Is anyone aware of an API I can use to automate Re-Register for 2FA authentication for my users in Azure AD? Any help, pointing to the documentation or other would be appreciated.
This is not out yet, it is present in the Graph API User Voice: https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/40624027-support-re-register-for-mfa-for-a-user-with-graph
If you want this as well, go ahead and cast your vote to this.
Related
I have the following goal - I want to integrate my application users with Coinbase. All users should be able to connect their own Coinbase accounts with my application so I can grant read permissions. In order to do that I have to use oauth api, but the problem is, I do not want to ask users to first create oauth application through the Coinbase UI themselves and then provide me the application ID and secret so I can initiate a coinbase oatuh integration. I need a seamless, one click integration. Do you have any suggestions how to achieve that?
Thanks....
The whole point of oAuth to not need the api key.
this is the documentation that says how to do it. future questions need to be programming specific or stack overflow will eat you up for dinner.
https://docs.cloud.coinbase.com/sign-in-with-coinbase/docs/sign-in-with-coinbase-integration
I have created an App under Azure B2C tenant.
The app is using a custom sign-in/sign-up policy to log in to local users.
However, my app has an admin view, where I would want the log-in users to be able to create accounts for whoever needs access within the app. I have seen that this is possible using Azure Ms Graph API.
However, I keep getting an InvalidAuthenticationToken Error, when I try to call Ms Graph API.
error:
code: "InvalidAuthenticationToken"
innerError: {date: "2021-08-11T14:25:09", request-id: "8a49ae82-a669-4bb4-af6e-b698e095dadc", client-request-id: "8a49ae82-a669-4bb4-af6e-b698e095dadc"}
message: "Invalid x5t claim."
I couldn't find any solution online. Is this even possible? And if there's a way around it, how can I do it?
Thank you!.
It would help if you went into more detail on your use case.
You have a B2C local account and you want to create users in AAD or in B2C?
If in B2C, yes you can do this as per this article.
If in AAD, see here.
Make sure that your application has the correct permissions.
We are using Azure AD as well as Slack today. For most services we are using SCIM o provision users. All users have a profile image in Azure AD. As far as I understand it Slack does not support profile image when using SCIM as they only have scim 1.1. So is there some way or have anyone solved this in another way? My knowledge of writing advanced script and using apis is limited. I want my Azure user imaged replicated to Slack.
It isn't supported or possible to transmit pictures using Azure AD's SCIM provisioning service today. It's a feature we've seen requested before and we're working on solving the problem.
If you are going to attempt to populate the picture in Slack today, it will have to be done via some form of scripting/automation on your end calling an API endpoint of Slack's that allows for upload of profile pictures.
So here is my dilemma or my somewhat up in the air question .
I have set my self with with a scenario in such that I've enabled SSO on Salesforce using ADFS certs, but currently all users have access to go through salesforce using SSO. I'd like to limit SSO to only three groups "user groups defined in AD" to be the only ones to be able to use SSO in salesforce.
I know i need to delegate access but not sure if i need to do this on the ADFS side or the salesforce end.... on ADFS the only thing i've done is create the certificate and brought them in salesforce and then taken the XML generated and bring that into ADFS.
Any help would be greatly appreciated it .
After Searching the web and this form i came to realise that there is a Delegated Authentication and i might need to install a Delegated Authentication WSDL not sure if this step is necessary for ADFS 3.0 .
Many people seem to point to using Delegated Authentication , but i'm wondering if there is any way to get the same functionality using claim tickets on the adfs server.
Thank You Again :)
You seem to describe something doable via AD FS authorization rules. Read https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/when-to-use-an-authorization-claim-rule
Essentially what you do is on the relying party for Salesforce in AD FS, you create authorization rules to permit/deny based on AD group membership. Therefore, if user is in group, AD FS issues token. if not, they get a deny which means no token that would allow access to Salesforce.
Also see https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-in-ad-fs because based on your AD FS version you may be able to do this via an access control policy instead of issuance authorization rules.
Based on the code sample mentioned at URL: https://github.com/Azure-Samples/active-directory-dotnet-webapp-wsfederation , I implemented an application that uses WS-Federation (ASP.Net WS-Federation OWIN middleware) to authenticate users from an Azure AD tenant. Now I am looking for an approach to query the Graph API later in my application to fetch additional claims information required from application point of view.
Here in this scenario, I would like to know whether it is possible to query the Graph API or not. Do I need to update the existing WS-Federation protocol to OpenId Connect.
Can anyone help me to provide their guidance here.
The ideal would be to move to OpenId Connect, which would allow you to take care of both sign in and API in a single setup and flow.
If you want to stick with your current ws-fed setup, you can layer oauth2 on top of your implementation and retrieve the access token you need any time after the sign in. We have a sample showing exactly that, see https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-webapi-oauth2-useridentity/