In Azure API Management you can enable integration with AAD, by following the guidelines in this article:
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad
This part describes the sign in after setting up AAD integration:
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad#a-idlogintodevportalsign-in-to-the-developer-portal-by-using-an-azure-ad-account
In step 3 of of this part, the following is mentioned:
"You might be prompted with a registration form if any additional information is required."
I don't want to bother my consumers with this dialog, but I can't find what 'additional information' is meant here.
The sign up dialog only shows email, first name and last name.
Anyone knows what information the registration process is missing, which leads to this dialog to show up?
I don't want to bother my consumers with this dialog, but I can't find what 'additional information' is meant here. The sign up dialog only shows email, first name and last name.
If you don't want to enable the registration process, you could delete Username and password
provider from azure portal.
It will just use the Azure AD provider. then it will not prompted with a registration form.
Updated:
If I click sign up, I get the registation is disabled.
After consulting the Azure API Management product group, it became clear you cannot disable this dialog at the moment.
The documentation is mentioning the dialog is only prompted in a certain case, but that's is not accurate. The dialog will always be shown when you sign in on the developer portal, when the Azure API Management is integrated with AAD.
Related
First issue, signing in to dev.azure.com no longer works like it used to? In the past, there was a link to sign in to Azure DevOps. This link is no longer on the page, and when using the Sign In option in the upper right corner, I'm routed to the Azure portal, not ADO. What is the correct landing page for ADO login?
Second issue, if I do get to the login page (e.g., either by entering the org directly in the url like dev.azure.com/MyTestOrg or by clicking a link in an ADO alert email), I will often get this error: AADSTS900144: The request body must contain the following parameter: 'code'
1.For logging to Azure DevOps issue, it is suggested you can first clear the cache, then try this link:My Information first by following the step select your affected tenant -> select the affected organization, then login your organization.
2.For logging to Azure Portal, try this link: Home - Microsoft Azure with the affected user account.
3.For the issue situation above, check whether your user account is also a Github user, if so, it is suggested that you should first unlink your GitHub account from the affected user.
You can follow the steps below to unlink your GitHub account from the affected user.
Step 1: Please help unlink your GitHub account from your MSA:
·
Navigate to https://account.microsoft.com/security
Select the Advanced Security Options tile and then look for the
"Ways to prove who you are" section
This will list all the authentication options for your MSA
From this list, find and expand the Sign in with GitHub option,
select Remove, and then confirm
You may be prompted to create a new password
Step 2: After the operation1 above completed, then let the PCA or Org owner try deleting the affected user from the organization, and then try adding it to the org again, after successfully adding it, then check in the Email box firstly to see whether received an invitation email of Azure DevOps as below with your affected user account.
Then copy the inviting link and open it in InPrivate mode with Edge or Chrome browser with affected user account to login the org to see whether if it works.
In my Azure AD tenant, I currently have it configured so that users logging in for the first time must register at least one authentication method (e.g. an alternate email, a phone number). This is useful for MFA and self-service password reset (SSPR) - screenshot here.
I want to have several non-interactive service accounts that will not be configured for either MFA or for SSPR. Therefore, these non-interactive service accounts do not need alternate authentication methods. However, under my current setting, these service accounts are prompted to enter alternate authentication methods on first login:
First with the "More Info Required" screen (screenshot), which you
cannot cancel out of
And then with the "don't lose access to your
account!" screen (screenshot), which actually does allow for the user
to cancel the operation
This is extra inconvenient because, when adding an email, email verification is required, which doesn't allow us to do this programmatically (screenshot).
If I do just click "Cancel" on the "don't lose access to your account!" screen, I can simply proceed to sign-in without inputting alternate authentication methods (screenshot).
So the question is: how can I exclude a certain subset of users (e.g. non-interactive service accounts) from requiring alternate authentication info when first signing in?
We can include only a certain subset of groups for SSPR under Password Reset->Properties. This feature does not have an "Exclude" list, which makes it more difficult to implement.
More details in an MSDN forums post:
https://social.msdn.microsoft.com/Forums/en-US/51affd2c-a2c8-4faa-bbd8-bd1773c985d4/how-to-exclude-a-subset-of-users-from-requiring-authentication-info-when-first-signing-in?forum=WindowsAzureAD&prof=required
I'm trying to use Video Indexer API (v2). But when I try to sign in to it using the the Azure Active Directory, I get this message:
Selected user account does not exist in tenant 'Microsoft' and cannot access the application 'da0eb6e2-d2bd-4cbd-ad65-81ddc43546e2' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
I'm not sure what the issue is?
Sign-in to the VideoIndexer developer portal has been revised.
We unified the developer portal sign-in with that of the VideoIndexer site.
The screenshot in #Mohit_Garg comment in no longer relevant. This is our new sign-in experience.
The first option should be used in case of Active Directory accounts. This is also the only option that will allow you to use Video Indexer paid.
In many cases users selected the Microsoft option in the old authentication method when they actually wanted AAD option.
After the new experience they select the first option "Sign in with a corporate account" and get a message saying that an account with that E-Mail already exit.
An Email is unique in Video Indexer developer portal. So if you want to use your AAD but previously opened an account in the developer portal using a different authentication method you will need to sign-in using the original authentication method and close the account in your developer profile page. After the account removal you will be able to sign in with different authentication method.
More info can be found in the official video indexer documentation
Clarification: I'm a developer in the Video Indexer team.
Follow below steps to Subscribe to the API -
Sign in.
To start developing with Video Indexer, you must first Sign In to the Video Indexer portal.
If signing in with an AAD account (for example, alice#contoso.onmicrosoft.com) you must go through two preliminary steps:
A. Contact us at visupport#microsoft.com to register your AAD organization’s domain (contoso.onmicrosoft.com).
B. Your AAD organization’s admin must first sign in to grant the portal permissions to your org. To do this, the organization's admin must navigate to https://videobreakdown.portal.azure-api.net/signin-callback?provider=Aad, sign in and give consent.
Subscribe.
Select the Products tab. Then, select Production and subscribe.
Once you subscribe, you will be able to see your subscription and your primary and secondary keys. The keys should be protected. The keys should only be used by your server code. They should not be available on the client side (.js, .html, etc.).
Start developing.
You are ready to start integrating with the API. Find the detailed description of each Video Indexer REST API.
I'm using an Azure B2C tenant to store users. At present I have to go through the graph API to retrieve the user details from my MVC application.
The annoying thing however is that the most of the details I'm interested in are already contained within the list of claims within the ClaimsPrincipal.Current object (in this case name, job title and email), so for the most part this call isn't actually needed. Department is the only one not included by default and is the only reason I'm making the call. In addition going through the graph API seems to slow things down enormously when running the site on Azure.
Is there any way of including the department in the claims list contained within the ClaimsPrincipal.Current object so I can skip the call to the graph API entirely?
If I understand your question, it sounds like you are asking how to include additional claims in the ID token returned by Azure AD B2C. The claims returned are configured on a per-policy basis.
Navigate to the B2C features blade on the Azure portal.
Click All policies.
Click your sign-up policy to open it. Click Edit at the top of the blade.
Click Application claims and select the attribute. (for example "Department") Click OK.
Click Sign-up attributes and make sure "Department" is one of the attributes collected from the user.
Click Save at the top of the blade.
Click "Run now" on the policy to verify the consumer experience. You can use "http://jwt.ms" as the redirect URI to inspect the token returned by Azure AD B2C. You should now see "Department" in the list of attributes collected during consumer sign-up, and see it in the token sent back to your application.
We are using DocuSign REST API (DocuSign C# Client) to create a DocuSign account for our clients. An account is created successfully, but when the user login that account on DocuSign Web (New UI) then they do not get "Go to Admin" menu in admin preferences. Is there any settings that we need to apply while creating DocuSign account. We are using DocuSign C# Client to create an account and applying only email and user name.
Also, we want to update some DocuSign account settings using REST API. But some parameters are not getting updated. When I checked the API log and found that parameter which we want to modify its read only. Below what i found from API log.
"allowEnvelopeCorrect":"false","allowEnvelopeCorrectMetadata":{"rights":"read_only","uiHint":"available"}
See my answer below on another thread, I would try to explicitly call canManageAccount and see if the permission gets set. It may still need to be done in SOAP.
Fail to update user's "Manage Account" permission through "Modify User Account Settings" API
Are you creating new accounts through the API or just adding new users to an account?
There's actually a bug in the platform currently that will be fixed soon - the bug is that for single user accounts the Go To Admin link in the menu drop menu is not available. I believe this might be causing your issue. Starting tomorrow you should be able to access the Admin menu directly through - admin.docusign.com/auth - and I think next week the actual menu item should be enabled and bug fixed.
-- By Ergin
It has been fixed Now.. Thanks.