I have an active directory in MS Azure. I want my colleague to use the same directory so that we can do some RND on the same. I have already created user for them using their hotmail id. I have also changed the user role to "Global Admin" for them. They cant see any option to access the same active directory after log in. Is there any way they will give the url like
https://manage.windowsazure.com/#IamNewInAzurehotmail.onmicrosoft.com#Workspaces/All/dashboard
and log in with their hotmail account.
You need to add him in Administrators List in setting option of Azure Panel.
Steps:
Login to Azure Portal with Root administrator.
Go to left panel and select Setting.
Go to Administrators tab in right side pane.
Click on Add button in task pane and add his hotmail or Organisation ID for Co- Administrator, Select the subscription in which you want to allow him.
Click on tick mark to apply these settings.
Related
I am looking for PowerShell commands or any API, so I can change the Service admin of my subscription. Going over a lot of documents but could not find any commands or API.
Manual Steps
Go to Subscription - Properties
Click Change Service Admin
Select the new ID and click OK
I want to automate the above steps.
thanks,
Div
As a POC, I created a guest user, ex: 'OwnerABC#website.com' and made the user a Group Owner. According to the documentation and my group settings, I should be able to add members/modify changes with the group as the Group Owner, but I'm unable to do so. When I login as 'OwnerABC#website.com' in Azure Portal UI, I change to the correct tenant and I do not see any groups or users.
I also tried going to myapps.microsoft.com and I try adding a user. The search returns empty for any user I want to add to the group that I'm the owner of. It then gives me an unexpected error page.
enter image description here
What other privileges does the Group Owner need or is there somewhere else that a Group Owner, who is not a global administrator, need to go to make changes to the group?
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-manage-groups
Most probably the "User Settings" for "External Users" in your Azure Active Directory is set to "Yes" for "Guest users permissions are limited" setting. When this setting is set to "Yes" by default Guest users aren't able to do certain tasks like enumerating users, groups and other directory resources.
See screenshots below for checking this setting and description.
Go to Azure Portal > Azure Active Directory > User Settings > Manage External Collaboration Settings (under External Users)
On clicking "Manage external collaboration settings" you should see
So now you have 2 possible ways to achieve what you're looking to do:
Change this setting to "No". Once you've changed the setting, try to login to Azure Portal as the external user OwnerABC#website.com again and you should be able to see other users. (Just give it a couple of minutes after changing the setting for this to reflect. It took a little time in my case at least)
As you can understand the setting above is generic and applies to all guest users in your directory. If you want to do something special only for this guest user, then don't change the setting and let it stay at "Yes", but assign an appropriate "Directory role" to user OwnerABC#website.com. This way only this guest user gets to see other users and not all other users.
Assigning a "Directory role" can be done by navigating to Azure AD > Users > Specific User (OwnerABC#website.com) > Directory role > Add role
We have an Azure Active Directory Enterprise Application which we have invited users to use. We can invite any email address and they can sign up, then they can go to myapps.microsoft.com and see the app, this is all working great.
However, one problem is on the right side of the myapps.microsoft.com (aka https://account.activedirectory.windowsazure.com/r#/applications) on the right hand side there's a group icon:
I click on this groups icon and then All Users, I can see every single user inside our instance of Azure AD, how can I prevent this?
You can enable Guest user permissions are limited from portal.azure.com -> Azure Active Directory -> User settings -> External collaboration settings. This should prevent guests from seeing other users. If this is not enabled, guests can see a full user list at e.g. portal.azure.com.
I'm currently implementing a solution, where an external tool is making posts to the Connections API. These calls are made via basic authentication with a service account configured in the external tool.
However, I need the posted content in Connections to appear as posted by another user than the service account (users ids/emails are known to the external tool). Is there any way, the service account can post on behalf of others/impersonate users when posting to the API?
You need to add support for your the external user account to the right websphere roles
These Application / Roles are:
WidgetContainer trustedExternalApplication, admin
You can follow this article to set it up on your system.
In order to give a user administrative access to widgets, we can assign some privileges to one of the users - fadams.
You need to start the deployment manager on the quickstart.
Connect to the system via SSH
sudo /etc/init.d/ConServer_DM_was.init start
Navigate to https://${HOSTNAME}:9044/ibm/console/login.do?action=secure
Enter User ID : wasadmin
Enter Password : lcsecret
Click Login
Expand Applications > Application Types
Click on WebSphere Enterprise Applications
Select one of the Applications (from the table)
Application Role
Homepage admin
WidgetContainer trustedExternalApplication admin
Communities widget-admin admin
Profiles admin
Click on Homepage
Click on "Security role to user/group mapping"
Select One of the Roles (Admin)
Click Map Users
Enter Search String - fadams
Click Search
Click the Right Arrow
Click Ok
Click Ok
Click Save
Repeat for Each Application and Each Role in the Table Above
....
Click System Administration on the Left
Click on Nodes
Check localhostNode01
Click Synchronize
The Servers are now synchronized with your updates to the roles.
Click Servers > Server Types > WebSphere application servers
Check conServer
Click Restart
Once you see the Green arrow again, the connections server is fully restarted
Navigate to https://${HOSTNAME}:444/homepage
Login as fadams with your password
You should see administration on the left side of your connections instance
http://www-10.lotus.com/ldd/appdevwiki.nsf/dx/How_to_update_the_quickstart_to_support_Widgets
For adding a co-administrator the Howto refers to a "Hosted Services, Storage Accounts & CDN" view. But I can't find anything like this in the new portal.
Does anyone know how to do this in the new portal? Is there a way to login to the old portal?
The "classic" portal (manage.windowsazure.com) has been retired. Co-admins are managed through the portal.azure.com site now. To manage co-administrators:
Go to Subscriptons from the main nav
Select the subscription you want to manage
Go to Access control (IAM)
Find the user you want to add/remove as co-administrator
Click the ellipsis on the right
You should see the option to add/remove co-administrator (whichever one is applicable)
Currently, you need to use the old portal to administrate co-admins. You can access the old portal at windows.azure.com. Once you are there and have signed in with your Live Id, select the Hosted Services category (bottom left) and then the User Management subcategory (top left).
in the Azure portal, you need to goto subscriptions, select the subscription, then select Access Control (IAM). Add a person with the owner role, then click the ellipsis and select add as co-administrator
IMPORTANT You have to make someone an owner before you can add them as co-administrator
If you want go to old portal just click in bottom to "Preview" (green button) and press "take me to previous portal"
Now you can use the new Portal for this, you can click the "SETTINGS" option in the Left navigation bar and select the "ADMINISTRATORS" tab in the top. You also can manage certificates as well in this option.
With current portal go to :
Azure Active Directory
Roles & Administration
From the list of roles click the role you want to give the new person
You will be on a page where there is a button add member click that button to add the person(the person must already be added/created in the active directory as a user)
On the right side in the field type the person name(email used to add her/him) and click select (A button under the field.
That's all.