Monday, August 19, 2019

Microsoft Groups

Following some research over the types of groups being offered by Microsoft. 

I realized that I didn't come across a feature comparison among all Microsoft groups. So I said myself why not create one :-) and share it.



Thanks
Siva Pokuri.

Friday, August 9, 2019

Azure AD Webhooks (Azure Notifications)

Webhooks playing a much important role in today's event-driven communication between the server and a client, especially broadcasting changes from server to clients involving any changes. In a way, webhooks works reverse than the usual client sends a request to a server/service.

Lately, most of the cloud service providers have this feature in their cloud offerings. I got a chance to check out and try Microsoft Azure AD webhooks/notifications. It comes handy especially when there is a requirement to monitor activities and notify concern parties for action. For example, user & group management actions "create/update/delete" from Azure AD and gets notified to a pre-configured HTTPS notification URL.

Azure AD has the option to subscribe to "notifications" to quiet a list of services.

Here is the link for the list of supported resources.

A Sample application to subscribe to Azure AD Graph API "/users" endpoint, notification and receive the notification to configured notification URL. I tested and it served my requirement.

Microsoft sample used ngrok (a web reverse proxy available for free) to configure the HTTP(S) URL to test from the local environment. But, Azure AD functions can be used to get & read the notifications and act on the notification messages.

Quick demo video --

For more details check below links from Microsoft. Pretty straight forward to configure and test quickly.

https://docs.microsoft.com/en-us/graph/webhooks

Thanks

Siva Pokuri

Thursday, April 25, 2019

Tips: Azure AD B2B user UserPrincipalName(UPN) update

Issue:

Trying to update the UserPrincipalName (UPN) of B2B user to some public domain email address like siva@gmail.com in Azure AD tenant and results below error message.

Error message - "Property userPrincipalName is invalid"



Solution:

Make sure create/update user UPN with verified domain names in Azure AD tenant.

Thanks
Siva Pokuri.

Monday, March 25, 2019

Service providers and identity providers

Identity federation standards identify two operational roles in an SSO transaction:

  1. Identity provider (IdP)
  2. Service provider (SP).


An IdP, for example, might be an enterprise that manages accounts for a large number of users who may need secure access to the Web-based applications or services of customers, suppliers, and business partners.

An SP might be a SaaS provider or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services.

Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP.

The IdP continues to manage its users, and the SP trusts the IdP to authenticate them.

Thanks,
Aditya

Sunday, January 20, 2019

Ping Access internet proxy setting to access token provider

Offen this kind of setup needed especially when deploying ping access internally and token provider such as Ping federation/Aure AD in the cloud.

In this kind of set up, secure internet access needed from Ping Access needed in order to register the token provider.

First, register the internet proxy IP and port number (provide credentials if proxy need authentication) in the Ping Access Administration console settings >> networking >> proxies

Next, Add created proxy instance to Administration/replica Administration nodes and all the engine nodes(If in the multinode cluster setup) else if in a standalone setup adding in Primary Administration node is good enough.

Thanks
Siva Pokuri



Thursday, January 17, 2019

The AccessGate is unable to contact any Access Servers."#011raw_code^301#011

Error: The AccessGate is unable to contact any Access Servers."#011raw_code^301#011

Version: OAM 11.1.2.3 and later

Work Around:


  1. Go into oamconsole and modify the webagte profile ( may be decrease the Cache Timeout by a second )for the first agent and save it.
  2. Download webagte artifacts
  3. Copy the artifacts from the the oam server directory to appropriate directories for the correct webgate.
  4. Restart the webserver instance on which webgate is running.


Thanks,
Aditya.