I have been trying to figure out how to add a custom URL for the myapps.Microsoft.com portal. I know it is possible but can not figure out how. I have tried adding a cname pointing to account.activedirectory.windowsazure.com and one pointing to iamux.aadg.windows.net.nsatc.net but I keep ending up with certificate errors. can anyone help?
You cannot add a custom URL for that portal in this way.
It would require you to not only redirect DNS queries, but also install an HTTPS certificate on Microsoft servers, which you can't do.
What you can do of course, is setup your own Web service at that URL which issues a redirect to the myapps portal.
I figured out a workaround on how to add your own URLs and tiles in the myapps portal page.
Here is what I did, and it works perfectly fine for me.
Steps:
Login to your https://portal.azure.com/ account
Go to "Azure Active Directory"
Go to "Enterprise applications"
Click "+ New Application"
Click "+ Create your own application"
Give a name for the app (Your own web service server)
Choose "Integrate any other application you don't find in the gallery"
Now the app is created
Under "Manage"
1)- Click "User and groups"
- Add all the users/groups you wish them to view/use your new URL tile and save
2)- Click "Properties"
- Upload image logo to something you want and save
3)- Click Single Sign-on
- Select "Linked" mode
- Then enter the URL you want and save.
Done. That should work like a charm
Here is myapps portal page setup
Related
The Azure AD B2C - App Registrations (both current and preview) will not save my non localhost address. i.e. if I add a redirect Uri as https://localhost:44734, and save it works fine. If I add a uri as https://mysite.azurewebsites.net it will not save. The details here is slightly different depending on the part of the portal you are in.
If you are using the "App Registrations (Preview)" version, you see a notification in the top right saying "Update application Authentication". This just stays there and never finishes.
if you are using the current Applications blade you get an error stating "Application Update Error" "Cannot update Application: One of the properties provided for the application 'XXXXX' has invalid value. Please read this article (https://go.microsoft.com/fwlink/?linkid=847767) for more details.". This seems to be the case for any URL except localhost.
Also manually editing the manifest is also giving the error.
You should be able to add both localhost, and any valid url in that screen. Which seems to work on a new Application, but not an existing one.
I can not reproduce your issue on my side. I think you can create a new application to resolve this issue.
Also, you can try to delete all the reply urls and then add it again.
I want to connect my Microsoft Azure bot to CRM Bitrix24. I am stuck on the point, where do i need to change the password of the App. To do this in "Settings" of this App i need to click "Manage" but when i am clicking it - i get "Not found" error.
I have tried to create new bots, wait for ~10 hours because support told me that Azure security system can be up to 8 hours. Have tried to register bot with a help of https://apps.dev.microsoft.com/#/application/{app id} link. Nothing is working for now.
You can't change a password, however you can create and delete passwords.
To do so, first navigate in Azure to 'App registrations'. You can click on the 'All Services' button and search/access the page from there.
Click into 'App registrations', select your bot, and then select 'Certificates & secrets' in the menu.
From here you can click under the 'New client secret' button located under 'Client secrets'. Be sure to record the newly generated password as it will only be visible once.
Side note: The 'Manage' button in the bot settings appears to be working. Not sure if it was fixed since you posted your issue. If you are still unable to access, try logging out and clearing your browser history/cache.
Hope of help!
I have added a domain name to my Azure Active Directory account, but it says that the domain name is unverified.
In order to to verify the domain name, I go into my 'default directory' and go to the 'Domains' tab, where I can see my whatever.com domain name listed. I click it to highlight it and then click on the Verify button at the bottom bar and a box pops up: 'Configure domain for single sign-on', telling me to go to the "Directory Integration page and complete all steps..." There's also a checkbox, asking to take me to the Directory Integration page now. And that's it, except for the tick button in the bottom right.
The only option I have, is to be sent to the Directory Integrations page, with help topics that point to other web pages that do not necessarily reflect what I'm seeing inside the Azure Portal, in terms of verify domain names.
I understand that I need to create a TXT record on the domain name I have already purchased, and I can see from other screenshots that I need to find a value within Azure (somewhere) that has the value 'MS=xxxxxx' but finding out where to get that value from is proving difficult.
Am I looking in the wrong place for this?
In the current version of the management portal, the necessary verification information is only displayed if you do not check the option for "I plan to configure this domain for single sign-on...".
If you add the domain and leave that option unchecked, the next step of the dialog will display the MS=xxxxxxxxx value that you need to register as a TXT entry on your DNS server.
I believe the reason it's not displayed when you opt for single sign-on is that the value is meant to be retrieved as part of the AD FS configuration (or whichever STS implementation you will be deploying).
Check out this article: Quick Start Guide for Integrating a Single Forest On-Premises Active Directory with Windows Azure AD
In particular you are probably looking for the Get-MsolDomainVerificationDns cmdlet.
I don't have an AD FS deployment to verify this on currently, but I'd be very surprised if the TXT values differ between the two setups, so the first thing I would try is grabbing the value from the screens when the single sign-on is not selected and adding it to your DNS zone.
Hopefully, this points you in the right direction.
Edit: An updated article covering the updated management portal is now available: Add a custom domain name to Azure Active Directory
Type the below code into your Windows Azure Active Directory Module for Powershell
Get-MsolDomainVerificationDns -DomainName <domainName> -Mode dnstxtrecord
where domainName is the domain that you need to verify.
You will get a Label,Text And TTL. You need to add this to the DNS record of your domain(domainName) and then type the below code to complete the verification process.
Confirm-MSolDomain -DomainName <domainName>
Ofcourse you need to connect to your azure account before you verify the domain.
Connect-MsolService –Credential $cred
If you are adding a new domain:
Be sure you're in the "Domains" tab in the portal when you add your domain via the popup dialog.
Once it says it's successfully added, click the "right arrow" button in the bottom-right of the dialog
The second page should have the TXT record you need to add.
If you already added it and it's waiting to be verified:
Be sure you're in the "Domains" tab in the portal.
Select your domain with an "Unverified" status.
Click on the "Verify" icon at the bottom and it will bring up a dialog with the TXT record you need to add.
All,
I'm configuring Sharepoint to use forms authentication with LDAP/Active Directory. I'm new to Sharepoint, so if this is obvious, please point me in the right direction.
Whenever I attempt to log in with a bad account or password, I get the very friendly (and correct) error message,
The server could not sign you in. Make
sure your user name and password are
correct, and then try again.
... which implies that Sharepoint is able to communicate with AD. If I log in with a valid account, I get a page that says:
alt text http://img63.imageshack.us/img63/6053/sharepointerror.png
(I added the grey bar to cover up the login name)
Any suggestions? The account I'm logging in with is an administrator and has been granted full control in central administration.
Also, interesting note: If I click the "sign in as a different user" link, and attempt to sign in using with the same credentials I just used, the site just redirects back to the login page, with no error or status message. If I then manually enter the site url, it again shows the "Error: Access Denied" page. Argh.
Go to site action of the actual site and add user in the format of
:loginid
It should resolve and show it underlined then try login in back to application that should fix it.
Your AD connection is working fine just need to add to sharepoint users list
yourprovider:userid
Yourprovider name is the name you gave to the user provider in web config
And you can add this user from parent site that is windows protected and you have all
I suppose it's sharepoint site security issue.
I'm getting the same error when trying to enter Site Settings page with a user that has a lack of permissions.
If you have at least one user that can access the Site Settings page, I suggest you to go to Site Actions/Site Settings/Users and Permissions/People and grops then click New button and add a user from AD to an appropriate group, eg. Team Site Members.
You have made connection with Ad and its working fine. So that you got error, when you try to login with invalid user id.
But you have missed one step in above scenario.
You need to give the permission for all AD users in your SharePoint site. The better way is to create a user group in AD (it may already there) which included all the users and add this user group in your SharePoint site with read permission.
I have a website running on a Windows 2003 server on IIS 6, serving pages for a LAN where everybody is working with a domain account. On other machines this works fine, no-one has to login to the website, the dynamic scripts pick-up the account-name from the HTTP request.
Only, when browsing from the server itself (via remote desktop e.g.), Internet Explorer still pops up the domain-login-dialog when navigating to this site. (both the usual URL and http://localhost/). This was no problem on the Windows 2000 server we recently migrated the website from.
I had this problem or similar and solved it by:
adding http://localhost to list of Intranet sites, via IE > Tools > options > security > Local intranet > Sites > advanced > add http://localhost. (This is necessary if you have IE Enhanced Security installed which assigns all intranet Web sites and all UNC paths that are not explicitly listed in the Local intranet zone to the Internet zone, even localhost or other domains that don't contain '.' symbol which would normally be considered intranet by default.)
also on Security > Local Intranet > see what level of security you're on, to ensure that logon details are passed through. If it's Custom then click the Custom Level... button, scroll right to the bottom, under User Authentication > logon > for me it's 'Automatic logon only in Intranet zone', which works.
Did you configure IE on your Windows 2003 box for "Enable Integrated Windows Authentication"? This needs to be configured in IE6 to automatically use the logged-in user credentials.
You'll probably have better luck on ServerFault for this issue, as it's probably down to server configuration. Take a look at this KBAlertz.com article, yes it's specific to SharePoint, but some bits are more general. I suspect (given that you've said you've migrated to a new machine), that the issue is around the new machine not being "trusted for delegation" so look at the part titled "Configure trust for delegation for Web parts"
Configure trust for delegation for Web
parts To configure the IIS server to
be trusted for delegation, follow
these steps:
Start Active Directory Users and Computers.
In the left pane, click Computers.
In the right pane, right-click the name of the IIS server, and then
click Properties.
Click the General tab, click to select the Trust computer for
delegation check box, and then click
OK.
Quit Active Directory Users and Computers.
If the application pool identity is
configured to use a domain user
account, the user account must be
trusted for delegation before you can
use Kerberos authentication. To
configure the domain account to be
trusted for delegation, follow these
steps:
On the domain controller, start Active Directory Users and Computers.
In the left pane, click Users.
In the right pane, right-click the name of the user account, and then
click Properties.
Click the Account tab, under Account Options, click to select the
Account is trusted for delegation
check box, and then click OK.
Quit Active Directory Users and Computers.
If the application pool identity is a
domain user account, you must
configure an SPN for that account. To
configure a SPN for the domain user
account, follow these steps:
Download and install the Setspn.exe command-line tool. To do
so, visit the following Microsoft Web
site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&DisplayLang=en
(http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&DisplayLang=en)
Use the Setspn.exe tool to add an SPN for the domain account. To do
so, type the following line at the
command prompt, and then press ENTER,
where ServerName is the fully
qualified domain name (FQDN) of the
server, Domain is the name of the
domain, and UserName is the name of
the domain user account:
Setspn -A HTTP/ServerName Domain\UserName