I am using centralized deployment to deploy my add-ins to users but it is not working if any user has not logged into desktop word application with the organization email, I want that external users can also use my add-ins that are not in the organization. Is there any way I can do that with Centralized deployment? I tried to do organization log-in in word application as a different user but organization login was not possible it seems, but as an admin as I am already logged into word application I am able to get the add-ins.
Related
I want to write an app that has read/write access to a user's specific repository (Gitlab and Github).
Ideally, the user simply gives a link to the repository, and by clicking a confirmation button (providing the user's logged in to Gitlab/Github), the webapp gets read/write access to that specific repo. (So just like an OAuth flow, but only for one repo).
Is this possible? If not, what would be the best (i.e. frictionless) way of having users grant an external app access to a their repo?
This use case is covered by OAuth applications.
When configured, GitLab users can provide authorization to your web app to take API actions on their behalf (with the authorized scope). Unfortunately, there is no in-built mechanism to limit this to a single project from GitLab. You can, however, have group owned applications.
Alternatively, you could implement per-repo access as a feature in your application, rather than in the GitLab authorization flow.
GitLab administrators can also mark registered applications as "trusted" and users won't be prompted to allow the authorization from GitLab to your app. This has the benefit of being more frictionless, but should only be used for apps you control or trust.
I have a Github App that I've created for use in a multi-tenancy website. I'm leveraging the state parameter and the installation ID to link the app installation to the user when the App is installed. However, I've noticed if the user doing the installation of the App isn't an admin on their organization, then it allows them to put the installation into a requested state. The redirect then returns the state parameter but no organization information or installation ID. Even worse, when the admin gets around to approving the request, it does a redirect back to my site with the installation ID but doesn't include the original state.
So my dilemma is I can't do a multi-tenant link on the request side or the approval side, I can only successfully link back if the user is an Admin during the installation step.
Has anyone found a way around this? I've attempted to also load a dropdown on my site with all the organizations in the enterprise that a user is a member of, that way I could add a requested object with the organization name in my database and listen for the webhook when the installation is completed, but that list will only populate organizations where the App has been installed, defeating the purpose.
My Account(AAD) is Linked with 2 DevOps Organisation(personal organization & Business orgnaization)
I am unable to view Business orgnaization on DevOps Profile but able view personal organization.
I am able to access both via Url https://dev.azure.com/xxxCloud/.
I can't able to Connect DevOps Business Organisation with Visual Studio also.
Please try the following steps:
Please enter aka.ms/vssignout in browser and login to aka.ms/vsprofile again to see if the issue still exists.
If your organizations are in different AADs, please select the right directory in the dropdown list.
Please use other PCs to sign in and check if it works.
If you sign in this organization, can you see the projects in it? Please click specific projects in Web UI, or add project name in organization URL to get access to it.
Please ask your AAD admin to remove your MSA account from Azure Active directory and re-add you again to check if the issue still exists.
I am following instructions to link my account to TFS: https://learn.microsoft.com/en-us/bot-framework/azure/azure-bot-service-continuous-integration
It says to go to Team Services accounts, then to choose the account, and click on "Link" but that button is disabled for me. I tried a different account (different credentials, etc.) and I always see the Link button disabled.
Is it a permission issue? What can I do about it?
Image of disabled Link button
If you are not the team services owner, you won't have permission to link azure subscription.
For more possible reasons you can refer:
Q: Why can't I link my Team Services account?
A: This might happen
because:
You're not the Team Services account owner.
You're not at least Co-administrator on the Azure subscription that
you want to link.
If you don't see any Team Services accounts, your account might
already linked to another Azure subscription.
If your Team Services account uses Azure Active Directory (Azure AD)
to authenticate users, you might have a different directory selected
in the Azure portal than the directory that's connected to your Team
Services account.
To select the directory that your Team Services account uses, open the
Azure portal's Subscriptions list:
More details in https://www.visualstudio.com/en-us/docs/setup-admin/team-services/set-up-billing-for-your-account-vs#qa.
I'm TFS admin, I'm trying to add none hotmail account to Visual Studio Team Services (VSTS) but it seems that members can't recieve invitations, is that possible to add none hotmail accounts in VSTS.
Thank you
You must add email addresses for "personal" Microsoft accounts unless your Team Services account uses your organization's directory to authenticate users and control account access through Azure Active Directory (Azure AD). If your users don't have Microsoft accounts, have them sign up.
If your Team Services account is connected to your organization's directory, all users must be directory members and sign in to Team Services with "work or school accounts" that are managed by your organization's directory. If they're not members, have a directory administrator add them to the directory. That way, you can find them in this directory when you add users by searching for their email addresses or display names.