We use Visual Studio Team Services backed by Azure AD and want any user in our AD to be able to submit a feature or bug. I know some products like Jira allow this either through their issue collector or via email. It seems with VSTS the user has to be a stakeholder in the project or else they would receive a 401 (I tested with one user in our AD). Has anyone found a good solution or extension that allows AD users (or users external to the project) to submit features requests/bugs to a VSTS project? Or do we have to create something utilizing VSTS's REST API?
The user must be added to your VSTS, then he can submit a feature or bug work item. Regarding personal access token (can call Work item REST API), it is created by the user in your VSTS too, it is not recommended, because of the security issue and you don’t know who submit the feature or bug, it’s hard to manage.
Related
I asked this question on the github community support forum, but I'll ask this here too since no reply there...
I am trying to setup a Github App to give some scripts limited Admin rights to some repos in an Organisation. The Organisation is (I believe) under an Enterprise account - we are using this currently instead of having an Enterprise server. I have created the App, transferred it to the Organisation, and one of the Organisation Admins (which I an not) has set me as the manager. So far so good. However, although I can see the App in the Organisation Settings, there is no “Install App” button. Also trying to use it in scripting gives 401 (A JSON web token could not be decoded) errors trying to get hold of a “PAT” for the app - even though the Admin has installed it into the app.
There is obviously something wrong but I’m at a loss. Does anybody know of some extra logs that can be looked at or have a suggestion on how to approach this. We’ve tried deleting the app and retrying - no different. I should say this is the third app I’ve created for transferring into the organisation this way - so far it has just worked.
We raised a support ticket on this so got a formal answer. I thought it might be useful to replicate the key part of the answer here. Essentially the issue is the fact this App has Admin rights. I am an Administrator on some of the repos, and am "App Manager" for this App, but I am not an Owner of the Organisation.
I quote:
"""GitHub App permission requests [control] access to a number of organization REST API endpoints... As these endpoints are outside the individual repository scope, only the organization owner can approve requests to add or change them. If this wasn't the case, App Managers who aren't organization owners would be able to grant an application the ability to view organization members and teams - which is private organization information that can otherwise only be granted by organization owners via inviting new organization members."""
Basically that is it. The original idea was to allow a central place to set some things that only an Administrator could set in a repo - c.f. branch rules. Seems that this can't be done as is with an App - the system just isn't flexible enough.
The alternative, which I know works, is to use the PAT of a user with Admin rights. That just feels less secure.
I have a problem and apparently it happens because before I had my business account registered as a personal account in microsoft. I have already deleted that account to keep the business account only but now when I want to add the account to my organization in DevOps it does not allow me to add it, it tells me that there is an error and already, it does not add it to the organization.
I realized that DevOps tries to add the personal Microsoft account again and not the new one I have (Microsoft 365), I don't know how I can solve that, if they could help me.
The question is also in Developer Community in Microsoft: https://developercommunity.visualstudio.com/content/problem/1096647/no-puedo-unirme-a-una-organizacion-en-devops.html
Solved the issue with these steps below:
Sign out the account and close the browser.
Please ask your Project Collection Admins (PCA) to delete and re-add the account in the organization.
Don't click the email link or use the normal browser window to access the organization.
Firstly, please open an InPrivate/incognito browser window. Then, you could access to "https://dev.azure.com/TCI-Software" directly in the InPrivate/incognito browser window.
I have to think of a way to create an approval process on Bitbucket for repositories.
Before creating a repository, co-worker submits a ticket to get approval from manager to be able to get the "go-ahead create repository" or denied. Is this possible to do?
My manager notified it could be similar to submitting a ticket on Sharepoint.
I have not found any ways by trail and error or from using resources, so I am reaching out to see if anyone else had to do something similar.
Are you using Bitbucket Cloud or Bitbucket Server?
In either case, I don't believe there's a way to provide conditional, temporary permission to create a single repository of a specific name or team/project.
What I would do in your situation is to set up some kind of bot account (whether using a dedicated account, or a selected individual's account in combination with an app password/personal token) that could be triggered by your approval process and would create a specified repo and grant permissions to it to a specified user. Depending on the tools you're using it's a pretty open ended solution space, but the API calls for Bitbucket Cloud and/or Server should be reasonably straight forward to achieve this, so it's just matter of figuring out how you would trigger and run such an automation.
Our main Azure DevOps Organization is linked to our Azure AD. We need to invite customers to specific projects as stakeholder only, and with this, they are added as external users in our AD. We found that within a customer project also, all other external users are visible, e.g. via mention with # anywhere in the text or assignment drop-down, although these do not have access to that project. Our only workaround so far is to create new non AD linked customer specific organizations, but this is really not the right way to go (licencing, management etc.)
Is there any option to prevent this and to restrict visibility to only those users, which are part of a project (or planned)?
I tested and found the same issue as you said. It is by design, you can raise a problem in the Developer Community
https://developercommunity.visualstudio.com/spaces/21/index.html
Besides, since there is a workaround that works now, continue on this basis. You can create different AAD for the customer specific organizations, then add the customers to these AAD. Thus, these users will be invisible because they are in different AAD organizations.
I am making a small Git / Github demo for first-time users and want to use Github Pages, for which I needed to create a new Github organization. During the 30 min I'll have to do the demo, users will need to create new Github accounts and join the organization. Since I'll have so little time, is it possible for users to request organization membership, rather than me having to invite each person manually by email lookup?
I've seen this before but only through third-party apps. Is there no way to do this directly within Github?
Directly with GitHub, I have seen no evidence of that feature.
Through third-party apps indeed, yes.
As an example: benbalter/add-to-org would automatically add users to an organization.
For smaller teams, this may not be possible. The feature that you have mentioned seems similar to user provisioning and is available for Enterprises through Okta /Azure Active Directory. This link has more details on the User Provisioning.