Failed to add users to my organization in DevOps - azure-devops

I have a problem and apparently it happens because before I had my business account registered as a personal account in microsoft. I have already deleted that account to keep the business account only but now when I want to add the account to my organization in DevOps it does not allow me to add it, it tells me that there is an error and already, it does not add it to the organization.
I realized that DevOps tries to add the personal Microsoft account again and not the new one I have (Microsoft 365), I don't know how I can solve that, if they could help me.
The question is also in Developer Community in Microsoft: https://developercommunity.visualstudio.com/content/problem/1096647/no-puedo-unirme-a-una-organizacion-en-devops.html

Solved the issue with these steps below:
Sign out the account and close the browser.
Please ask your Project Collection Admins (PCA) to delete and re-add the account in the organization.
Don't click the email link or use the normal browser window to access the organization.
Firstly, please open an InPrivate/incognito browser window. Then, you could access to "https://dev.azure.com/TCI-Software" directly in the InPrivate/incognito browser window.

Related

Cannot create projects in brand new azure devops org

I showed a friend azure devops and she wanted to try it out. She created a brand new org, but cannot create any projects under the org. She gets a blank error at the top of the screen. It doesn't matter if any of the fields are filled out or not. Create is grayed out. (See below).
She is the org owner, has a basic license, is in the project collection admin group, and we verified she has create project permission. What is the issue?
This was because my friend used an organization email to sign up for AzDO. Her org needs to grant O365 access. I've signed up with my personal email and didn't run into this issue.

Github App transferred to Organisation not showing "Install App" etc

I asked this question on the github community support forum, but I'll ask this here too since no reply there...
I am trying to setup a Github App to give some scripts limited Admin rights to some repos in an Organisation. The Organisation is (I believe) under an Enterprise account - we are using this currently instead of having an Enterprise server. I have created the App, transferred it to the Organisation, and one of the Organisation Admins (which I an not) has set me as the manager. So far so good. However, although I can see the App in the Organisation Settings, there is no “Install App” button. Also trying to use it in scripting gives 401 (A JSON web token could not be decoded) errors trying to get hold of a “PAT” for the app - even though the Admin has installed it into the app.
There is obviously something wrong but I’m at a loss. Does anybody know of some extra logs that can be looked at or have a suggestion on how to approach this. We’ve tried deleting the app and retrying - no different. I should say this is the third app I’ve created for transferring into the organisation this way - so far it has just worked.
We raised a support ticket on this so got a formal answer. I thought it might be useful to replicate the key part of the answer here. Essentially the issue is the fact this App has Admin rights. I am an Administrator on some of the repos, and am "App Manager" for this App, but I am not an Owner of the Organisation.
I quote:
"""GitHub App permission requests [control] access to a number of organization REST API endpoints... As these endpoints are outside the individual repository scope, only the organization owner can approve requests to add or change them. If this wasn't the case, App Managers who aren't organization owners would be able to grant an application the ability to view organization members and teams - which is private organization information that can otherwise only be granted by organization owners via inviting new organization members."""
Basically that is it. The original idea was to allow a central place to set some things that only an Administrator could set in a repo - c.f. branch rules. Seems that this can't be done as is with an App - the system just isn't flexible enough.
The alternative, which I know works, is to use the PAT of a user with Admin rights. That just feels less secure.

Correctly link Azure Devops Organisation to Azure AD Account

I've had a standalone Azure Devops Organisation (call it MyOrg1) for quite a while, and I've recently linked it to my Azure Active Directory, and set my Azure AD user myname#my-azure-ad as the organisation owner.
This seemed to work ok. I can go directly to the URL dev.azure.com/MyOrg1, and see all my projects etc. All good so far.
The problem is that if instead I go directly to dev.azure.com, and login as my Azure AD user, it doesn't seem to recognise that this user is already associated with an existing devops account. It instead prompts me with the "Get started with Azure DevOps" screen with the option to "Continue".
If I choose "Continue" it then creates a new Organization for me like "[myname]1234".
So far this is mostly just a nuisance, but not a huge problem. However the more significant problem is that in Visual Studio, I'm not able to see MyOrg1. It will only list the new organisation "[myname]1234". If I attempt to manually add the server URL "dev.azure.com/MyOrg1" it won't work, and doesn't seem to recognise that the user myname#my-azure-ad has access to this organisation.
It shows the message "To access an Azure DevOps account, login using the picker above". The picker already shows my user myname#my-azure-ad
In the MyOrg1 organization settings, I can see that my account is definitely listed as the organisation owner, and I can see that my Azure AD is definitely linked.
I can't figure out what could be wrong. Everything looks correct, but it just doesn't work.
Just in case it makes a difference, organisation MyOrg1 is in a different region to my Azure AD. I can't really see why that would matter though, since it seemed to link it just fine.
I managed to correct the issue by doing the following...
Create a new Global Admin user account in AAD
Add this user to the DevOps organisation and set as owner
Remove my original myname#my-azure-ad from the DevOps org
Re-add myname#my-azure-ad to the org and re-assign as the owner
The only thing I can conclude is that because myname#my-azure-ad was originally added to the org before the org was linked to the AAD that this must have messed something up.

Associate personal VSTS to an Organisation

When I created VSTS account, mistakenly I have chosen Personal instead of Work,School... (as you can see on the picture)
Now I need to associate it with my organisation account. I search a lot and I couldn't find anything useful.
Please guide me to solve this problem.
Sorry, you can't associate personal VSTS to an Organisation Although both identities use the same email address, they're still separate identities with different profiles, security settings, and permissions.
Please see the Q&A below:
Why must I choose between a "work or school account" and my "personal
account"?
Choose Work or school account if you want to use your organization's directory to authenticate VSTS users and to control
VSTS account access. This limits access to members in your
organization's directory. All other users must sign in with work or
school accounts too.
Choose Personal account if you want to use your Microsoft account with VSTS. All other users must sign in with Microsoft
accounts too.
If you feel annoying about the pop-up, you could just follow the
link to rename your personal Microsoft account.
If you are worrying about the subscribers:
Within the Visual Studio subscriber portal, you may be able to add an
alternate identity--in addition to the identity you used during activation. Today we allow you to add an alternate identity if you
used a Microsoft account to activate your subscription. This way you
can also add a work or school account (which you use when logging into
Visual Studio, Office 365, or your corporate or school network),
allowing you to access VSTS using both your personal account and your work or school account.
Detail steps please take a look at:How to add an alternate identity to your Visual Studio subscription
If you can't sign in when choose both please see: Why can't I sign
in after I choose either "personal Microsoft account" or "work or
school account"?
Check this link to associate your personal account with a organization account.
https://learn.microsoft.com/en-us/vsts/release-notes/2018/mar-05-vsts#subscriptions

How to use Microsoft (not Organizational) account with Add-AzureAccount?

I'm trying to use the Add-AzureAccount command that's part of the Azure PowerShell tools (August 2014, v0.8.6), and although various examples on the web lead me to expect that it will let me use either an organizational account or a Microsoft Account to log in, in practice, it seems to be requiring an organizational account.
When I execute the command, it opens a hosted browser window as expected, but the prompt says Sign in with your organizational account followed by a username and password. There seems to be no way to tell it that no, I actually need to use a Microsoft Account.
(As it happens, my email address is associated with both an organizational account, and also a Microsoft Account. This may not be helping.)
I could create a completely separate organizational account in an Azure Active Directory, make that a co-admin, and log in with that, but it seems like this shouldn't be necessary.
Is there some way to force it to offer me both options?
I was able to resolve this problem through trial-and-error. As Paul points out in his post, you can load your subscription info into PowerShell using the following sequence:
1. Get-AzurePublishSettingsFile
This will open a browser to a special page that lets you download your profile settings file.
Note: If you have multiple subscriptions, you must use the dropdown to select the one that contains the Azure components you want to manage. For instance, I have a BizSpark subscription that I use for my own company, and a separate MSDN subscription that my clients use (adding me as an administrator). Both subscriptions show up on my management portal page, so I needed to download 2 separate publishsettings files.
2. Import-AzurePublishSettingsFile my-subscription.publishsettings
In my case, I renamed the settings files to "BizSpark.publishsettings" and "MSDN.publishsettings", so I ran this command twice.
3. Get-AzureSubscription
This will list all of the subscriptions that have been imported into PowerShell, showing the subscription name and the other properties.
4. Select-AzureSubscription -SubscriptionName "my-subscription"
You can now use the subscription name to select the subscription you want to use. This allows you to switch back and forth between subscriptions and work with the Azure components you need to manage.
Use #outlook.com instead of the organizational address and you will be directed to the Microsoft Account login.
Azure can be signed up with either Microsoft Account or Organizational Account. Add-AzureAccount will display a message like "Sign in with your organizational account" in the browser window, but actually if you input your Microsoft Account email address into the box and move focus out, the page will redirect to Microsoft Account sign page automatically, and then you can sign in.
Sometimes you may meet some error like "The cache contains multiple tokens satisfying the requirements". You can try to clean all the existing Azure Accounts firstly and then try to sign in again.
To clean up, run Get-AzureAccount | Remove-AzureAccount.
I have a similar problem. Using Add-AzureAccount with my Microsoft Account result in adding my organizational account.
For example I run Add-AzureAccount, in the form I type davideicardi#hotmail.com (my Microsoft account) but the resulted account is davide.icardi#mycompany.com (my organizational account).
I solved by deleting all the Azure account registered on Power Shell (also the one not related to my account, using Remove-AzureAccount), then I have deleted IE cookies (not sure it this is important...), closed the powershell console and executing again Add-AzureAccount.
I suspect that there is a bug somewhere...