I have an error when trying to delete an ADD B2C. I do not have any application and it indicates to me at the moment of deleting that there one.
I already followed the following links:
blogs.msdn.microsoft.com/azureadb2c/2017/06/23/delete-b2c-tenant/
blogs.technet.microsoft.com/jeffgilb/2017/03/09/deleting-azure-active-directory/
stackoverflow.com/questions/43766171/cannot-delete-corrupted-b2c-application-and-tenant
Screenshots
Image Portal Azure
Image PowerShell
I hope you can help me out.
Thanks, regards.
In your Azure Portal screenshot, there is a link which says:
To view and manage your registrations for converged applications, please visit the Microsoft Application Console.
Try going there to see if there are any converged applications registered in your tenant.
Additionally, you should try running the modern AAD PowerShell rather than the MSOL PowerShell. The modern AAD PowerShell allows you to query for Application Objects like so:
Get-AzureADApplication -All $true
Note that Applications Objects are different than Service Principals, and it appears that both kinds of objects must be removed before you can delete your tenant.
Related
I need Azure AD users to be synced into my application, so I've been researching how to implement SCIM and configure Azure AD to work with it. My end goal is to have my application listed as the ones here: https://learn.microsoft.com/en-gb/azure/active-directory/saas-apps/tutorial-list, and to do this, it should support SSO + User provisioning.
The implementation is kind of straightforward as SCIM is a standard and I just need to implement a bunch of APIs complying with a specific contract, so this should work.
The problem I'm having, though, is I cannot find how to enable the "Provisioning" feature for my application. I've been reading the articles and watching the videos Microsoft provided (https://learn.microsoft.com/en-gb/azure/active-directory/app-provisioning/configure-automatic-user-provisioning-portal for instance) and it seems that when I click the Provisioning section in my app, I should be able to configure it. Unfortunately, I don't see the UI shown in the tutorials, so I suppose I've been missing some step that is not explained in the docs. Also, I'd expect to have somewhere to configure the base URL that should contain all endpoints required for the SCIM standard. I don't see this either, which confirms my feeling I'm missing something essential.
Here are the steps I've been taking:
Open the Azure portal
Create an enterprise app - Click on Enterprise applications, Create your own application, and Integrate any other application you don't find in the gallery (Non-gallery)
Once the application gets created, I can't see anything in the "Provisioning" settings
I found a solution to the problem I've described above. Unfortunately, I somehow the big blue "Get Started" button in the middle of the screen. When you click this button, the configuration I've been looking for appears and it is all good.
I have an app (its actually the Audit Logs custom connector for the PowerPlatform Center of Excellence package) which about 2 weeks after I register it in App Registrations migrates to Enterprise Apps and I can no longer use the Custom Connector because the system cannot find it in App Registrations. I re-register the custom connector and it all works for a couple of weeks before it disappears again.
Anybody got any odeas why this is happening ?
Thanks
Nigel
In theory, this will not happen, as long as you register the app in Azure AD App registrations, it will definitely not disappear suddenly unless you delete it.
You need to make sure that the account you log in is the account that created the application, or when you log in with other account under the same tenant, use All applications to find the name of the application.
I have not started any script yet but wanted to check first If this can be achieved to configure Azure AD Non gallery enterprise app using PowerShell that let me enter metadata such as entity id, reply URL, sign-on URL and attributes information.
I need a suggestion to start on this If you could shed some lights?
For powershell, this is not currently possible.
In May, Microsoft added the ServicePrincipals endpoint to 1.0 graph api for (enterprise applications). So using graph api, you may be able to accomplish it. I know until very recently this was still not possible, however checking today the updateserviceprincipal endpoint seem to have the replyurls attributes and loginurl and the serviceprincipalnames (entityid?)
So there is a good chance you could get it to work using graph api. but you may have to use the beta graph endpoint.
I would use this endpoint to create the application: https://learn.microsoft.com/en-us/graph/api/applicationtemplate-instantiate?view=graph-rest-beta&tabs=http I believe the custom basic saml app template id is : 8adf8e6e-67b2-4cf2-a259-e3dc5476c621
after creating it. you would need to find the service principal objectid and set the signinmode to saml:
Here are all the necessary calls and example. https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-saml-sso-configure-api#step-2-configure-single-sign-on
I've created an AAD application by using the below CMD let:
New-AzureADApplication -DisplayName "My Name" -PublicClient $False -IdentifierUris "https://mytestapp.com"
The command completes with no errors and if I then query list of applications by executing
Get-AzureADApplication
I can see my application but if I go to https://portal.azure.com I am not seeing my app there. I remember for sure I did this multiple times in past and had no problem with it, has anything changed in the portal recently? I also noticed that all my apps in all my directories are not visible if I use a portal - it just shows that I don't have any apps but I can successfully use them to acquire tokens and can see them through PowerShell.
You should make sure you are signed into the right tenant. Use the tenant picker in the top right corner of the Azure Portal:
The fact that all your apps are missing makes me feel like you might simply be looking in the wrong place :)
Firstly, you should ensure you select right Tenant on Portal.
Also, when you select, you should choose All Apps not My Apps, you should see the app.
I have a standalone web application (not an add-in) and I would like to access Project Server PWA oData from this web application without using the PWA username/password combination.
I can do this for SharePoint oData by registering my web app in Azure AD and configuring the application to require "Read" permissions from "Office 365 SharePoint Online"
If you are interested to do this for SharePoint data, see this article for details: https://www.itunity.com/article/integrating-angularjs-aad-office-365sharepoint-part-1-622
My problem is that I want to do the same for a Project Server, but can't see any relevant Project Online permission in Azure AD.
Has any one ever accessed Project Online using Azure AD tokens?
My 10 Minutes of Internet Research™ leads me to believe this isn't available but that it was a planned feature at one point. [see here]
Without knowing much (anything) about Project Server, this seems like a situation I've dealt with on AWS at work. We have a bunch of endpoints that are secured using IAM (AWS) credentials and we can't leave those creds lying around in our app (because that would be silly). Our solution is to generate access URLs server-side and hand them out, these typically will have a time limit and be restricted to a very specific action.
A quick search for Azure's equivalent to IAM tells me that you might be able to do something similar though I'm unsure it exists for Project Server.
That failing, you could always set up an intermediary micro-service that acts as proxy and has the username/password combo. We do stuff like this all the time with Lambda (AWS's serverless functions).