designer.
But when I apply the provisioning package on the Windows 10 Device, I am getting error as follows in AAD Event log.
Log Name: Microsoft-Windows-AAD/Operational
Source: Microsoft-Windows-AAD
Date: 4/10/2017 4:41:54 PM
Event ID: 1112
Task Category: AadAadtb Operation
Level: Error
Keywords: Operational,Error
User: SYSTEM
Computer: Contoso-5129DM6
Description:
Error: 0xCAA20001 The client is not authorized to request an authorization code using this method.
Exception of type 'class Exception' at aadtb.cpp, line: 94, method: AADTBAcquireTokenInternal::<lambda_4e6ecc266bbbd65603077a6172b3b088>::operator ().
Log: 0xcaa1007b Acquire token failed.
Logged at aadtb.cpp, line: 121, method: AADTBAcquireTokenInternal.
Request: authority: https://login.microsoftonline.com/5792f414-3b8d-41c0-a018-5c0356835f17, client: b90d5b8f-5503-4153-b545-b31cecfaece2, redirect URI:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-AAD" Guid="{4DE9BC9C-B27A-43C9-8994-0915F1A5E24F}" /><EventID>1112</EventID><Version>0</Version><Level>2</Level><Task>105</Task><Opcode>0</Opcode><Keywords>0x4000000000000012</Keywords><TimeCreated SystemTime="2017-04-10T07:41:54.137018400Z" /><EventRecordID>401</EventRecordID><Correlation ActivityID="{4E4F94C0-0099-0000-FC26-E426C0944F4E}" /><Execution ProcessID="9980" ThreadID="9956" /><Channel>Microsoft-Windows-AAD/Operational</Channel><Computer>Contoso-5129DM6</Computer><Security UserID="S-1-5-18" /></System><EventData><Data Name="Error">3399614465</Data><Data Name="ErrorMessage">The client is not authorized to request an authorization code using this method.</Data><Data Name="AdditionalInformation">Exception of type 'class Exception' at aadtb.cpp, line: 94, method: AADTBAcquireTokenInternal::<lambda_4e6ecc266bbbd65603077a6172b3b088>::operator ().
Log: 0xcaa1007b Acquire token failed.
Logged at aadtb.cpp, line: 121, method: AADTBAcquireTokenInternal.
Request: authority: https://login.microsoftonline.com/5792f414-3b8d-41c0-a018-5c0356835f17, client: b90d5b8f-5503-4153-b545-b31cecfaece2, redirect URI: </Data></EventData></Event>
I am not sure what is the issue here.↧
↧
Enterprise applications - On-premise application published with passthrough but still prompted for password
Hi,
I'm attempting to publish our intranet as an enterprise application with SSO. This works like a charm and I'm able to access it via office.com and also as a published web link via Intune and my phone. But - I have to sign-in each time which is not what I want.
My settings in application proxy is as follows:
.
The end result I wish for is to open the web site from office.com only by logging in the first time. From my phone I wish to use either PIN or bio-metrics, not password.
Any suggestions how to solve this?
With kind regards
Theodor
↧
Add/Edit the profile image in Azure AD B2C ProfileEdit policy
Is it possible to allow users to add or edit their profile picture in edit profile ??
↧
Custom domain still unverified even after 7days
I have added my domain as custom domain and updated domain DNS with the generated txt record. I am able to verify the txt record using dns verify tools but azure status is still unverified. Troubleshooting doesnt give much information other then
redirecting to knowledge base doc how to add. How to troubleshoot why my domain is still unverified status. Non of the suggested steps applicable as this is new tenant i have registered and not configured anywhere else.
↧
Invite external users to Azure AD Domain services?
Hi,
I would like to get inputs or recommendation how to handle external users to access our Azure tenant/setup.
Today we setup a unique tenant/subscription for each customer and host an application and publish it with RDS.
In each tenant we use Azure Domain Services. We need to make our application server (VM) a member of a domain and then use WVD to publish the application in a secure way.
Our customer would like to use their own username/password to access our application and my first thought was to use Azure B2B collaboration and invite them as guest users or setup AD Connect to syncronize a specific group of users into our Azure Tenant.
But then I assume the username/password would not sync to Azure Domain Service. Only to Azure AD (?).
The users need to authenticate to Azure Domain services because the WVD and our applications servers is member of the domain.
↧
↧
AD additional attribute synced to AAD extension attribute not showing up on AAD user object
Can someone please help me with the following, thanks in advance
I setup AD Connect in a LAB and my LAB Active Directory users are syncing OK to my LAB Azure AD
I then went through the Azure AD Connect setup wizard a second time to sync 'custom sync options' and chose 'Directory Extension Attribute Sync' and chose to sync two additional attributes (for testing), I chose the Active Directory attributes 'adminCount' and 'carLicense' I have a domain admin user called Craig who has his adminCount attribute set to 1 and I added a value for carLicense
When I check Get-ADSyncGlobalSettings
I can see under Microsoft.OptionalFeature.DirectoryExtensionAttributes the carLicense and adminCount listed (among other attributes) therefore looks like AD Connect should sync these two attributes from AD to Azure AD right?
However even after restarting AD Connect and doing a delta sync too I still do not see these attributes on my Azure AD User when I do Get-AzureADUser -SearchString Graig | select -ExpandProperty extensionproperty
There is no sign of the adminCount or carLicense attributes or their values in the output
Please advise, where I am going wrong?
Do I need an Azure AD P2 license or something to sync additional built in active directory attributes?
I also set up a separate custom rule to sync an AD attribute to extension13 of the AAD user class.
The above appears in the Metaverse under AD Connect OK (with the correct values populated)
However, there are not appears in the AAD User object, as above any idea please
Thanks in advance
CXMelga
↧
Accept Privacy policy and terms and condition during login
Hi,
I am working on Azure AD login process, I want the user to accept privacy policy/terms and condition during login. I have gone through the branding. Also added Privacy statement link and Terms and condition link under Branding, still I don't get Prompt/alert as below.
Also I am not able to verify the Domain, Please help me with this
↧
AADSTS500011: The resource principal named https://**.azure-api.net was not found in the tenant named
I am using API Management Service. and not able to register in Azure Active Directory.
↧