I've created an AAD application by using the below CMD let:
New-AzureADApplication -DisplayName "My Name" -PublicClient $False -IdentifierUris "https://mytestapp.com"
The command completes with no errors and if I then query list of applications by executing
Get-AzureADApplication
I can see my application but if I go to https://portal.azure.com I am not seeing my app there. I remember for sure I did this multiple times in past and had no problem with it, has anything changed in the portal recently? I also noticed that all my apps in all my directories are not visible if I use a portal - it just shows that I don't have any apps but I can successfully use them to acquire tokens and can see them through PowerShell.
You should make sure you are signed into the right tenant. Use the tenant picker in the top right corner of the Azure Portal:
The fact that all your apps are missing makes me feel like you might simply be looking in the wrong place :)
Firstly, you should ensure you select right Tenant on Portal.
Also, when you select, you should choose All Apps not My Apps, you should see the app.
Related
I need Azure AD users to be synced into my application, so I've been researching how to implement SCIM and configure Azure AD to work with it. My end goal is to have my application listed as the ones here: https://learn.microsoft.com/en-gb/azure/active-directory/saas-apps/tutorial-list, and to do this, it should support SSO + User provisioning.
The implementation is kind of straightforward as SCIM is a standard and I just need to implement a bunch of APIs complying with a specific contract, so this should work.
The problem I'm having, though, is I cannot find how to enable the "Provisioning" feature for my application. I've been reading the articles and watching the videos Microsoft provided (https://learn.microsoft.com/en-gb/azure/active-directory/app-provisioning/configure-automatic-user-provisioning-portal for instance) and it seems that when I click the Provisioning section in my app, I should be able to configure it. Unfortunately, I don't see the UI shown in the tutorials, so I suppose I've been missing some step that is not explained in the docs. Also, I'd expect to have somewhere to configure the base URL that should contain all endpoints required for the SCIM standard. I don't see this either, which confirms my feeling I'm missing something essential.
Here are the steps I've been taking:
Open the Azure portal
Create an enterprise app - Click on Enterprise applications, Create your own application, and Integrate any other application you don't find in the gallery (Non-gallery)
Once the application gets created, I can't see anything in the "Provisioning" settings
I found a solution to the problem I've described above. Unfortunately, I somehow the big blue "Get Started" button in the middle of the screen. When you click this button, the configuration I've been looking for appears and it is all good.
I have an error when trying to delete an ADD B2C. I do not have any application and it indicates to me at the moment of deleting that there one.
I already followed the following links:
blogs.msdn.microsoft.com/azureadb2c/2017/06/23/delete-b2c-tenant/
blogs.technet.microsoft.com/jeffgilb/2017/03/09/deleting-azure-active-directory/
stackoverflow.com/questions/43766171/cannot-delete-corrupted-b2c-application-and-tenant
Screenshots
Image Portal Azure
Image PowerShell
I hope you can help me out.
Thanks, regards.
In your Azure Portal screenshot, there is a link which says:
To view and manage your registrations for converged applications, please visit the Microsoft Application Console.
Try going there to see if there are any converged applications registered in your tenant.
Additionally, you should try running the modern AAD PowerShell rather than the MSOL PowerShell. The modern AAD PowerShell allows you to query for Application Objects like so:
Get-AzureADApplication -All $true
Note that Applications Objects are different than Service Principals, and it appears that both kinds of objects must be removed before you can delete your tenant.
I'm working on a project with Google App Engine. I am using continuous integration via Travis, and wish to be able to deploy directly from it. Due to a bug that will not be resolved directly, I can't rely on Travis' built-in GAE deployment, so I basically have to use mvn appengine:update manually. This requires me navigate to a generated URL and manually paste to the terminal an authentication code, which I can't do in automated builds.
It was suggested to me, however, that I do some Unix magic instead. While I can easily pick out the URL I need to navigate to from grep, I still need to log in to Google with my credentials in order to actually get the authentication code (which I can then grep out and pipe to the deployment program).
Given that, how do I log in to Google with my credentials, using only curl or similar command-line utilities?
I've accomplished similar things in the past using Service Accounts. These are likely a good fit for your problem.
Service Accounts will allow you to authenticate and upload your app without manual intervention.
Overview
A Service Account will allow you to do "passwordless" authentication like you may already do with ssh, and git, etc. by setting up your keys. This will remove the requirement that you log in manually, or follow the road to madness by trying to do a "manual" login automatically.
There are basically two steps:
Create your service account and key (with the right permissions)
Use that credential instead of what you're doing now
Resources
I think it's better to give a list of resources than concrete instructions since it's basically impossible to express concisely (even though it's a simple process, there's bound to be a lot of little things that annoy), everyone's requirements will be slightly different, and Google is likely to change the process at some point.
Using the Google Cloud Platform Console for App Engine | Permissions
Using OAuth 2.0 for Server to Server Applications
Setting up OAuth 2.0 | Service Accounts
gcloud auth activate-service-account
Hopefully that's enough to get you headed in the right direction.
Note
You'll likely have to spend some time looking at your .appcfg_oauth2_tokens_java and sorting out a variety of other annoyances, but I believe that this approach is the best way to solve your problem.
It sounds like you have a pretty straight-forward setup and that a Service Account alone will get you there, but if you need to get a little weird, the App Engine Admin API is always there.
I just created my apps account, and created my app engine application, yesterday. I used Eclipse to upload my app and everything was wonderful yesterday. Today... the application is missing. I log into my appengine account and my app is no longer listed; I only see the "create application" button. I tried creating the app again, with the same ID, but I get the "invalid" message. Despite all this, I'm able to bring up my site via the main-domain.appspot.com. Please help. Why can't I see my app in the appengine console?
The most likely cause is that you're logged into a different account. This can happen sometimes if there was confusion about mutli-login. Try these steps to find your application:
Open a fresh incognito or private browsing window
Go to http://appspot.com and log into one Google account
See if your application is listed. If not, close your private browsing window to clear the session, and try it again for one of your other accounts.
Once you've found your application, it may be owned by the wrong account. You can fix this by moving ownership to your preferred account.
Navigate to the dashboard for your application.
On the left side menu click 'Permissions' under 'Administration'.
Add your preferred account as an owner.
Log into your preferred account and check your email. You will need to accept an invitation to take ownership of the application.
Reload the permissions page on the application dashboard. You should see both accounts listed as owners.
Remove any unwanted accounts from the owners list. (Remember, you need at least one owner!)
I am developing a web based intranet for my company. I just want to know is it a good thing for users to login the application using the active directory login details or shall i create a login together with the application db.
If there is anything better that this please suggest. This is my first application development so need help from experienced people.
Generally it's a good idea to try and minimize the number of accounts people need to have.
So I'd definately try and use their active directory login.
Also if desireable, you can automatically log people into your application using various single sign on methods. (Either integrated into IIS, or other.).
This makes for a very usable application, as people always forget login details, and hate to login again to other systems.
Only use Active directory for your intranet, if you infrastructure supports it.
You question is phrased as if you think the user to type there password in again to login to the intranet site - they should not do this! have windows pass on the credentials automatically. This is pretty much built in to dotnet/iis/etc.
Also AD will add group management a privledges so you can restrict areas of you intranet to members of certain groups.
And you support team already have the tools to manage all this.
PS you can enable FireFox to auto log on via NTLM and it is one of the most requested features for Chrome too so don't let browser issues put you off
There are several pros using Active Directory authentication in the intranet.
Thoses are the main ones:
You want to to keep authentication stores number as low as possible
Using Active Directory, users who have their desktop in the domain (as they should) will be able to use Integrated Windows Authentication. They will be able to log in without having to type their password.
An Active Directory authentication mechanism probably exists for your language
More information:
http://msdn.microsoft.com/en-us/library/ms998358.aspx
If you create a separate login system, then your users have to remember 2 different logins. Why bother, when their "real" login is right at hand?
Less code for you to write and better integration into the wider system. And, who doesn't want FEWER passwords to remember.
Definitely go for the Active Directory option, or use Active Directory as an LDAP server if whatever language you're using doesn't directly support AD. Active Directory actually makes a pretty good LDAP server.
If there is anything better that this please suggest.
OpenID?...