First of all I want to pose my question and elaborate further down this post:
How should it be done to add an administrator to Connected Factory solution accelerator?
https://learn.microsoft.com/en-us/azure/iot-accelerators/iot-accelerators-connected-factory-features
The resource downloaded from here is used.
https://github.com/Azure/azure-iot-connected-factory
It was possible to develop to a subscription of a target using "build.ps1". But only the account which developed is an administrator, and the way to make the other accounts an administrator isn't understood.
How should it be done to change the setting?
Firstly assign global admin roles to another account. (Remember to select "Global administrator" in the Directory roles)
Then you need to assign a subscription administrator to the account. (Select the Owner role)
Related
I just created my account with Free subscription, And want to assign role in "My Permission" for Contributor as "Azure AD user, group, or service principle"
But i only find this option "User, group, or service principle".
Please guide me properly if I am missing something or how can I enable or get that option.
Thanks,
Adeel
I think you are referencing Azure documentation "Add Azure role assignments"
https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal#add-a-role-assignment
I opened an issue in MicrosoftDocs GitHub to clarify misspelling in documentation.
https://github.com/MicrosoftDocs/azure-docs/issues/68645
Update 2021-01-14:
Answer from Microsoft
The details refer to the same thing but we will get the screenshot updated.
Documentation is updated
I accidentally deleted the only azure owner role of my subscription. Any idea how can I get that restore? I can only login now at azure portal and when I click on subscriptions it is keep loading, nothing is coming.
I have resolved this myself. As I am also a global administrator so I created an Azure AD User, assigned the global admin role to it. Login to azure portal with that new account, and re-assigned the Owner role to my original account which I accidentally deleted. Now Its Working fine :)
The same thing happened with me today and even after being "Global Admin" to Azure AD, I was unable to modify the permissions as the "Role Assignment" options were appearing disabled.
These are the steps that I followed:
I logged in to Azure Portal with the MS Live ID(#outlook.com) using which we got the MS Azure subscription registered(Root ID or Account Owner ID).
Then went to the Azure subscription --> IAM --> Add Role Assignment. This option was enabled this time!
To be on safer side now, created a Security Group in Azure AD with 3 Azure Administrators and then made this Group as "Owner" to the Azure Subscription.
I am trying to add the Azure credentials (Microsoft Azure Service Principal) on jenkins server under
Credentials -> System -> Global Credentials.
Copied the subscription ID from my App service and added all the necessary information. When I click Verify Service Principal, I am getting The subscription id is not valid error.
I am pretty sure the subscription Id is correct. Am I missing something else?
I have faced similar issue and the solution is adding required permissions to the service principal which we are using to authenticate.
With out any permissions on subscription it cannot validate.
Even though i get that error i was able to save the settings and connect to Azure. It is definitely weird.
You will need to give the service principal access to your subscription by assigning a role to it. To assign a role to the service principal, go to the subscription level > access control (IAM) > add role assignment.
For Jenkins, I actually assign an owner or a contributor role to it. But you can choose the whatever role is appropriate for your use case. You can find more details about service principals here
I have faced a similar error and I resolved it by using the subscription ID of the resource group where I created a Service Principal
I`m a global administrator of my Azure Tenant and gave Global admin rights to others so they can manage the Azure Tenant.
However, they cant view any of the services already provisioned on Azure.
For Example, cannot view:
a) Resource group
b) Enterprise Applications
Please suggest what more shall I do to resolve the issue?
This issue may be caused by that you haven't been assigned a subscription.
Try to find it whether subscriptions in your Azure Account. (Put in "subscription" in search blank in Azure. )
If you don't have any subscription, try to connect the owner and add your account as owner or else role . (Go to subscription > choose one subscription > Access control > Add ) The steps looks like this:
When I go into the classic portal, Settings on the left, select my subscription, When I click edit to 'Change the associated directory' I only have 'None' in the drop-down. I think this s breaking my SQL AD Authentication. I have a directory set up with users and groups and I can see it and manipulate it in the new portal. I can't however log in to a SQL instance using AD username/password.
How can I get my directory to show up in the list?
That seems like it would be the issue, if you can't see the directory listed and you see 'None' then you need to verify you are an the account administrator of the subscription and global administrator of the directory otherwise you will not be able to associate it with your subscription.