Azure AD using RSA MFA - azure-active-directory

Mi customer saw this article and asked if we have a more detailed documentation on how to make Azure AD uses the MFA from RSA instead of our own. Does anybody have guide on how to do it?
https://www.rsa.com/en-us/company/news/rsa-integrates-with-microsoft-azure-active-directory-for-two-factor-authentication
Regards,
Marcus Milhomem
The customer is a user of RSA and their security team prefer RSA over Azure MFA
I am really looking for a technical documentation on how to do this integration.

There are two good places where you can leave document feedback and have the Azure AD team directly reply:
User Voice: https://feedback.azure.com/forums/169401-azure-active-directory
The other place is on the doc-issues themselves. This one might be an appropriate spot given that RSAs are mentioned here: https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/github-tutorial
I would strongly recommend leaving the feedback in user voice, since the product team monitors that feedback and adds it to their work items.
Hope this helps! If you make a request you can link it here and I can try to push it up to the product team and make a work item for it.

Related

Azure AD B2C Direct to Identity Provider from Email

At the company I work for, we have our own Active Directory setup. We also have a number of external partners who each have their own Active Directory setups. We are trying to use Azure AD B2C to create a single location to sign on. Adding multiple identity providers is easy, but buttons show up for each provider and due to privacy concerns we can not allow our partners to know who else we partner with. We wish to ask for an email, and direct the user to the correct identity provider based on the domain of the email.
I know there are ways to do this, however all of the ones I have found so far are extremely convoluted. The requirements for this feel like they would be very common in many businesses, so the concept that the easiest ways to implement this require approximately a hundred steps doesn't seem right.
I'm aware of Home Realm Discovery, but like above all examples I see of it require immensely complex setups (custom policies with claims providers calling an azure function to query from a database to return the idP), we already have to setup the Identity Providers is there really no simple way to say "emails from parter1.com use this provider, emails from partner2.com use this one"? If not, could someone explain the lease complex way of achieving this?
See this sample which collects email and does the HRD based on domain name.
https://github.com/azure-ad-b2c/samples/tree/master/policies/home-realm-discovery-modern
You must use custom policy if you collect email in the B2C page.
If you collect email in the app, then you could use a User Flow with a domain_hint param. You don’t need to do any xml work, just pass a domain_hint parameter equal to the idp name in the portal.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/direct-signin#redirect-sign-in-to-a-social-provider

How to recover Gmail Id from the API key

I created a Gmail account for development and enabled the APIs for developer console. I generated one API key which I used in my application but now I forgot the Id that I used. I have to upgrade the plan for APIs but for this, I need the Gmail Id. Is there any way I can get the Id?
Ok, So after I have tried different options I was standing in the same position. So I dig all into my accounts and luckily my recovery email id was one of them, so I searched for all the emails from Google having the subject as Security your linked Google Account and sender as no-reply#accounts.google.com this will give you all the Ids associated with it.
The only workaround to fix the issue is to contact "Google API support team"
Just Go to the given link and raise your issue. They will assist you further steps to follow. https://support.google.com/googleapi/?hl=en#topic=7014522
I hope this will help you :)

Two Factor Authentication using Twilio in Ionic 2

I was wondering if it will be possible to implement 2fa using Twilio and Ionic 2. I have tried finding tutorials but so far had no luck. If there is no way, is there any alternative? Any help would be appreciated. Many thanks!!
Twilio developer evangelist here.
We haven't got a tutorial for building 2FA specifically with Ionic, however it's surely possible. I'd start by checking out our tutorial on building 2FA with Authy and see if you can apply that to Ionic.
I'm trying this right now. And found on a forum detailed step by step instructions. Also hints about saving and configuring 2FA codes for phone #' s. I can't post a screenshot because my reputation isn't high enough yet but ill post part of the forum and gist below..it goes on a bit more with footnote links.
Good luck.
Posted by NoGoodDeed on https://productforums.google.com/forum/m/#!starred/gmail/ErW7gPYpIaQ:
...Is it possible that it is on google end do to app passwords...
Yes.
Before I give some instructions and links, I want to confirm somethings. Do you have a Gmail account?
If not: Go [1] HERE and click on the red CREATE AN ACCOUNT button to get started.
A Gmail account will end in #gmail.com, so do not use your own email address when creating an account.
If so: Go to the next question.
Do you have namesilo configured to send emails to the above Gmail address?
If not: Please do so.
Unfortunately, I can't help you with that.
If so: Good. Go on to the next step.
With a computer, go to mail.google.com and sign into (if needed) to the Gmail account that you have namesilo forwarding emails to.
Then [2] Turn On 2-Step Verification. With 2-Step, you have some more options.
I suggest that you [3] Install Google Authenticator instead of just having a SMS or Voice call come to your phone.
Instead of using the official Google Authenticator app, I recommend using the [4] Authy app.
The Google Authenticator and Authy apps are free & Google doesn't charge you to set up or use 2-Factor

GoogleApps Provisioning API to move a user from one organization to another

i have a use case to move a user from one Organization to another. The Api i am using is provisioning API. Managing Org Users gave an example for lab. Can anybody please share more info on what jar's need to be used to implement this. My rest of code is able to manage the other user functionallity.
My Code is in java
I am using jars gdata-appsforyourdomain, gdata-client, gdata-core and gdata-collect. These jars dont have any API's to manage the organizations with users. It would be great help if any one can share docs or any sample data on this use-case. Thanks
I was able to figure out the way by going through the source code of the labs and deployed the same.
AppsPropertyService service=new AppsPropertyService(applicationName);
service.setUserCredentials(adminUserName,Password);
GenericEntry entry = new GenericEntry();
entry.addProperty("oldOrgUnitPath",oldOrg);
entry.addProperty("orgUnitPath", newOrg);
service.update(new URL("https://www.google.com/a/feeds/orguser/2.0/"+cutomerId+"/"+MailIdofUserToBeMoved), entry);
customerid- is the unique key of the admin.

Determine whether a user is a developer of a facebook app

I'm looking at ways to secure the admin section of my (cakephp powered) Facebook application. To avoid duplicating functionality, I thought it'd be neat to allow access to people who have been flagged as developers in the app settings.
The question could then be: How do I determine whether a user of my Facebook application is a developer?
Alternatively: How do I obtain an array of developer user IDs for my Facebook app?
I tried looking for your answer myself, and the only thing I found that you could possibly do is to make a group private and invite-only to developers and then use the fb:if-is-group-member tag. http://wiki.developers.facebook.com/index.php/Fb:if-is-group-member
OK, so I found out how to do it by myself. Props to Samuel for giving me the idea.
Basically, the way to do it is to run an FQL query that establishes whether a user is an admin of the applications page (page_admin).
SELECT uid FROM page_admin WHERE uid = 286302657 AND page_id = 31290624157
In the PHP client, this returns an array for developers and an empty string for anyone else.
I decided to use the FQL rather than the API call because it is possible to preload the FQL to reduce calls to the Facebook servers.
Hope this is useful to somebody.

Resources