We have some users attached to different OneLogin roles via mapping rules. So, when a new user is created and satisfied by the mapping rule, then it is shown as the Pending state.(Here, we don't turn on the automatic approval for user provisioning)
What I'd like to do is to approve the user via API. I found the OneLogin doc which shows us to get the list of users assigned to the application. But it doesn't tell how to approve the users in the Pending state. Any ideas ? Thanks in advance.
Basically, I have checked these docs as well -> List Users, Get User Apps, Update App
In the Users API, you have the PUT Update User request. You can use this to approve the pending states. After you get the user id for the request, you'd just put this in the body:
{
"state": 1
}
Let me know if you need any other help.
Related
I am building a website using mern stack where every user who signs up gets their own subdomain according to the username they entered.
What I have done so far:
Users can create an account and get their subdomain according to the username they entered while signing up.
Owner of the organization can send invites to the team members using email by filling out a simple form where they need to enter the email of the team member.
Now, I would like to know how I can add the team member to the organisation's workspace so they have full access to the workspace. Basically, I don't know what to do after sending an invite.
Please give me some insights on how this can be achieved.
Thanks.
Make an array element in the your model so that contains group_ids of groups joined.
Create a middle-ware function that checks if the user can perform operations in there. If not, throw error.
When the invite is sent, the array element that I talked about should be updated to [...array, group_id selected].
I am a junior developer so might go wrong but I hope this helps.
I'm setting up a system and I want to select the best framework, so, using loopback, I want to have the approval functionality like drupal, when any user signing up, they must validate her email and wait for some administrator approve them
For this requirement you need to override the method of login/signin which loopback provides in user model and then you have to validate whether admin has approved the account of user or not.
As you can see my question above, I was wondering if it is possible to retrieve the assigned groups of an Azure Active Directory (AAD) based user via Microsoft GraphAPI.
My situation is, that I have an ASP.NET MVC project with Microsoft Azure enabled. My goal is, that an Azure user can login on my website with it's Azure account.
The idea is, that an azure user is an admin or an user (depending on the azure groups) and depending of this role group, the user can view more or less of my webpage.
For example:
When Peter logs in with his azure account on my webpage, he should only be able to see:
Add new Document
Edit Document
Remove Document
because he is only assigned as "User" in Azure Active Directory.
But when Sabrina logs in with her azure account on my webpage, then she should be able to do the same as Peter, but she also can see:
Manage Products
Add new customer
etc.
because she is been assigned as an admin in Azure Active Directory.
My problem is, that I did not find out how I retrieve the assigned group of an user with Microsoft GraphAPI. The part, which user can see or not after I got the roles is not a big deal.
I already tried this API call:
https://graph.microsoft.com/v1.0/me/
But it seems, that the response of this call does not include the actual assigned group of that user.
Do you think it is possible to retrieve the assigned group of an azure user? Is this even possible? Or do I have to do something else to retrieve these information?
I hope you understand my point and I am also looking forward for any response. Thanks in advance!
Add /memberOf to the URL to receive the groups a user is member of.
https://graph.microsoft.com/v1.0/me/memberOf
Here's a link to the specific graph api - https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups
Take a look at this sample application on Github. It does something very similar with a task tracker application, where different users are able to perform different actions based on the group they belong to -
https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims/blob/master/README.md
Also, in cases where a user is a member of too many groups, you get back an overage indicator and have to make a separate call to get all groups. Read about “hasgroups” and “groups:src1” claims here - https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-id-and-access-tokens
According to your system architecture, if some user has too many joined groups, the API https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups will return too many groups.
But if the groups with permissions in your system are not too much, you can use this API: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_checkmembergroups to check if the current user is the member of specified groups.
It is not good idea to use this API: https://graph.microsoft.com/v1.0/me/memberOf. Because it returns only the groups that the user is a direct member of, but security group can be member of security group.
We have a Kentico 10 website using custom WIF authentication. That is all working fine. I can see that the authenticated user details match what is expected.
I tried enabling the online marketing - contact tracking and then discovered that even though I had logged out with one account and then logged in with another account the new user's activity was being logged as if the first user had performed it.
The only that works reliably is using a delete cookie plugin in chrome which isn't a good solution for production.
I tried expiring the existing cookies for the domain and then found after logging out and back in again with a new user that all the new activity was being logged as public anonymous user.
Is there anything I can add to signout or login to ensure that the correct Contact is being tracked against. Different users should be able to use the same browser logging out and back in again without this contact activity going against the wrong person.
The contact cookie is stored per user account on a computer. So if you're simply logging in and out of Kentico this activity will not change your contact cookie. Kentico sees you as the same contact even though you are authenticating with a different user account.
Kentico Contacts and Users are not synonymous although they can have a link to one another. So I'd expect if the user account with linked with a contact you may see different activity for that particular contact. The only way a contact is linked to a user account is if one of the 3 activities happen:
Registers on a website
Signs in with a user account
Fill in customer data while making a purchase
So even though you're doing #2, I'm guessing something unique is happening since you're doing some testing on the local machine. Check out the documentation about contacts and linking to user accounts. To test or see if a user is linked to a contact, go to Contact Management, manage a contact and click on the Membership>Users tab. If see a user account linked to the contact then that contact is linked. If you don't see one then that particular contact is not linked and you'll experience the issues you're explaining.
I am researching about Salesforce. I am read the session Control Access to Organization. I have not understand the difference between Deactivating or Freezing a User in Salesforce clearly. Anyone can help me?
In some cases, you can’t immediately deactivate an account, such as when a user is selected in a custom hierarchy field. To prevent users from logging in to your organization while you perform the steps to deactivate them, you can freeze user accounts.
If you freeze a user account, it gives you the opportunity to move the associated records, etc. to the ownership of someone else so they would be able to manage those accounts. "Freezing" only stops the user from being able to login. When you "deactivate," it frees up that salesforce license to be given to another user.
*The difference is:
Deactivate means that you dont allow that user login in your org and it frees up that salesforce license to be given to another user.
Freez just dont allow that user login in your org
You can watch this video for more detail about the difference between Deactivating or Freezing a User in Salesforce: https://www.youtube.com/watch?v=HYPB3oq_94Q