I am trying to create new alert to send notification at new permission created but i didn't get what i want .
This what i am talking about:
As I understand, I think you are asking for an alert to be generated when an role assignment is made in your subscription. If yes,
You may use Azure Monitor for your use case.
In Azure Monitor blade, you need to create an alert as follows
a. Specify the target resource (in your case, your subscription),
b. Define an alert criteria (when you configure signal, choose administrative activity log > create role assignments / delete role assignments)
c. Create an action group. You can specify an email address to which the alerts will be sent
Once setup, every time a new role is assigned, an email alert will be sent to the email id specified in the Action Group
You may explore Event Grids also for your scenario
Related
I created an alert on activity log as described in this link
There is an option to set Event initiated by filter to any email id or "All users and services". Is there a way to set it to "All users only" (and not any service/service principal). Basically I want to trigger alert if any user changes a setting and not a service principal.
Unfortunately, this isn't supported in Activity Log Alerts.
Activity log Alerts does string compare on the values of the rule and the event,
so it needs explicit (or no) values.
Possible workaround:
If you have the list of all users emails-
you can create an Alert rule with containsAny via ARM Template.
otherwise, Log Search Alerts should work.
Is it possible within Azure devops to send a bespoke notification to a user when a work item is completed.
Example Scenario
Work item are logged in azure devops under project by user 'Y' on behalf of a user 'X'
When this work item is completed is it possible to automate an email to user 'X'. Saying something like your request has been completed.
User 'Y' = Member of development team
User 'X' = End user of system, who has requested feature
Is this possible to achieve or is there a better way to go about this process ?
I think, this is possible but azure devops should detect your X by some properties. I see two ways:
User X may to Follow a work item.
User Y may create some specific tag and you can create a custom notification for that tag:
Or create a custom application that will scan your work items and send notifications.
I want to set multiple email ids in "Email Azure Resource Manager Role" while setting Monitoring Alerts through Azure Portal. I am not sure how to configure multiple user using above action. Could you please help.
In the Email Azure Resource Manager Role, there are just three options, Owner, Contributor, Reader. I am not sure what you mean set multiple email ids in "Email Azure Resource Manager Role". If you select a role e.g. Owner, it will email all the members with the Owner role of the specific resource. In this scenario, if you want to add multiple emails, you need to add them as an Owner role in the Access control (IAM) in the portal(they need to be in the same tenant of your subscription), see this link.
If you want to just want to send emails to some other ones, you may need to create an email group and add the emails addresses which you need to the group. Then use the email group address in the Email option due to it could just accept one address.
We added the pre-existing field "Subject Matter Expert 1" to the User Story work item type. The field is of type Identity. Is it possible to add an alert so that the person in that field will get an email in certain conditions, such as when the work item is in a Board Column called "Specification".
By default with the current subscription model
you can subscribe an alert to any work item fields that changed. But while sending the alerts dynamically to the person(role) specific to "Subject Matter Expert 1" is not-available (I think).
You can only send alerts to the below roles
Assigned to (new)
Assigned to (previous)
Assigned to (current)
Changed by
Created by
Authorized as
So you can use Service-hooks for your requirement.
Create a Service hook which will hook whenever a work item is updated.
Handle the hooks by creating Azure functions/your own web application to
check for your certain conditions.
Create your own Send mail function if your condition matches.
I have a project in Identity management for which I am hoping someone can point me in the right direction. It's role-based provisioning, basically I need to know how to provision a specific application based on certain user attributes (e.g. job title, dept) and then to automatically raise a provisioning request for that application. The application is a disconnected application and will be provisioned manually.
What we are trying to achieve is that once a user has been created in OIM and if he or she meets those criteria, the OIM will generate the request for the application so they can be provisioned for them. Is there a way to implement this within OIM?
You can just use the scheme where a role in OIM has a membership rule to automatically grant a user the role if some of user's attribute match specific condition.
Then you can create an Access Policy to provision a disconnected resource and attach it to this created role. Usually disconnected resource provisioning will create a SOA workflow where there is a human task to complete the provisioning operation.
All you need is a Role with desired membership rule and an Access Policy attached to it. Role and membership rule can be created with OIM Role creation wizard. You can create a policy from admin console and associate your role and resource with it. Do provide default required parent form fields (at least IT Resource).
In case you want to add default entitlements edit the child form and add those.