azure-active-directory

问题 We're getting a 400 error with the message "Tenant does not have a SPO license" when we try to access the Sharepoint-endpoints in the Microsoft Graph v1.0 API. We've registered our Azure AD app and assigned Application Permissions (as opposed to Delegated) for the relevant endpoints, as we need to access the endpoints server to server (ie. outside the context of an authenticated user). The tenant is connected to an Office 365 Business subscription, that we can assign to users, but the tenant

问题 Our application is an Angular SPA with ASP.Net Core Web API. The identity is provided by Microsoft Identity Platform (Azure AD) and authentication is provided by the same. The authorization is done in Web API basis "Application Roles". These "Application Roles" are held in the Azure AD directory (defined in the Application's manifest and assigned on the tenant domain to users). The Angular SPA receives the tokens from Azure, as per these instructions. The relevant tokens that are issued are:

问题 Is there a way to add guest users to Azure AD in an automated way? The process should work like this: A user is sending his microsoft address (e.g. john_doe@hotmail.com) via a form to our web service The service is then adding this user to Azure AD by using the functionality "Invite User" . Is it possible to automate this? 回答1: An application can create Azure AD B2B invitations using Microsoft Graph. The invited user will still at some point have to go through the invitation redemption

问题 Using AAD B2C, I'd like to enable end-users to login using their Microsoft-Live or Google identity providers (delegate the authentication). However, I have a set of custom claims in AAD B2C for my users (some roles, for example). So, once the user authenticates into google, I need to add or "map, merge" the claim set with this user's custom claims in AAD B2C and return the consolidated claim-set to my application. My question: where can I add or map these claims in the claimset returned by

问题 Closed. This question needs debugging details. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 months ago . Improve this question Seeking for guidance on the subject as I'm really stuck on this, I am trying to connect to a microsoft server over a network to login into my system by providing my microsoft credentials. Now, what I want is whenever I try to hit my php application url, it will redirect me to

问题 I have an Azure AD (with AD connect syncing it to local AD). I added a new On premise mobile management application through AAD-> Mobility(MDM and MAM)-> Add application ->On-premise MDM. I have configured the terms of url and discovery url to my MDM server and checked that link is reachable and working. I have assigned Enterprise mobility license to the user. When I try to join an existing windows 10 device to AAD the terms of use url is not rendered, instead it throws below error. If I

问题 I've got Azure ServiceFabric web-app (AspNetCore 3) hosted over reverse proxy (NGinx). The app use AzureAD (in company) authentication. I've Registered App for the AD and setup Redirect Urls. After publishing the APP and configuring DNS and reverse proxy I tried to authorize to my app but failed with error AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '...-...-...-...-...'. I snifed the request and found that it redirects to

问题 Is there an option to include the AAD group name (display name) instead of the Object Id in the JWT token issued by AAD? If yes - how? … "family_name": "Smith", "given_name": "John", "groups": [ "0e1cbc5f-94bc-4c3b-a22b-a4c56bbdbd7d", // <- replace id with name "9762d7ea-c0a9-4543-8a3e-2459e826a35a" ], … Some background: I’m implementing OAuth with AAD for an API. I configured 2 Service Principals (1 for API, 1 for client) and added delegated & application permissions. I also configured

问题 I believe I have the Microsoft Authentication Library (MSAL) JavaScript pulling back a JWT token, using azure AD multi tenant with the following config. Based of this link https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant. I believe I only need the following two values. clientId: "A134d6c8-8078-2924-9e90-98cef862eb9a" // this would be the app registrations client id(application) authority: "https://login.microsoftonline.com/common" How then

问题 I am using adal-angular4 (https://www.npmjs.com/package/adal-angular4) for Azure AD Authentication in my Angular 7 application. adal-angular provides an Access Token whose validity is 1 hr. I need to implement Refresh Token functionality so that I acquire new Token using acquireToken() method of AdalService. I have added required logic to get the Refresh Token using acquireToken() method. I even get the Refreshed Token but still my session gets expired after Token is expired. I have written