Our GitLab server is connected with our Azure AD and we sync the users every day.
I accidentally deleted a user from GitLab (not from our AD) and now it is not re importing that user. Is there any way to restore the user or force a sync on that person?
Thank Srinath Menon for giving a comment. I am converting it as an answer to help other community member.
Git lab server is integrated with git application in azure enterprise application. Deleting a user from git lab server might not sync deleted from git application so you need to deregister it from git application for importing the same user in git lab server.
Note: “git” application which is registered on Azure AD for provisioning users from Azure to GitLab.
Related
Goal:
Assign appropriate Azure SQL database privileges to App Service Web Site's system service principal (or better yet) the user assigned service principal.
Background:
After having followed along with Alexandre's tutorial on creating Azure SQL administrators I created a simple Blazor Server App that can insert entries into a simple Azure SQL resident table because the system assigned service principal of the Azure App Service Web site is an administrator for the Azure SQL database.
Problem:
Database administrator privileges are not appropriate or necessary for the Azure App Service Web site. I need to endow the Azure App Service Web site with minimal privileges (such as db_datawriter) to be consistent with Microsoft's recommend best practices.
What is Working (Updated):
I've been following along with Jesse's tutorial where he endows his account as the Azure SQL administrator and creates new accounts with limited roles like db_datareader and dt_datawriter and db_ddladmin. This was not working previously (when I first posted).
Tue May 24 2022 Update:
I started over again (with a new azure SQL database) following Jesse's tutorial and I can now
log into the Query Explorer
create a user
grant access to that user to update, select and insert into a table
Connect with SSMS with no password and access the database tables as that user
Run my blazor app and insert into the table as well (with no password!)
New Questions (Tue May 24 2022):
When I deploy my blazor app to Azure AppService Web app, it cannot connect.
How do I write bicep code to grant my azure app service resident blazor app access to my azure SQL database? I think I need to use the system assigned service principal for the web app (does this have a password?) and use SQLCMD.EXE to execute those CREATE USER and ALTER ROLE commands. How do I do that? The problem is that the system assigned service principal of the web app is not an active directory object. Conversely, "az ad user show" does not have a principalId I can use as a user assigned service principal that I could assign to the web app.
So when I am running on my desktop dev machine, DefaultAzureCredential is detecting that I am logged to Azure with the Microsoft account and I can debug my blazor app on my dev machine...
How do I configure Azure SQL to allow access from the Azure App Service web app as well as access from my desktop dev machine? This is easy to do with cosmos SQL and I'm thinking it should be possible with Azure SQL as well.
Thanks
Siegfried
This article I recently published should be able to help you: https://dev.to/azure/create-and-connect-to-an-azure-sql-db-9k0. And yes, this sentences you mentioned "it looks like this is the way to conform to the Microsoft recommend Best Practices of abandoning passwords in favor of service principals and managed identities", is definitely correct.
We are using the ADFS activity report to migrate our applications to AAD. Everything shows as Ready and when we click on the Ready link, the text says "We've detected on-premises settings for this relying party that can be migrated to a new Azure AD enterprise application. We'll map the fields and create the new application, but users won't be redirected to it until you say so." By the last statement, it seems like the application is automatically created now. Is that the case? If so, how long does it take to create the application and does it keep the same name as in ADFS?
• The message that you encountered “We've detected on-premises settings for this relying party that can be migrated to a new Azure AD enterprise application. We'll map the fields and create the new application, but users won't be redirected to it until you say so.” Means that the application is a SaaS application available in Enterprise application gallery in Azure AD. This does not in anyway mean that the application has been created automatically, it just means that the application is ready to be migrated to Azure AD and is fully available as a SaaS application in Azure AD gallery and doesn’t need any further relying party configuration migration from the on-premises ADFS server.
• Since the message is displayed only for SaaS apps readily available in Azure AD gallery and are equally configured as a relying party trust in ADFS, its configuration information is readily migrated through the ADFS Connect health application to Azure AD and it can be configured in the cloud itself with admin account access needed for the SaaS application’s account for SSO and SAML authentication configuration required through Azure AD.
You can find the image below for your reference, it shows the ‘Dropbox’ application as ready for migration from ADFS to Azure AD: -
Through the above option enabled, you can easily configure your application’s SSO configuration in Azure AD. If all the configurations are up and running, it will happen instantaneously within a few minutes of time.
Kindly refer to this link for more information on migrating federated apps from ADFS to Azure AD: -
https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration
I think the report is still in preview and it is missing a create application button.
All the documentation only shows the reports & not the create process.
Also this migration tool, is a repackage of the powershell test commands:
https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration
So I assume you need to create the application manually based on the report.
I have a desktop bridge app (WPF) which package is signed with a code-signing certificate, how should I configure Azure Notification Hub to receive push notifications from this app?
Azure requires a Package SID and a Security Key that I haven't because the app is not distributed on the store.
Official answer from Microsoft:
Sadly it is not possible.
Azure notification hub requires the Package SID and a Security Key. You could get the Package SID and a Security Key even if your app is not published to the MS store.
But if you create the package using the code-signing certificate, the author in the manifest changes and notifications no longer arrive
Azure requires a Package SID and a Security Key that I haven't because the app is not distributed on the store.
To make the Azure Notification Hub send notification notification successfully, the Package SID and a Security Key is necessary. You could get the Package SID and a Security Key even if your app is not published to the MS store.
Please see the Create an app in Windows Store tutorial. In the step 3, click the 'Live Service Site', it will navigate directly to the Application Registration Portal. Sign in to your Microsoft account and select your application name, then you will see the Package SID and a Security Key on the page.
After that, right-click the packaged app project, select Store, and then select Associate App with the Store. You need to associate your project with the app that you created in the Windows Dev Center.
I am starting to write an open source application which is intended to be deployed on premises with MS SQL Server as backend. Now I was wondering how to go about deploying the application and the SQL Server backend.
For MSSQL there is a pretty clear installation path but I was wondering how I could create an easy installer for the web application. The idea is to copy the website to some location, start it and then call a special installation controller where the user could specify a database user with elevated privileges (such as the 'sa' user). The website should then create some database users, views and tables on that database and perform the initial setup. Additionally, it should also modify the configuration of the website to use the correct database user.
Of course, other ideas are welcome as well. How do you handle the deployment of a website for a small company which doesn't have dedicated IT staff.
I am working on an MVC application and there is no authentication mechanism implemented. We have a user's table in SQL Server and there is no password. I want to migrate the users with a random password to Azure Active Directory.
I came across this article which shows that we can have a json file of users and they can be migrated to Azure Active Directory.
I am unable to achieve this. Please help.
Thanks in advance.