Visual team services: Unable to authenticate against company AD
Question
This used to work, but it no longer does. Not sure what changed and the guys on my side aren't either.
We have Visual Team Services and are hosting our code in there. Currently, I can still check-in/check-out, but if I try to access the Web Portal, I'm unable to authenticate. Here is my flow:
- Visual Studio 2015 > Team Explorer > click Web Portal
- Get prompted on login.microsoftonline.com to enter my Email or phone. Enter company email address that is assigned to this TFS instance
- login.microsoftonline.com says "It looks like is used with more than one account." and I select "Work or school account" so I can authenticate against company AD.
- Prompted for username/password and enter corporate username/password
- Get redirected to 401: not authorized.
The interesting part here is that the username it's looking at is my UPN (username@fullDomain). That is the issue. I'm registered with my email address, so I understand why it's saying my UPN isn't valid. But why is it looking at my UPN when it used to look at my company email address? What could have changed?
1 answers
solution1
0 2016-04-07 14:23:11
When you are using Azure Active Directory, then your on-premises account if you are syncing accounts should have the UPN set to your external domain, meaning in most cases it matches your email address.
Whoever is your Azure AD admin will then need to grant you access to the application. Microsoft have a really good guide for setting this up.
The example in the guide doesn't cover synchronised accounts from your local Active Directory I don't think, just cloud only accounts setup in Azure AD.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.