堆栈内存溢出
  简体   繁体   English

可视团队服务:无法根据公司AD进行身份验证

[英]Visual team services: Unable to authenticate against company AD

 原文  2016-04-07 14:04:53       azure/ active-directory/ azure-devops

问题描述

This used to work, but it no longer does. 这曾经起作用,但现在不再起作用。 Not sure what changed and the guys on my side aren't either. 不知道发生了什么变化,站在我这边的人也不是。

We have Visual Team Services and are hosting our code in there. 我们拥有Visual Team Services,并在其中托管我们的代码。 Currently, I can still check-in/check-out, but if I try to access the Web Portal, I'm unable to authenticate. 目前,我仍然可以签入/签出,但是如果尝试访问Web Portal,则无法进行身份验证。 Here is my flow: 这是我的流程:

  1. Visual Studio 2015 > Team Explorer > click Web Portal Visual Studio 2015>团队资源管理器>单击Web门户
  2. Get prompted on login.microsoftonline.com to enter my Email or phone. 在login.microsoftonline.com上提示输入我的电子邮件或电话。 Enter company email address that is assigned to this TFS instance 输入分配给该TFS实例的公司电子邮件地址
  3. login.microsoftonline.com says "It looks like is used with more than one account." login.microsoftonline.com说:“该帐户似乎已用于多个帐户。” and I select "Work or school account" so I can authenticate against company AD. 然后选择“工作或学校帐户”,以便可以针对公司广告进行身份验证。
  4. Prompted for username/password and enter corporate username/password 提示输入用户名/密码,然后输入公司用户名/密码
  5. Get redirected to 401: not authorized. 重定向到401:未经授权。

The interesting part here is that the username it's looking at is my UPN (username@fullDomain). 这里有趣的部分是它正在查看的用户名是我的UPN(username @ fullDomain)。 That is the issue. 这就是问题所在。 I'm registered with my email address, so I understand why it's saying my UPN isn't valid. 我已经用我的电子邮件地址注册了,所以我明白为什么我的UPN无效。 But why is it looking at my UPN when it used to look at my company email address? 但是,当它过去查看我公司的电子邮件地址时,为什么还要查看我的UPN? What could have changed? 可能发生了什么变化?

1 个解决方案

解决方案1
 0  2016-04-07 14:23:11

When you are using Azure Active Directory, then your on-premises account if you are syncing accounts should have the UPN set to your external domain, meaning in most cases it matches your email address. 当您使用Azure Active Directory时,本地帐户(如果要同步帐户)应将UPN设置为您的外部域,这意味着在大多数情况下它与您的电子邮件地址匹配。

Whoever is your Azure AD admin will then need to grant you access to the application. 然后,无论谁是Azure AD管理员,都需要向您授予对应用程序的访问权限。 Microsoft have a really good guide for setting this up. Microsoft有一个非常好的设置指南

The example in the guide doesn't cover synchronised accounts from your local Active Directory I don't think, just cloud only accounts setup in Azure AD. 指南中的示例不涵盖本地Active Directory中的同步帐户,我认为,仅涉及Azure AD中的仅云帐户设置。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 有人离开公司时的Visual Studio Team Services - Visual Studio Team Services when someone leaves the company 针对Azure AD进行身份验证 - Authenticate against Azure AD 无法配置Visual Studio Team Services Azure托管代理 - Unable to configure Visual Studio Team Services Azure Hosted Agents 针对 Azure AD 进行身份验证 - ColdFusion Web 应用程序 - Authenticate against Azure AD - ColdFusion Web Application 如何通过API针对Azure AD进行身份验证 - How to Authenticate against Azure AD via API Visual Studio团队服务ACL - Visual Studio Team Services ACL Visual Studio Team Services构建 - Visual Studio Team Services build Visual Studio团队服务/ Azure - Visual Studio Team Services / Azure 无法从Visual Studio Team Services(是Visual Studio Online)内部版本在远程计算机上执行IIS管理命令 - Unable to execute IIS Administration commands on remote machine from Visual Studio Team Services (was Visual Studio Online) Build 如何添加AD FS服务器以针对AD进行身份验证 - How to add AD FS Server to authenticate against AD
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM