I am trying to add user having Hotmail account but team foundation showing following error.
Can anybody please tell me that how can I add another user in VSTS?
No identities found.
Depends on how your account was set up. If it's Microsoft Account based (LiveID/Outlook.com/Hotmail), then you need to navigate to the account level users hub first.
https://{{account}}.visualstudio.com/_admin/_users
If your account is Azure Active Directory backed, then you need to import these users into Azure Active Directory first, then add them at the account level before being able to add them to a security group.
Related
I am the project administrator.
I have installed the Azure Boards App.
I have signed in with my work login to the Azure Boards app in Teams.
When I try to link my project to a Teams channel, I get the following error:
"You are not authorized to access one or more resources required to complete this action."
Not sure what additional permissions other than "Admin" I could need.
You can try another thing, that could be helptfull
On the Azure Boards -> Organization Settings --> Permissions
Turn on two itens painted in yellow
I´ve got the same error last month.
Please, check if ALL of Microsoft Teams members are administrators on Azure Boards project before to try to login Azure Board app in Teams.
I have faced the same issue and have archived the channel and created a new Teams channel with reauthentication.
That sorts the issue.
I'm working on a Slack integration for our workspace that is within an Enterprise Grid. I have a workspace and I've created a Slack App with all possible OAuth scopes and have installed it in the workspace.
I'd like to automatically invite and remove users to our workspace using the app/bot. I should be able to do this with the Slack app/bot using the admin.users.invite and admin.users.remove API actions.
However, these two actions require the admin.users:write OAuth scope, which can only be used on an App that is installed organization-wide, so I can't use this scope on my workspace app:
The app requesting this scope must be installed by an admin or Owner of an Enterprise Grid organization. Also, the app must be installed on the entire org, not on an individual workspace.
Is there any other way I can have an automated system that invites/removes users to/from our workspace, without it being an organization-wide app? This is something I can do as a user through the Slack UI (and I'm not an organization admin, just a workspace admin), so one would think I should be able to do the same things via an app/bot that is installed and authorized to act on my behalf.
Unfortunately, the APIs currently provided by Slack are available for Org Owner & Org Admin roles.
The best course of action for you will be to collaborate with your org admins. Let them manage the app. It means you will not have access to token, but you can use the app as a user.
Create the app that will operate only on your workspace by using fixed teamId.
Ask the org admin to generate the admin token and update that in your app.
May be, if they find your app useful, it can be used across organization eventually.
I've installed a third party app on an AWS EC2 instance. The requirement is when user clicks the web url of this application, user should be authenticated using organization's Azure AD. Since it's a third party app I can not integrate Azure AD with it in the code. Any suggestions on how it can be achieved are welcome. I'm trying out AWS cognito service but so far it didn't work.
Please check if you have followed the steps below and if anything was missed.
Version of Azure AD- free won’t support the onboarding of enterprise apps. So we need to upgrade Azure AD.
Go to enterprise application>new application>non-gallery
application>activate for enterprise account (which is minimum
requirement ,can select premium also)>give AWS app name.
Go to single sign-on by opening the application in azure >choose the
SAML option >Download federation metadata XML as shown below.
Then go to AWS management console>>Enable AWS SSO(Only certain
regions are available to enable SSO,please check that).
Choose the identity source
Change the identity provider>>select external identity
provider>download AWS SSO SAML metadata file which can be used later
in azure side.
In IdP SAML metadata>insert the azure federation metadata file which
is downloaded previously from azure and then review and confirm .
Now go to azure portal where you previously previously created aws app name>Go to single sign on >Upload metadata file>select the file which we previously downloaded from the aws portal>click on add>then click save on basic SAML configuration.
Say yes to test sso if pop up for testing appears.
Now we can provide automatic provisioning.When new user is created in azure AD ,then it must flow in AWS SSO .We can make few users a part of AD group in order to try signin from users.
Now go to AWS Portal and click on >Enable automatic provisioning.Copy
SCIM Endpoint and access token .Go to azure side in the app
provisioning>>Select automatic in provisioning mode>>Then paste the the SCIM end point in Tenant URL and accesstoken>click on Test connection and save the configuration.
Then go for mappings >select Synchronize AAD users to custom app
sso>leave default settings>You can select required attributes
-select beside externalID mailnickname and change the Source attribute to ObjectId(choosing the unique ID on AD side to flow in
AWS)>Also edit mail>change source attribute to userprincipalname.
I. Ensure the user only has one value for phoneNumber/email
II. Remove the duplicate attributes. For example, having two different
attributes being mapped from Azure AD both mapped to
"phoneNumber_____" would result in the error if both attributes in
Azure AD have values. Only having one attribute mapped to a
"phoneNumber____ " attribute would resolve the error.
Now go ahead and map users and groups
Search for groups in portal and add groups >Security type>give a
group name ,description and membership type as assigned>click on create.
Create two or more groups in the same way if needed ,After that
these groups are to be filled with particular users for particular
group .
Now create few users .For that Search for users in portal>new user>give name >add the user to one of the created groups and assign .
After creating users and groups , go to users and groups in your
enterprise app(recommended to select groups rather than individual
and then delete unwanted users)
Go back to provisioning and make the provision status as ON.
Now do the mapping of AD group to access certain AWS accounts by
giving permission sets.
Go to permission sets and select the group or users . You can give
existing job functional access or you can create custom policies .
Now go to settings in AWS portal copy the url and open the page of
the url which redirects to the signin. Give the user credentials and
access is possibleas per the given permissions.
When I try to connect to Dynamics 365 CRM with the Plugin Registration Tool I get the following permission error:
"You don't have permission to access any of the organizations in the
Microsoft Common Data Service region that you specified. If you're not
sure which region your organization resides in, choose "Don't know"
for the CDS region and try again. Otherwise check with your CDS
administrator. Parameter name: EMEA"
I have the System Administrator role
I can sign-in to the web interface and work with no issues
I'm sure of our region, tried to login with and without it ("Don't know" option)
Also tried with an application password as our organization uses multi factor authentication
Using the latest version of the tool on Nuget (9.0.0.9506 in the about dialog)
I can connect to my trial server the same way
We had a user who was able to connect with the same user roles set
This seems machine and account independent. Other users including the organization creator are getting the same error
We are directly connected to the internet, no proxies
One solution I've read suggested cleaning the cache files which don't appear on my system. And we get the same error on clean installations.
Solved by leaving the "Show Advanced" checkbox unchecked and not entering User ID / Password. Then a second dialog opens for credentials and 2FA authentication which just works.
You don't need an application password, as you'll be asked for MFA in the next step.
I don't know how our old teammate was able to sign in with the "Show Advanced" option selected. He was getting the same dialog and continue.
One of our customer has a Google Enterprise Account (G Suite).
We have developed an application on Google Site that use a Spread Sheet.
We have created a project in the google developer console to access the Spread Sheet form the Api and created a Service Account for this project.
Everything was created with our account (provided by the customer).
At some point our account can be deleted or deactivated by the customer.
What happens then?
Will the project be deleted/deactivated?
Will the data in the drive be lost?
Thanks
If an account on Google developer console is deleted then yes all the projects and clients associated with that account will stop working.
I am not sure i understand where this sheet is located. If the sheet is on the service accounts google drive account then yes you will loose that as well.
Once a user is deleted or deactivated anything that the account contained is gone.