We have a "Registered Application" in our Azure Active Directory, however, the old owner has been deleted from our account (he left the company).
Unfortunately, we can't restore the user, and no one in the company can manage the application because it doesn't have an owner anymore.
Although we can see the application in "Enterprise Applications", we can't see it in "App Registrations", and we can't add new keys, etc.
Is there a way, through Powershell, or any other interface, to add a new owner to this application so that we can use it again?
After a discussion in the comments, we discovered the app is actually a multi-tenant app registered in another directory.
That's why it only showed up under Enterprise applications.
When you enable a multi-tenant application in a directory,
a Service Principal (Enterprise application) is created in there.
The Application (where owners are registered) remains in the original directory where it was registered.
If you are a Global Admin, you can see the app.
You need to make sure you select All apps on the App registrations tab.
As an alternative, you can add an owner by using Azure AD PowerShell cmdlets: https://www.powershellgallery.com/packages/AzureAD/2.0.1.3
Connect-AzureAD
Add-AzureADApplicationOwner -ObjectId 3ddd22e7-a150-4bb3-b100-e410dea1cb84 -RefObjectId c13dd34a-492b-4561-b171-40fcce2916c5
ObjectId should be the object id of the application, you can get it by listing the applications with Get-AzureADApplication.
The second parameter, RefObjectId should be the object id of the user you want to add.
You should be able to get that from the portal, or with Get-AzureADUser.
Since you are a Global Admin you can go through the portal to assign a new owner to the application.
Here are steps to do so via this documentation https://aka.ms/Lcdcm6
Open the Azure Active Directory Extension by clicking All services at the top of the main left hand navigation menu.
Type in “Azure Active Directory” in the filter search box and select the Azure Active Directory item.
Click Enterprise Applications from the Azure Active Directory left hand navigation menu.
Click All Applications to view a list of all your applications.
-If you do not see the application you want show up here, use the Filter control at the top of the All Applications List and set the Show option to All Applications.
Select the application you want to assign a user to from the list.
Once the application loads, click Users and Groups from the application’s left hand navigation menu.
Click the Add button on top of the Users and Groups list to open the Add Assignment pane.
Click the Users and Groups selector from the Add Assignment pane.
Type in the full name or email address of the user you are interested in assigning into the Search by name or email address search box.
Hover over the user in the list to reveal a checkbox. Click the checkbox next to the user’s profile photo or logo to add your user to the Selected list.
Hope this helps.
Related
I have a group in my google workspace that has mostly external users.
The groups control panel allows me to make some of these external users owners of the group.
However, I cannot figure out how a given external user, with ownership permissions, actually administers the group.
If the external user / owner visits https://groups.google.com/a/the-domain-name/g/the-group-name/ they just get a "content unavailable" message.
Also, the google workspace group for which they are an owner does not show up in the "my groups" list at groups.google.com.
Does anyone know if having external users do google workspace group administration is actually possible?
Thanks.
I had the same issue and fixed it by changing the Sharing settings on our Google Workspace account.
In the Admin Console go to:
"Apps"
"Google Workspace"
"Groups for Business"
"Sharing settings"
And then choose "Public on the internet" under the section
"Accessing groups from outside this organization".
Also make sure to enable "Group owners can allow external members".
See an example of how I set up our sharing settings here
Hope it works for you!
It is possible. I did a test with my own Google Workspace and made my gmail.com account an owner of the group. The group appears in the list at groups.google.com and the external account has the same access as the GW user to manage all the group settings.
I'm new at IBMCloud, I'm following a tutorial http://www.instructables.com/id/IoT-Weighing-Scale/ but after register an account, I don't see any organization ID. I've been checking all the options in the main panel but can't find those 6-digits ID.
I need that in order to register the device (Esp32) https://organization_ID.internetofthings.ibmcloud.com/dashboard/#/overview
I have a LITE account for Internet of Things Platform Starter
Edit:
When login in internetofthings.ibmcloud.com I see no organization registered:
when I click in Register, it takes me to the Bluemix panel.. nothing else.
The org id could be found accessing one of your devices details, it is the first Id in the list
When you're logged into Watson IoT Platform's UI in a browser, the 6 character orgId is visible in the URL.
For example, in the screenshot below the orgId is "hldtxx".
you need to first register to https://console.bluemix.net/ then from Catalog select Internet of Things service, deploy it. Then go to IBM Cloud dashboard, select the IoT Service, click on Launch button and you'll be taken to xxxxxx.internetofthings.ibmcloud.com
After signing in, on the top menubar, click "Manage" and select "Access (IAM)". Then, from the left navigation menu, click "Users". Toward the upper right, under "Account:" (see image below), hover your mouse over the 'i' symbol to locate the Account ID.
I need to set someone as having full administrative rights to do anything in VSO. Where/how do I set this?
After you add a user to your VSTS, you also need to add it to project collection administrators group, after that he can add users to VSTS too.
Go to admin page (https://XXX.visualstudio.com/_admin/_security)
Select Project Collection Administrators
Click Members tab
Click Add button to add user to Project Collection Administrators group
I own one VSO account, and am a member of multiple other accounts (in a single login). When I install Application Insights into a web project, I'm not given an option of which account to use, and it installs to the wrong account.
Changing projects in Application Insights is easy to do but hard to figure out unless you know the "trick." It's a two step process. First you need to grab three keys that are buried in the Application Insights portal, then you need to apply them to a file in your project.
To change your account or application just go to the AppInsights dashboard for the project you want to use and click the gear on the top right of the page (The URL is: <YourVSOnlinePortalName>.visualstudio.com/_appanalytics/_admin#application=<AppInsightsProjectName>), then click "Get configuration keys and downloads." This contains all the keys you need for the project. Copy the following three values:
Account ID (This is the ID of your Application Insights account.)
Primary instrumentation key (This identifies your data so others can't send false data to Application Insights.)
Windows Phone 8 SDK instrumentation key (near the bottom of the page). Use this key no matter what kind of app your project actually is. I.e., even if it's a Web page you will still need this value. (This is the ID for a specific application in your Application Insights account.)
Now that you have these three keys, go to your project in Visual Studio and open the ApplicationInsights.config file.
Paste the Account ID into the <AccountID> element, the LicenseKey into the <LicenseKey> element and the last value, the instrumentation key, into the <ComponentID> element.
Fire up your app and you should start seeing data from the correct project!
"Application Insights Tools for Visual Studio" 1.3.1 released 5/30/2014, allows you to select the VSO account...
I just upgraded it (from 1.3.0) and now it allows me to select which account to send insight data to.
I need to transfer a repository from a user account to an organization the user is a member of. Per GitHUb's docs, I need to make the user account an admin of the organization first.
GitHub's docs describe the different levels of access to an organization, but I can't find out how to actually change a user's level of access to an organisation.
How can I make the organization member an admin?
Access levels in GitHub are configured per Team inside the Organization.
Log into GitHub.
Switch your account context to the organization using the dropdown near the top-left of the screen:
Click on "View organization":
Click the Teams tab in the top navigation bar:
Decide whether you want to change the permissions of an existing team (and all of its members) or to create a new team for a single user.
If you are modifying an existing Team,
click on the Team name,
then click the gear icon at the top right,
then change the Team's access to Admin and
click Update.
If you are creating a new Team,
click the New Team button,
give the Team an appropriate name,
set its access to Admin and
click Create Team.
Team memberships have somewhat limited permissions scopes to individually named repositories.
If you want to set someone as an admin for the entire organization:
Navigate to the Organization > People
Identify the member you want to update and click on the settings cog
Set role to Owner
Update 2022: GitHub entitlements can help you define an IAM (Identity and Access Management) complete with audits.
2017: Note that since June 2017, you can apply an Admin access right to a sub-team (instead of one giant unique team as before)
See "Nested teams add depth to your team structure":
Child teams inherit their parent's access permissions, so repository permissions and #mentioning among nested teams work from top to bottom.
If your team structure is Employees > Engineering > Application Engineering > Identity, granting Engineering write access to a repository means Application Engineering and Identity also get that access.
So that is another way to assign a user admin right: make him/her part of a sub-sub team called "admins" within an organization.
Official GitHub Documentation: Nested Teams.