azure-active-directory

问题 I have an azure account called account1 where I create an App/Principal that is across tenants visibility. I then give it some API permissions. I have another azure account account2 where I need to access resources using this app. I complete the admin consent flow for account2 by going to the following url https://login.microsoftonline.com/<account2 domain>/adminconsent?client_id=cid1 The flow finishes and I get the tenant id back as say tid2 . When I try to login from command prompt with app

问题 I have read and followed this article to setup my site using our AAD (Azure Active Directory) to get SSO (Single Sign On.) I have gotten it to work in a brand new website both with localhost as well as when I publish it to Azure. Here are the settings for the working version's App Registration: Branding: Home page URL: https://<worksgood>.azurewebsites.net Authentication: Redirect URIs: https://localhost:44390/ https://<worksgood>.azurewebsites.net/.auth/login/aad/callback Implicit grant: ID

问题 I have read and followed this article to setup my site using our AAD (Azure Active Directory) to get SSO (Single Sign On.) I have gotten it to work in a brand new website both with localhost as well as when I publish it to Azure. Here are the settings for the working version's App Registration: Branding: Home page URL: https://<worksgood>.azurewebsites.net Authentication: Redirect URIs: https://localhost:44390/ https://<worksgood>.azurewebsites.net/.auth/login/aad/callback Implicit grant: ID

问题 When a user is signing-up in the system, he is automatically redirected to our application as a signed in user. I would like that after the sign-up, he is redirected to the signing page. I want this behavior since users need to be approved by an admin before having access to the system. I use custom policies. I tried to use the "SM-Noop" session manager but it is not working. There is my code: <!--Local account sign-up page--> <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">

问题 In Azure AD i have a multi-tenant Enterprise Application and App registration that are accessed through SAML2. I receive a limited set of users attributes, including tenant-id, email, first name, last name. But the organisation that the user belongs to, has defined extension attributes in their on-premise AD that i want to consume in my application. Also i would like to receive the jobTitle and Department in the application. The organisation says they have set up synchonisation of the

问题 My company needs to upgrade an application to integrate two-legged OAuth 2.0 for POP3. I'm testing with an outlook online account and trying to authenticate on outlook.office365.com (I've also tried pop3.live.com). I registered for an Exchange Online trial using my test outlook account. I've registered my app on Azure and have enabled API Application Permissions for MS Graph (Mail.ReadWrite, Mail.Send) and Exchange (full_access_as_app). The same outlook account I used for the Exchange

问题 I followed this article where it explains how to implement a custom policy using Active Directory B2C. Everything is working great, the only concern I have is that the custom claim is returned like a serialized object. Let me explain a little bit better. I successfully created the Azure Function which return the custom claim. The encoded resulting JWT is like the following (please focus on the " userPermissions " value): { "exp": 1594560277, "nbf": 1594556677, "ver": "1.0", "auth_time":

问题 I would like to get help from community for one problem that I don't understand. I create asp.net core 2 web application and I would like to configure the app to be able to login from the app via aspnetuser table or by using O365 Company account . Then I followed multiple techniques described on the web included on MSDN website. The app authentication works fine but Azure add returned : Error loading external login information. I checked inside the code by generating identity views, the app

问题 I would like to get help from community for one problem that I don't understand. I create asp.net core 2 web application and I would like to configure the app to be able to login from the app via aspnetuser table or by using O365 Company account . Then I followed multiple techniques described on the web included on MSDN website. The app authentication works fine but Azure add returned : Error loading external login information. I checked inside the code by generating identity views, the app

问题 I want to get the same value from Microsoft Graph that the Azure Portal displays as the user name (as shown below): userPrincipalName is close, but for guest users it has the #EXT and underscore encoding (e.g., jim.oneil_outlook.com#EXT#@redacted.onmicrosoft.com). mail is NOT populated for member users, so I can't rely on that, although it seems to be what I want for guests. To make matters worse, we do have a member user that also has a EXT address (where mail is not populated and