I am using grafana which is hosted on Microsoft Azure. I would like to setup 2 factor authentication. I had googled on it and found that it can be done using Azure Active Directory but unfortunately, I cannot change anything in Azure Active Directory due to permissions. Is there any other way to enable 2 factor authentication on grafana?
Thanks for your answer in advance.
Regards,
Chaitanya
Related
So I can successfully run commands to manage our Microsoft 365/AzureAd/Exchange Online - this involves assigning and removing license, converting user to a shared mailbox, delegating access to a mailbox, etc. I followed the guide here for authentication. But that's me actually logging in with my credentials + MFA (Multi-factor authentication) for authentication.
I want to have a script that does these type of actions triggered by a schedule. I believe I can include the credentials but how to do MFA? Tried to follow this but getting error clientid is not a guid I have registered an app in https://portal.azure.com/ and able to do Graph API calls using that. No luck in PowerShell authentication though. Any thoughts? Thanks!
Maybe try this? It should allow you to connect to all Microsoft online services and includes support for MFA. If it does not work, the website has many other scripts you can try
This is not possible. A potential solution is to set some rules where in specific case, MFA will not be required.
I am kindly seeking guidance and a little help on implementing XACML ABAC with Active Directory authentication on Kubernetes.
We have a major project at the hospital we are working on, and authorisation and permissions are are great concern. After a digging around, We determined that ABAC and XACML would be our best shot and handling consents and permissions.
However we also have Active Directory server from a different unit, and it is what we are meant to use at the moment for authentication into the cluster . We are meant/want to run a kubernetes cluster on which different pods with different apps are to run. Any guidance and help for us? Could Fortress be an option towards achieving this? (ABAC)+(external LDAP server/ Active Directory) on Kubernetes.
Thank you.
Has anyone come up with a complete solution to protect and replicate VMs from on-prem (either VMware or HyperV) to Azure using either the REST API or the Powershell module?
I recently completed a POC with ASR and was able to replicate a couple dozen VMs associated with three different applications. I replicated out of VMware and into Azure. I was able to failover and failback successfully.
I did all of the POC work using the GUI (portal.azure.com). Now I have to figure out how to protect ~2000 VMs and there is no way that I am going to do that with the GUI. But the MS documentation has me running in circles.
(https://learn.microsoft.com/en-us/azure/site-recovery/)
It would be very helpful if any of you can share the sequence of steps to protect and replicate a VM. The MS documentation does not lay out how the various components (fabrics, protection policies, protection containers, protection items, etc.) are related to each other.
I do not need specific syntax. The documentation does a passable job of detailing the syntax. I could use some guidance on the task sequence.
If it helps to understand the bigger picture, my intention is to use a System Center Orchestrator runbook to ingest a CSV list of VMs, parse that out into input for the Azure REST API / Powershell, and then enable protection.
Thanks in advance for any assistance or guidance that you are able to provide.
You can find recovery service API documentation here:
https://learn.microsoft.com/en-us/rest/api/recoveryservices/
When you have one definition put in place(manually from portal), you may also be able to study it from resource.azure.com to see how properties are composited. *not all resource available thru this portal
After that, you should be able to create template for either REST call or Resource Manager, depending on preference.
How can I avoid the 401 error, access denied, when i try to preform sync from one environment to another? I think there is an edit to the web.config that will allow this, but I am not sure what I need. I came across the same question in DevNet, but there wasn't an answer. https://devnet.kentico.com/questions/content-staging-windows-authentication-problem.
I got this to work. Sync points to /CMSPages/Staging/SyncServer.asmx. In IIS, I adjusted the Authentication on CMSPages. I enabled Anonymous, and disabled Windows Auth.
I did this on my DEV instance, and i'm syncing from PROD. So far, so good.
Did you set up the Staging user / credentials properly on the target and set them properly on the source site?
Is staging enabled on the target server?
Does both environments have Full Access/Control with their app pool processor?
Is it only some tasks or all tasks that you get this?
Is basic authentication also allowed on the sites (may be needed, but unsure on that)
After implementing the integration of Azure Active Directory and some other could applications like Salesforce, and syncing On-Premise Active Directory data by using Azure AD Connect, now I could auto login Salesforce and other cloud apps with Single Sign-On by using the credentials I used for desktop logon, but I still need to key in the credentials once when accessing Azure Applications page (Azure Portal).
Is there any configuration in Azure I can change to support auto-login by using the Windows credentials, so that once I log into my encrypted machine, I could auto login the Azure Applications page (the Azure portal) without key in password again? If Azure does not support no sign-on, what's the best way to do some development to support no sign-on?
Any post or suggestion will be appreciated!
You can always try to authorize users using Graph API. Maybe this will be helpfully: https://github.com/devkimchi/Graph-API-App-Only-Web-API-Sample
I had a similar issue when using ADFS for federated identity and the following article helped, not sure if it applies to Azure AD Connect but it might give you some useful info.
https://support.microsoft.com/en-us/kb/2535227
Thanks thedev and dawidr for your reply.
Finally I found a solution which might achieve the No Sign-On. AAD supports federation authentication, so just try to integrate the ADFS and AAD by using Azure AD Connect to implement the federation identify with On-Premise AD, then no more password key-in when accessing the Azure Applications. I don't have a proxy server with public IP so it's just a solution in my mind without verification.