I have been working in an organization and recently purchased membership developer account and I was invited to join it and I joined.
As I started creating certificate using CodeSigningRequest it created a new certificate.
But when I am trying to add a new app-id it says
An unexpected error occurred
And when I am trying to create a new provisioning profile it says
Access Unavailable
Your membership privileges do not include access to this page.
To view your current membership status and benefits, click View Account.
Please let me know whether I need to be admin to create provisioning profiles or an appid
You need to go to log in to iTunes Connect, the Users and Roles, select a user (yourself) and get Team Admin role.
See Maintaining Your Signing Identities and Certificates:
Agent (there can be only one)
Only a team agent can create a Developer ID certificate. If you have a company membership, read Managing Your Team in Member Center for a description of team roles and tasks that team agents perform on behalf of team members.
Admin (manage certificates, make other admins, etc.)
A team admin can set the privilege levels of other team members, except the team agent. Team admins manage all assets used to sign your apps, either during development or when your team is ready to distribute an app. Team admins are the only people on a team who can sign apps for distribution on nondevelopment devices. Team admins also approve signing certificate requests made by team members.
See Managing Your Team in Member Center:
(Contact any Agent or Admin to become an Admin)
A team agent is legally responsible for the team and acts as the primary contact with Apple. The team agent can invite team members and change the access level of any other team member. There’s only one team agent.
If you do not see the Users and Roles as below in iTunes Connect, you are neither Agent nor Admin.
Related
This article describes the process of reclaiming an 'orphaned' Azure DevOps organization.
However, to be considered orphaned the organization must have no active administrators.
If your user is not a member of the organization, there appears to be no way to determine the members of the organization's Project Collection Administrators group (although there is a way to determine the organization owner).
Is there any way to reclaim an organization that is not orphaned, either because the owner is still active (but, say, unavailable) or because there are active (but unknown) users in the Project Collection Administrators group.
Is there any way to reclaim an organization that is not orphaned, either because the owner is still active (but, say, unavailable) or because there are active (but unknown) users in the Project Collection Administrators group.
If the organization is backed with AAD, you can still follow the doc "Assign owner to orphaned organization" to claim back the organization owner when the Owner/PCA is unavailable.
You can disable sign in the owner&Project collection administrator account from Azure portal, then the DevOps admin user can find the claim ownership button when access the Organization.
Or you can submit a support ticket on azure portal or Community forum to ask for support help.
Currently my organization in Azure DevOps contains two users: myname#mycompany.com (Personal Account) and myname#mycompany.com (Work Account).
myname#mycompany.com (Work Account) is the organization owner. When I log into devops with this account, I cannot do anything without avoid the user being switched to the Personal Account automatically.
The personal account does not have permission to manage users nor change and organization settings. So I am kind of stuck.
My end goal is to link this organization to our Azure Ad tennant, that my Work Account is member of.
How can I fix that?
If you want to use the AAD identity of the same email address to access the organization, you first need to check whether the organization is connected to AAD like this in the Azure Active Directory of the organization settings.
Secondly, when you log in, please select Work or school account. This happens when you sign in with an email address that's shared by your personal Microsoft account and by your work account or school account.
Select Work or school account if you used this identity to create
your organization, or if you previously signed in with this identity.
Your identity is authenticated by your organization's directory in
Azure AD, which controls access to your organization.
Select Personal account if you used your Microsoft account with Azure
DevOps. Your identity is authenticated by the global directory for
Microsoft accounts.
In addition, you can open a private or incognito browsing session and sign in, which can avoid the influence of the identity cached by the browser.
Here is the document about troubleshooting access via Azure AD you can refer to.
I disconnected my organization from Azure Active Directory and now it's missing from both my Microsoft account and this AAD.
It also didn't appear in recently deleted organizations.
It is still existing somewhere because I cannot create organization with the same name.
Before disconnecting it I double-checked that I am the owner of organization and it should remain on my account.
Lost organization after disconnecting it from Azure Active Directory
I had the same issue once, that was because I did not meet the prerequisites for disconnecting from AAD.
You could check if you meet the prerequisites for disconnecting from AAD based on this document:
Disconnect your organization from Azure Active Directory
Before you disconnect your organization from your directory, make
sure to change the organization Owner to a Microsoft account and not
to a school or work account. You can't sign in to your organization
unless your work or school account has the same email address as your
Microsoft account.
Add your Microsoft account to the Project Collection Administrator
group in Organization Settings and confirm that you have Global
Administrator Permissions in your Azure AD for your Microsoft
account. You need both because Azure AD users can't disconnect
organizations from directories. You can add Microsoft accounts to a
directory as external users.
As workaround, please try to access https://aex.dev.azure.com/ and change domain to see if your organization lists here:
Hope this helps.
we have created a project and a team on visualstudio.com with one admin and two basic users. Now admin has left the team and we are not able to managing users, because all of us are only basic users. Is there any way to restore his account or change privileges to one of the existing accounts?
The only way to even try to accomplish this is through Support. If the VSTS is AAD managed, they can fix this for you. If the account is Microsoft Account backed, then it is owned by the user and support will likely tell you to create a new account instead. They can't "steal" an account for you.
See:
https://visualstudio.microsoft.com/team-services/support/
On the Users tab I'm trying to add a new user but the prompt says "Select user from directory" and when typing an email address to invite it just says "No identities found". This is a newly created account with default settings not linked to any azure subscription.
The settings show Allow External Guest Access which I assume should allow any microsoft account to be invited.
According to the screenshot you provided, your VSTS account is backed by an Azure Active Directory which requires that all users are directory members before they can get access to your Team Services account. So you need to add the user to your AAD first.
"External guest access" is used for external users who are added as guests through Office 365 or added using B2B collaboration by your Azure AD administrator.
Q: Can I control access to my Team Services account for external users in the connected directory?
A: Yes, but only for external users who are added as guests through
Office 365 or added using B2B collaboration by your Azure AD
administrator. These external users are managed outside the connected
directory. To learn more, contact your Azure AD administrator. The
setting below doesn't affect users who are added directly to your
organization's directory.
Refer to this link for more information: Team Services: Access with Azure Active Directory (Azure AD).