I have a task to create a notification system where I can configure which email goes when based on conditions.
Since I would like it to be multi-tenant and customizable I thought that the conditions could be stored/configured in the same manner as Azure Policy json.
For my system I need:
conditions
parameter replacing
In "then" statement I would point to the notification id.
Is there any out-of-the-box library that I could use for evaluation of this kind of jsons?
Or my only option is to look at the source code of AZ Policy and create such a thing myself.
Thanks,
Rafal
To the best of my knowledge, this would not be possible with policy since policy does not support notification systems.
Related
When validating user passwords to make sure they are complex enough when creating an account through an Azure B2C custom policy, is it preferable to use Regexes, or Predicates?
The default custom policy we've downloaded from Microsoft uses Regexes, which does the job. But would it be better to change the policy file to use Predicates instead?
It's recommended to use the Predicates. The Predicates has better user experience and much more flexible to configure. Yep, the starter pack still use the Regex, but we advice customers to use the Predicates. See the Configure password complexity using custom policies in Azure Active Directory B2C doc for more info.
Azure AD B2C by default uses Strong passwords. You can configure the password complexity rules like min,max length, character set/class for bult in user flow.
Using the Custom policies we will have lot more freedom to configure the password complexity with Regular expression(regex) or by Predicate validation.
Regular expression and Predicate can be used restrict or set rules on the user input. There are some issue by using regex where you can over come with Predicate like the error message that we display for user input validation is scoped for the entire regex.
But by using Predicate validation you can define a collection of rules and can specify the error message that apply to different rule/rule groups which will help in communicating where users data entry is failing.
We recommend Predicates over Regex, but its upto you on choosing based on the password complexity you are building.
There are many policies applied to subscription, but for me requirement is to fetch the compliance only w.r.t specific initiative/policyset.
Followed this article https://learn.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data by wasn't able to that, so needed help or some pointers in fetching compliance data for specific initiative via cli or rest apis.
So solution that I have now is this: https://learn.microsoft.com/en-us/rest/api/policy-insights/policystates/summarizeforsubscription
We need to make POST request to https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/policyStates/latest/summarize?api-version=2019-10-01
Above API call returns the data for all policies applied to the subscription and there we can also list initiatives, from there we can filter specific initiative/policyset and it's compliance status.
I need users to enter a date when signing-up or editing their profile in Azure AD B2C. Is there any way to do this without using Custom Policies?
I see two options:
Use a string extension attribute with a text input. But you cannot do client-side validation...
Use 3x string extension attributes (day, month, year) with 3x single-select drop-down inputs. I think this is the way I will need to do it.
Is there a simpler way? Am I missing something?
Why not use Custom Policies? This is the only functionality I am missing using the built-in policies, so it seems like overkill to introduce the additional complexity of getting everything working with Custom Policies, just to get a valid date. Plus Custom Policies are in preview at the time of asking, so are subject to change etc.
Many thanks!
I opened a question on the MSDN forums to see if I could get an answer there.
To sum it up, you need to use Custom Policies.
My concern regarding using features in Public Preview was addressed like so:
We recommend built-in policies for most scenario's. However, for specific requirement (scenario) built-in policies may not fetch you the actual results. In that situation, you have to use custom policies. Yes, you're right, Microsoft does not recommend using preview features in production environment. It is good to be cautious and follow the recommendations.
I want to publish my API, but I want to limit so users can only execute in sandbox environment (I want to limit production to specific user/customers with specific agreement).
This is a basic functionality in other API managers, but I don't find how to do in WSO2.
I have found this article in Medium, and also noticed that when I create an aplication, a couple of new roles are created (Application/user_application_SANDBOX and Application/user_application_PRODUCTION), but I don't find how to use them.
Deep dive in doc doesn't helped me.
Option 1:
You can use application registration workflow to control key generation for production and sandbox, by sending it through an approval process.
If you want to automate it based on a property or something, you can write a custom workflow extension.
However, this is applied to applications but not to APIs. That means if you allow generating prod keys for an application, all APIs, that the application has subscribed to, are accessible with prod keys.
Option2:
If you want to do this in API level, you can write a custom mediation sequence. Within the custom sequence, you can read the key type (i.e. production or sandbox), subscriber, enduser (if required) etc. and decide whether you want to allow the request or not.
I'm working on applying a custom company security policy in my company's application.
I use the AdalJs library and I see that even if I apply the my Azure policy to the AD application, because of the silent renewing tokens, I'm not able to comply with the policy requirements.
Is there a parameter to set in AdalJs library to disable the Renewing Tokens?
If not, I'll be forced to modify the library, but it is not what I'd like to do.
Thank u in advance.
OaicStef
No, there is no such parameter we can disable token renewing. If you have a common scenario require this feature, I suggest that you submit the feedback from here.
And if it is not a common scenario, you may need to modify the source code. For example, you can modify the acquireToken function to remove the relative code about _renewToken and modify it based on your special requirement.