I have created visual studio online site using azure and backed by our company active directory.
And when going to user management site (example image, not my screenshot) in the search box I can see all the users from the active directory which means that I'm properly connected (I guess).
And here is the problem which I wasn't able to solve.
I would like to know if it is possible to automatically give read permissions to users from active directory that try to access the site.
Currently they can login, but when they access the site it says that they don't have permissions and I have to manually add them one by one and I don't want to do that.
Do I maybe need some special active directory group that I add there as a user or what? I'm not active directory admin so I don't have access to its settings.
Thank you for the help.
Currently VSO does not support AD groups. In addition, just because you assign a licence, does not mean that they should have permission to everything. You my be a special case, but the choice of access should be left to the Team Project owners.
Related
I am trying to create a new Blazor server app and configure it to use a new Azure Active Directory that I recently created. I have found a couple tutorials online showing how to do this, including one from Microsoft, but I keep encountering an error that says "The user account doesn't have the required permissions to access the domain."
I read online that I needed to verify that my user account is assigned to the Global Administrator role, which I did and it is. I have tried to create 3 different active directories in Azure to see if it was a fluke, but I have received the same error message each time.
Any help that you are able to provide would be greatly appreciated.
Make sure that you have signed in to Visual Studio with an admin account of the domain (here it should be "thomasagarza#yahoo.com").
After adding the account, you can apply filter for it (select the domain it is an member in). Make sure you have added it as the guest of that domain and assign Global Admin role to it.
Then all the related domains will be listed when you create a new project with Work or School Accounts Authentication. Select the domain which "thomasagarza#yahoo.com" is the admin in and click on OK. Generally you won't be required to enter your credential again in this step.
Please note if you have a custom domain for your AAD tenant and have made it primary, the domain listed here will be the custom domain name. In this case, if you manually set the domain as the format "***.onmicrosoft.com", you will get the error you are facing.
I have created multiple apps in SPEAK UI and placed all quick access shortcuts on the Sitecore Launchpad.
Now, how can I restrict access for some applications while creating Users, because we have Content Area in Access Viewer?
There are a couple of ways to do this. First you need to open the desktop and switch from the Master to the Core database.
If you just want to restrict access to the shortcuts on the Launchpad - you can do this by setting access rights on the shortcut items:
Create a role that should have access to the users and give that role Read access to the button item.
Another option would be to allow access to the application. If you look at the Path Analyzer you can see that some roles are denied and some granted access:
So add security rights to roles for your SPEAK apps.
Finally when you create users make sure you give them the correct roles to match what they are able to view.
We are using Visual Studio Team Services (was TFS Online) for our development and have added all the users from my company with a valid MSDN license. (username#company.com)
Now I have few developers from our client who also have a valid MSDN license from their company. When i'm trying to add my client developers in our TFS online, its not recognizing their names( maybe active directory ?).
Is there a way to add two different companies user in one team project?
If you are using Azure Active Directory (AAD) you need to add any users as a foreign principal to that directory.
You can add either an MSA or another AAD account to give them access. Works pretty good, and i have people from more than 6 different companies on mine.
To add users to a team project in Team Services, your team must sign in with Microsoft accounts unless your Team Services account uses a directory to control access. If it does, users must be directory members to get access. If you have directory administrator access, you can add usrs to the directory. If not, work with the directory administrator to add users. Check: https://www.visualstudio.com/en-us/get-started/setup/add-team-members-vs
Several fields in MOSS profiles are mapped to fields in active directory and we have given the user the ability to modify these.
But when the incremental profile import runs it overwrites these with the old values from active directory.
How do we make it so that AD is updated with the new values from the profile?
Thanks for any suggestions.
From http://blog.seancleaver.com/sean_cleaver/2008/07/sync-ad-users-to-sharepoint---2-way.html
So some of you have requested support to provide 2-Way Synchronization of AD Users between a SharePoint List and Active Directory. The good news is that the AD Provider for Data Synchronization Studio now supports this.
So you can effectively publish your AD Users to an Intranet Site to create a "Staff List" or "Telephone List" and then from this you can now allow your staff to update the personal information stored in the AD themselves by just simply editing the records in SharePoint. Then when the Synchronization occurs all changes are applied to the AD. There are a few limitations you can't create new AD Users this way and you can't delete users from the AD and certain properties are not updateable such as Member-Of etc.
We've given up on an easy way to do this and are writing a scheduled task that gets the recent change info from the users profile and updates AD from that.
Will try to post code once I've got something working.
I set up a website and I created a folder names (docs) in the website as Virtual Directory with some documents.
Therefore the URL is xxxxxxyyyyzzzz.com/docs
The problem is that when i try to access xxxxxxyyyyzzzz.com/docs/1.doc, Authentication is required. Can you tell me how to remove this and leave any user access this folder with any restrictions?
David
Not really a programming question, but if you lauch IIS manager, right click on your virtual directory, click Edit under Anonymous access and authentication control, choose "directory security" and select "anonymous".
You will also need to make sure the anonymous IIS account has read access to the directory in question (the account is shown on the screen where you enable/disable anonymous access).
Here are two support documents that assist 1.) with the [setup of Virtual Directories][1], and 2.) [how to manage folder permissions in IIS][2].
I hope that this gives some guidance for you.
Check you have anonymous access allowed with a valid account under Properties| Directory Security | Authentication and access control | Edit...