We are inviting the external users using Graph Api B2B to our tenant, When the user tries to log in to our application, it will ask the user to review the permission. On that screen, we need to provide the link for our organization's Privacy.
I know they're an option to configure this but somehow I am not able to find the option in the Azure portal. Can anyone help me with this
You add your organization's privacy information in the Properties area of Azure AD.
1.Sign in to the Azure portal as a tenant administrator.
2.On the left navbar, select Azure Active Directory, and then select Properties.The Properties area appears.
3.Add your privacy info for your employees.
For more information, please see the official documentation.
Related
I am unable to delete the b2c tenant created by me during a lab demonstration of how to integrate social IDP to a web app. I followed and completed all the processes but the delete tenant button stays greyed out.....It says "Remove Domain Services"...and has been stuck on there ever since1... Click on the Hyperlink to view image
remove domain services error
But once i click there to remove it...It displays nothing....
After clicking on "Remove Domain services"
According to the link provided by #Raghavendra- MSFT Identity.We can create an user account named like 'admin#personal_b2c_account.onmicrosoft.com' in B2C directory, and assign the 'global administrator' role. Logging in as this user, there will be no error to remove domain services, only to remove users. Removing the personal account from the B2C directory, and we are able to delete the directory after that.
And click Azure AD Domain Services in the picture shown, the welcome to azure! interface will also appear.It seems to be a bug in the system. Because the domain services error will only come if you ever had enabled Azure AD domain services on your environment.
I created a corporate developer account in Microsoft Partner Center, and verified domain. But I didn't go through all the other corporate verification steps. Now I wonder how could I remove the domain from Microsoft Partner Center, or close this account (I am the owner).
It seems that the "Remove" (not clickable) is a text not a button in the screenshot.
Also when I login to azure portal, and follow this document to delete Azure AD directory, the "Delete directory" button is greyed out (not clickable). The weird thing is that my role is User. Should I be administrator since I am Owner in Partner Center? Who will be admin if my role is "User" since I have only one account. Is there a way to delete the tenant?
I'm trying to use Video Indexer API (v2). But when I try to sign in to it using the the Azure Active Directory, I get this message:
Selected user account does not exist in tenant 'Microsoft' and cannot access the application 'da0eb6e2-d2bd-4cbd-ad65-81ddc43546e2' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
I'm not sure what the issue is?
Sign-in to the VideoIndexer developer portal has been revised.
We unified the developer portal sign-in with that of the VideoIndexer site.
The screenshot in #Mohit_Garg comment in no longer relevant. This is our new sign-in experience.
The first option should be used in case of Active Directory accounts. This is also the only option that will allow you to use Video Indexer paid.
In many cases users selected the Microsoft option in the old authentication method when they actually wanted AAD option.
After the new experience they select the first option "Sign in with a corporate account" and get a message saying that an account with that E-Mail already exit.
An Email is unique in Video Indexer developer portal. So if you want to use your AAD but previously opened an account in the developer portal using a different authentication method you will need to sign-in using the original authentication method and close the account in your developer profile page. After the account removal you will be able to sign in with different authentication method.
More info can be found in the official video indexer documentation
Clarification: I'm a developer in the Video Indexer team.
Follow below steps to Subscribe to the API -
Sign in.
To start developing with Video Indexer, you must first Sign In to the Video Indexer portal.
If signing in with an AAD account (for example, alice#contoso.onmicrosoft.com) you must go through two preliminary steps:
A. Contact us at visupport#microsoft.com to register your AAD organization’s domain (contoso.onmicrosoft.com).
B. Your AAD organization’s admin must first sign in to grant the portal permissions to your org. To do this, the organization's admin must navigate to https://videobreakdown.portal.azure-api.net/signin-callback?provider=Aad, sign in and give consent.
Subscribe.
Select the Products tab. Then, select Production and subscribe.
Once you subscribe, you will be able to see your subscription and your primary and secondary keys. The keys should be protected. The keys should only be used by your server code. They should not be available on the client side (.js, .html, etc.).
Start developing.
You are ready to start integrating with the API. Find the detailed description of each Video Indexer REST API.
I have two azure subscriptions, one personal, tied to my Microsoft ID, and another under a different Microsoft ID for a charitable organization where I am the one-man IT/web dev guy. I created the org's azure account/subscription myself. I can't figure out how to create websites, etc. under my personal MS ID login without logging in and out of the separate microsoft IDs to manage both sets of Azure resources.
Logging in with the org's MS ID, in the azure portal I've made my personal ID a subscription admin (Subscriptions>Access Control>Add my personal MS ID, then right clicked to make co-administrator. This is confirmed since now a right click shows "Remove co-admin" so that implies it's correctly set up as a subscription co-admin. That user is also in the Owner Role.
Step 2, in the Active Directory for the org subscription, Users and Groups>All Users>New User, added my personal MS ID. Then I select that user, click Directory Role on the left menu, and selected Global Administrator radio button and save.
So now my personal MS ID user is a subscription co-admin and a AD Global admin in the org's azure portal.
To check, if I then go to any resource group or App Service and look at Access control I see my personal MS ID user listed as an Owner for that resource and all other resources. So everything looks good.
So if I log out of the org ID and log in with my personal MS ID and go to the Azure portal, I see my usual personal Azure account resources. But I don't understand how to either see and manage those resources in the org's Azure subscription or how to switch subscriptions, or switch directories (it's not listed on the top right), and when creating a new resource, I have no option for the org's subscription to use. How do I see/manage those resources in the org's directory? Is this even possible? Or do I need to log out and log in with the org's MS ID, which is a major annoyance since it also logs me out of outlook etc. when I switch IDs.
Azure Subscriptions are "housed" within a specific Azure Active Directory Tenant. You should treat an AAD Tenant as the top level object structure, in that each Tenant is entirely separated from each other Tenant.
If you had multiple subscriptions within a single tenant, you would be able to sign in one time, and gain access to all those subscriptions.
However, since these subscriptions look like they are in different Tenants, there is no way to avoid logging in two times to access the two subscriptions. To expand on this, there would be no way to avoid logging in two times to access any unique objects across these two Tenants.
For me, the answer was
Access Azure portal login page
Click "Sign in as a different user"
type the exact same email address
select "School or Work account" option.
This one was tied to the Azure AD and they reset my password through there. Not sure it really helps you cos signing in and out all the time still a thing, but it took me far too long to get this right so thought i'd share.
I'm getting the following error when non-global admin users are trying to access graph explorer 2 within our tenant:
Additional technical information:
Correlation ID: 2346b0f5-bb5f-4138-8f9d-07fa96dcf02f
Timestamp: 2015-05-29 17:18:48Z
AADSTS90093: Calling principal cannot consent due to lack of permissions.
From within Azure we have "users may give applications permission to access their data" set to use. We also have "users may add integrated applications" to yes.
Just wanted to check which URL you are going to. We have 2 "graph explorers" - one is for exploring Azure AD Graph API, while the other (called API explorer) is for exploring the Office 365 unified API.
If you are going to https://graphexplorer2.cloudapp.net - this is (AAD) graph explorer, and should not require admin permissions. Please let us know if this is what you are using and if this is causing issues.
If on the other hand you are going to https://graphexplorer2.azurewebsites.net - this is the API explorer, and due to the number of APIs it requires access to, it currently requires admin consent. We'll look into a way to reduce the number of scopes that this requires access to, to get to a place where users can consent (but that's not the case currently).
Hope this helps,
I ran into this issue today and here what I did:
Login to your AD application in classic portal
(https://manage.windowsazure.com/)
Under "Configure" section, there
is "permissions to other applications", look at the "delegated
permissions" for "Window Azure Active Directory".
Make sure you pick
the correct permissions for your app. Normally, "Sign in and read
user profile" is enough for user to login.
For more information you
can take a look at this link
https://graph.microsoft.io/en-us/docs/authorization/permission_scopes
I worked for Skype for business online use case (WEB API). I faced this issue for users not global admins. The users who added by global admin.
I managed to resolve the issue by passing extra parameter prompt=admin_consent.
var href = 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=';
href += client_id + '&resource=https://webdir.online.lync.com&redirect_uri=' + window.location.href+'&prompt=admin_consent';
For more details visit link https://blogs.msdn.microsoft.com/exchangedev/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-office-365-exchange-online/