I'm trying to switch tenants from the command line interface on my Windows 10 computer.
The answers provided here don't seem to work at all
I've also tried the following
az logout
az login --use-device-code (because of 2FA)
az login --username [my user name] -t [tenant id]
az login --tenant [tenant id]
az login --tenant [tenant name]
az account set --subscription [subscription id]
All these commands are completed successfully, however, when I run Get-AzSubscription command, I still see the tenentID of a different tenant I use than the one I want to log into.
How can one successfully switch tenants from the command line interface using Microsoft Azure with 2FA while developing cloud native apps on a Windows 10 PC?
You should not use Get-AzSubscription to get the subscription information.
Get-AzSubscription is in Az.Accounts Powershell module.
But az login is in Azure CLI module. Switching tenants using az login doesn't effect on the results of Get-AzSubscription.
You can see the tenant information immediately after logging in using az login --allow-no-subscriptions --tenant xxxx.onmicrosoft.com.
You can also use az account show to get the details of a subscription and the tenant information.
Related
For a long time was using Terraform with Azure and it worked fine. Now for any reason the az cli command it doens't work.
I'm getting follow error:
AADSTS500200: User account 'xxxx ' is a personal Microsoft account. Personal Microsoft accounts are not supported for this application unless explicitly invited to an organization. Try signing out and signing back in with an organizational account.
I've already upgrade az cli versin to 2.42 but problem perists. Even using incognito mode couldn't login to Azure.
Instead of using az login, via browser I'm able to login to azure cloud without issues.
The problem was related with Az cloud list. The active azure cloud was "AzureUSGovernment" instead of "AzureCloud". Once enabled "AzureCloud" issue got fixed.
az cloud set --name AzureCloud
Try the below commands to clear the cache.
az account clear
az login
or
az login --tenant [tenant id]
I want to login to azure to run these commands on a web app:-
az login
az account set --subscription "Pay-As-You-Go"
az webapp identity assign --name "****" --resource-group "****"
az keyvault set-policy --name "****" --object-id "***" --secret-permissions get list
where we are managing our customers' azure through the Microsoft Partner Centre, as follow:-
when I click on a Customer >> then click on "view all resources on Azure portal" :-
then when I click on "View My Access" i will get this :-
But when I try to login to azure using PowerShell C:\Program Files\Microsoft SDKs\Azure\.NET SDK\v2.9>az login using the same username i login to the UI, I will get this error:-
You have logged in. Now let us find all the subscriptions to which you
have access... No subscriptions were found for 'None'. If this is
expected, use '--allow-no-subscriptions' to have tenant level access
so I am confused because using the UI I can access the customer + create web apps for the customer.. so why when I login to azure using PowerShell I got the above error that i do not have subscription?
It seems like the customer does not have licensed subscriptions, mentioned in the snippets you shared:
Try using below command instead:
az login --allow-no-subscriptions
Alternatively, if you have Tenand Id handy, you can use below command:
az login --tenant TENANT_ID
I have started using Azure Pipelines with GitHub backed account and created my first organization. I do not have any projects in that organization. I also do not have any subscriptions on portal.azure.com. I want to list available project in my organization using Azure CLI - basically - to get an empty list, because there are no projects yet.
When I type
az login --allow-no-subscriptions
I login successfully using a browser. But all the other Azure CLI commands that I issue afterwards will fail, and ask to login. What's in the name?
After a successful az login, when I type
az devops login --organization https://dev.azure.com/my-org-name-i-will-not-tell-you/
it prompts me for token, which is confusing, because from the official documentation:
If you have already signed in with az login interactively or using user name and password, then you don't have to provide a token as az devops commands now support sign in through az login.
I am confused, why I cannot login. Do I need to create a subscription on portal.azure.com to login? I don't want to do it, and don't' see why that will be necessary for my task.
If you login through
az login --allow-no-subscriptions
there is no need to call az devops login as you have access to Azure DevOps. Anf if you want to configure default organization, you can always use az devops configure
But it looks like mistake on CLI or documentation. I would recommend you create an issue for this page on GitHub.
The documentation indicates if you have already signed in with az login interactively or using user name and password, then you don't have to provide a token as az devops commands now support sign in through az login. In my opinion, the az devops commands here doesn't include az devops login command, as you don't need to run az devops login command after you running az login command.
In azure pipelines of Azure DevOps need to use az login to get into azure account. Getting error that admin has enabled MFA and hence cannot login.
Do not want to use:
az login -u "username" -p "password"
Also don't want to implement Service Principal as feel that would be overkill.
How to login with az login from Azure DevOps when MFA is enabled?
You can make use of:
az login --use-device-code
Note: to avoid any mishaps set the subscription you want to use with:
az account set --subscription "subscription here"
So you have:
az login --use-device-code
az account set --subscription "subscription here"
It will then generate a url which you can enter into your browser with the generated device code. The other line will set the subscription you want to work with.
This is an intermittent solution as it is not fully automated in that you have to manually open the url and enter the device code. At least though your pipelines can still execute.
As soon as I have a way to automate the process or have a more effective solution will update the answer.
As an Azure beginner, I am attempting to configure a basic Ubuntu VM. I started with creating an account by drilling in from the http://azure.microsoft.com page's "Try it for free" link. I successfully created an account and can see the admin console at https://portal.azure.com. I then installed the latest node.js based CLI (0.10.1 on Mac OS X).
I downloaded a .publishsettings file using azure account download and successfully loaded it with azure account import. I can now see my account when I azure account list (the name is "Free Trial" and Current is "true").
I then put the CLI into resource manager mode via azure config mode arm. This is because my goal is to create my basic VM using this 101-vm-simple-linux resource manager template. To do so, I am following along with the instructions at Resource Manager template walkthrough.
My attempts to use the azure command line tool yield this error:
Your current subscription was likely created from a publishsettings file and will not work under arm mode. You can fix it by running either 'azure login' or 'azure accout set'
When I do as requested, I get essentially the same error message from the login command itself:
% azure login -u 'the account id I just signed up with'
info: Executing command login
Password: ***************
Authenticating...
error: Interactive login is required. Use 'azure login' to interactively login.
info: Error information has been recorded to /Users/kent/.azure/azure.err
error: login command failed
Can somebody tell me how I can successfully login with the Azure CLI so that I can continue?
You will get this error if you are trying to authenticate using the Microsoft Account (such as johndoe#hotmail.com) you used to create your Azure Subscription.
You need to add an organizational user (or service principal) to the Azure Active Directory for your Azure tenant. Instructions on how to do this are available here.
Then, make this user a co-administrator on your subscription. To do this, in the old portal (manage.windowsazure.com), click Settings in the left navigation (located at the very bottom). In the Settings page click on the Administrators tab. Then, click Add at the bottom of the page to add the user you created previously as an administrator on the subscription.
Now, you can use the user identity of this organizational user to sign-in from CLI. For example:
azure login -u johndoe#xyz.onmicrosoft.com
More information about this scenario and other ways to authenticate from CLI are available here.
Type 'azure login' this will then prompt you with url and device code. Enter that into the website, then you should be able to login with 'azure login -u email-address'
I'd like to add to this since --username or -u has multiple uses.
The -u also works with a service principal. Service principals are useful when you have a task running with no user interaction.
With the Azure CLI 2.0 this would work with the following command:
az login --service-principal -u "${clientId}" -p "${clientSecret}" -t "${tenantId}"
You can get these variables by creating an Active Directory application.
Here's the --help output from the Azure CLI 2.0 for the login command:
Command
az login: Log in to access Azure subscriptions.
Arguments
--password -p : User password or client secret. Will prompt if not given.
--service-principal: The credential representing a service principal.
--tenant -t : The tenant associated with the service principal.
--username -u : Organization id or service principal.
Global Arguments
--debug : Increase logging verbosity to show all debug logs.
--help -h : Show this help message and exit.
--output -o : Output format. Allowed values: json, jsonc, table, tsv. Default: json.
--query : JMESPath query string. See http://jmespath.org/ for more information and
examples.
--verbose : Increase logging verbosity. Use --debug for full debug logs.
Examples
Log in interactively.
az login
Log in with user name and password. This doesn't work with Microsoft accounts or accounts that
have two-factor authentication enabled.
az login -u johndoe#contoso.com -p VerySecret
Log in with a service principal.
az login --service-principal -u http://azure-cli-2016-08-05-14-31-15 -p VerySecret --tenant
contoso.onmicrosoft.com