My team already has a working Azure DevOps account. I would like to start an Azure subscription / Active Directory to begin linking our DevOps to App Services and other Azure products.
However, any time I click on a link to get started with Azure, I am met with a perplexing paradox trying to log in.
First I'm told that I can't log in because my MS account isn't found:
But if I try to "Create one!" or "get a new Microsoft account", I'm told it already exists:
I've taken out the email address being used, but I've confirmed they are the same between the two screens (I'm not even typing anything; all I'm doing is clicking "Next" on each screen).
I know that this MS account is valid. It's the same one I use to sign in with Azure DevOps and many other MS services. I'm not sure why I can't log in to the Azure set up platform. And there doesn't seem to be any kind of support options with Azure before you become a subscriber, so I thought I'd try my luck posting the issue here.
Thanks for any help!
You can connect your Azure DevOps organization to Azure Active Directory (Azure AD). Kindly checkout this document - About accessing your organization via Azure AD
Just to clarify, I hope you are an administrator on the subscription.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
When your sign-in address is shared by your personal Microsoft account and by your work account or school account, but your selected identity doesn't have access, you can't sign in. Although both identities use the same sign-in address, they're separate: they have different profiles, security settings, and permissions.
Sign out completely from Azure DevOps by completing the following steps.
Closing your browser might not sign you out completely.
Sign in again and select your other identity.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
To connect your organization to Azure AD.
Sign in to your organization, https://dev.azure.com/{yourorganization}).
Select gear icon > Organization settings.
Select Azure Active Directory, and then select Connect directory.
Related
I was logged in to my AzureDevops account using my hotmail account.I then went to Organization Settings and then connected my Org to Azure AD.
After i logged out and logged in back again with the same account, i don't see anymore my projects which i was working on. I have disconnected my Azure AD and also tried switching directories but i am no longer able to see that particular organization anymore.
Any idea how to fix this or why this happened
Please check below points :
Try logging on to https://.visualstudio.com to see you can see the organization and projects, as stated in this.
Check Troubleshoot connecting to a project
You may not able to signin or access your organization unless your work or school account has the same email address as your Microsoft account.
Although you can add new work accounts to your organization, they're
treated as new users.
If you want to access all your work, including its history, you must
use the same sign-in addresses that you used before your organization
was connected to your Azure AD.
For that Add your Microsoft account as a member to your Azure AD Or
ask the owner of the organization who has proper permissions to map
any disconnected members to their Azure AD identities Or invite them
as guests into the Azure AD.
Invited user should use corresponding account, work/school account
for AAD based, personal account for the other.
So basically the user who makes the connection must confirm the following statements are true.
User exists in Azure AD as a member. If the user is an Azure AD guest, rather than member
User must have project collection administrator or owner of the organization
User must also have Azure Service Administrator or Coadministrator permissions for the Azure subscription that's linked to your organization in Azure DevOps.
User isn't using the Microsoft account identity that matches the Azure AD identity. For example, if the Microsoft account that users are currently using is jamalhartnett#fabrikam.com, the Azure AD identity they'll use after connecting is also jamalhartnett#fabrikam.com. Use a single identity that spans both applications, rather than two separate identities using the same email.
Add your work account as an administrator in your Azure DevOps organization
The AAD tenant should be same as the DevOps tenant to connect & Transfer the ownership of the organization to your work account.
Please see if you have followed the Prerequisites to Connect organization to Azure Active Directory
FAQ: to be refered
why dont i see my organization in the azure portal
why do i have to choose between a work or school account and my personal account
what if we cant use the same sign in addresses
Note: No other user than the owner of the organization will be able to see the organization under the “Azure DevOps organizations”
service in the Azure portal. Also, Azure DevOps does not support
multiple owners, like Azure services that support Role Based Access
Control (RBAC) do. An Azure DevOps organization will only have a
single owner at a time :reference
Please try to access https://aex.dev.azure.com/ and change domain to see if your organization is present in the list.
Or
You may need to open a support case on the Developer Community to help you out or raise a support request through azure portal.
References:
Lost organization after disconnecting it from Azure Active Directory-Stack Overflow
What not to do when Connecting Azure DevOps to
AzureAD |Josh Corrick |
Restore project - Azure DevOps Services | Microsoft Docs
Some customers of ours are using external Microsoft accounts to access AAD services.
Since we're not linked with their domain, and some of them use Gmail account, adding their entire domain to our AAD is hardly possible.
The old portal (manage.windowsazure.com) had the following screen:
The new portal has a guest system which hardly works (adding an external guest results in a generic B2BError: Unable to invite user with no other details -- even if the old portal still works), and "New user" can only create users with registered domains.
Is there a way, in the new portal (portal.azure.com), to add Microsoft accounts?
I'm asking this now, since this is technically a duplicate of How do I add a Microsoft account to Azure Active Directory?, because the old portal is sunsetting on November 30, 2017, at which point working like this will no longer be possible.
Running New-AzureADMSInvitation helped me to get it working, with some more steps for our own setup:
Executed New-AzureADMSInvitation -InvitedUserEmailAddress account-to-invite#gmail.com -SendInvitationMessage $True -InviteRedirectUrl "http://mybusiness.com"
New-AzureADMSInvitation failed with an error, but one I could understand this time: The object either is sourced from an on prem directory or is undergoing migration
Went to check our on-prem AD if it had a user with the affected e-mail. It did not. Huh.
Ran a complete AD Sync cycle, just in case, on our on-prem AD with Start-ADSyncSyncCycle -PolicyType Initial
Waited until (Get-ADSyncScheduler).SyncCycleInProgress went back to False
Reexecuted New-AzureADMSInvitation, which worked this time.
This problem may stem from the dependency on MS accounts for MSDN instead of work accounts, but maybe some one has found a solution?
I use the same email address for both my MS and Work Accounts.
Our Company Subscriptions seems to be linked to our MS Accounts, as does our VSTS accounts. I can sign into Azure Portals using both MS and Work Account. I want to be able to deploy do our company subscription from VSTS.
When I sign into Azure, using my work account, I can see our Azure AD. I am a global admin and can make changes, etc. This is not visible when I sign in using the MS account. It tells me I don't not have access, which I can understand.
In VSTS, I have linked my MS Account to my work account. But I cant access some of the projects # {whatever}.visualstudio.com VSTS sites with my work account, I must use my MS account.
The main problem is when I try to set up a build and deploy from VSTS into the Company Azure Subscription. To achieve this I need to set up a Service Endpoitn to ARM in Azure. So I go ahead and try to do that.
It fails as it says that the account does not have the sufficient privileges needed in Azure Active Directory. Remember, AAD is only accessible when I log into my work account in the azure portal.
One last point, AAD would see my MS account as a guest account, so I thought 'hey, I will add that account to AAD as a guest and assign privileges necessary to perform the tasks I need'. But because the same email address was used for both my MS account and work account, it tells me when I try to add the guest account, that it already exists.
Is there any way around this problem? How can I associate/move all VSTS subscriptions to my work account?
When the VSTS identity you are using does not have access to the Azure subscription your trying to deploy to, the best way to do this is to create your service endpoint manually.
The steps are [here][1]. See the Azure Resource Manager service endpoint -> Manual subscription definition section. It has a few more steps, but once you create that, just use that service endpoint in your build or release definitions & your good to go.
I am unable to view any services in my azure portal. A couple of days back everything was visible.
I think there's some permissions issue. I am logging as Global Admin on the portal.
[UPDATE]: I was trying to publish a web application from visual studio to my azure account and when I select my account, it says "There are no Azure subscriptions associated with this account". Is it that my account is suspended or deactivated or so?
You are signed in to the classic portal with an AAD subscription. These subscriptions don't support using other services. You might be signed in to the wrong directory. Use the "Subscriptions" menu at the top to switch. If you don't have that, you could also be signed in to the wrong account. Some people have used "work/school" (AAD) email addresses to sign up for a "personal" (Microsoft Account) account. If that happens, you'll see a prompt to pick one of the two when you sign in. If you don't see your subscription, it may be assigned to the personal/MSA account. You can grant access to the other one to avoid this.
I joined to Windows Azure Active Directory beta trial when http://activedirectory.windowsazure.com was initially launched.
At initial process, site forced me to use a new LIVE account instead of the one I already have which is myname#live.com and also controls all my Azure services. Anyway, I did create a new one as myname#mycompany.com
Next, I did be able to create the active directory domain as mycompany#onmicrosoft.com and added my mycompany.com domain as secondary domain.
While ago, Active Directory tab appeared in Azure control panel and it came empty. So I assumed it needs to be link somehow but couldn't find anything about it.
After that, I tried to create a new domain but when I type mycompany into the name field of the create a directory page, it says "This domain is not unique" which is predictable since other live account holds the name.
Tried to delete entire account but didn't work. Also in here says :
"The original contoso.onmicrosoft.com domain name that was provided for your tenant when you signed up cannot be removed from your tenant."
Since I'm the owner of the both account, I would like to move (or re-create etc.) mycompany#onmicrosoft.com under my actual Azure account which is myname#live.com.
Please advise. Thank you!
I didn't realize you had an existing subscription you were looking to work wit. So what you are seeing is expected behavior as there is no subscription associated with your Azure AD account.
We are propping an update this weekend and Monday that will help you here. On Tuesday morning, do the following:
Log into Azure using your Azure AD account.
It will tell you that you have no subscription - set up a 90 day trial subscription - you will not be charged anything for this.
Click onto Active Directory tab in the Azure Portal.
Add a new user - and select to add a user with a Microsoft Account - specify the account that is the administrator of your Windows Azure subscription and make them a "global administrator".
Log off
Log in to Azure portal using the same Microsoft Account that you just added.
Go into Settings.
Click on administrators tab
Select your Azure Subscription
Click "add" in the tray at the bottom
Now add the Azure AD user account you would like to have be a co-admin on your Azure subscription.
That should do it. Now when you log in using your Windows Azure Account you'll be able to administer your Azure subscription.
Just a reminder - try this on Tuesday morning! We will have the update propped by then.
You can make this work though by creating a new 90 trial subscription - you do this on the page where you are being told there are no subscriptions associated with your account.
You need to log into Azure using your myname#mycompany.com account (the Windows Azure Active directory account you created).
To do that, go to the Azure Management portal - if you are already logged in using a Microsoft Account (formerly LiveID) you will need to log-out first - Then the left hand side of the login page you should see a link that says "Office 365 users: Sign in using your organizational account".
Click on that link, and now log into the Azure portal using your Azure AD Account (myname#mycompany.com). Once you do that, you should see your Windows Azure AD tenant in the Active Directory tab in the portal.