I have three Cognito groups: admin, user, and engineer. I want to allow the admin group to remove/edit a user from a group.
I was reading documentation about admin-remove-user-from-group but this action requires developer credentials.
is there any policy that I can attach to admin-role that allows this action?
I really appreciate any help you can provide.
Related
I have made a web app that using Microsoft Graph api's. when we authenticate user using their personnel account then it work perfectly but when someone use their organizational account then error display which is
"AADSTS65001: The user or administrator has not consented to use the application with ID '29eb2e50-3e2b-45a4-9488-d9b08a34b6f0' named 'testing app'.
Send an interactive authorization request for this user and resource.
Trace ID: 4a665bcf-c19e-48f8-b5c2-056e61aa2d00
Correlation ID: 1ad728bb-6fa2-4f27-ae5e-215f580d2e9e
Timestamp: 2022-09-05 10:46:49Z","error_codes":[65001],"timestamp":"2022-09-05 10:46:49Z","trace_id":"4a665bcf-c19e-48f8-b5c2-056e61aa2d00","correlation_id":"1ad728bb-6fa2-4f27-ae5e-215f580d2e9e","suberror":"consent_required"}
now kindly let me know how can we resolve it. I have done all changes in our azure app which is provided by the internet but still the same error please let me know which permission I should add or which changes are made to resolve this issue thanks.
First, you need to be the administrator of the tenant (if you are not a tenant administrator, you cannot give the administrator permission), you can set up user roles according to Assign Azure AD roles.
1.Log in to https://portal.azure.com as a tenant administrator.
2.Open the registration of your application in the following location.
3.Go to settings and then the required permissions.
4.Press the grant permission button.
Check if the user or organizational account has the required permission granted as seen in the sample below.
I am making a app that requires to scope the users to a specific access level.
For Example there are Three groups
Admin FUll CRUD
Teacher Table Specific permissions
Student Table Specific permissions
While Admin will be created From the Console and that admin will create Teachers accounts.
When anyone signs up to the app I need them to be put in a Students Group by default.
Using the Amplify CLI when adding the auth category in the default or manual workflow you can setup a lambda trigger to add a user to a cognito group automatically upon signup.
Walk through the options until you reach this step and select Add User to Group:
$ Do you want to enable any of the following capabilities?
❯ ◯ Add Google reCaptcha Challenge
◯ Email Verification Link with Redirect
◯ Add User to Group
◯ Email Domain Filtering (deny list)
◯ Email Domain Filtering (allow list)
◯ Custom Auth Challenge Flow (basic scaffolding - not for production)
◯ Override ID Token Claims
See this section of the CLI documentation for more details: Set up lambda triggers
RE: https://jfrog.com/knowledge-base/when-do-the-groups-associated-with-an-ldap-user-get-updated-in-artifactory/
The Knowledge Base article above says:
"LDAP user authentication requests using Encrypted password or plain text password will update the LDAP group association changes from the LDAP server."
We've added a user to a group, but that user still can't see the artifacts governed by that group even after he has logged in. How can we cause Artifactory to update its group membership cache?
Please ask the user to logout and log back in after being added to the groups. Artifactory will try to reach to the LDAP server for validating the creds and then get the groups associated with the user which is returned from the LDAP server.
There is a chance that LDAP cache as mentioned in here https://www.jfrog.com/confluence/display/JFROG/LDAP#LDAP-Non-UIAuthenticationCache might take effect the groups to be associated if the user session is not hitting the LDAP server.
In our SonarQube instance we have recently enabled LDAP authentication. Prior to LDAP integration the users were manually created. It so happened some of the users were created using the same LDAP user ID and custom password.
Now when LDAP is integrated we want all users use the LDAP ID/pass instead of previously manually created ID/password. SonarQube login works with manually created password rather than LDAP password. So how do remove the manually created users and only activate the LDAP users?
PS: I dont see the option to delete but only to de-activate
As replied by Jeroen Heier in comments, removing users from Administration > Security > Users will allow you to reuse the login of the removed user with an LDAP account.
If it's not the case, please describe what you're doing.
While I'm concerned with the deletion of an account... why can't you re-activate a user if you de-activated them through the UI. This is incredibly painful if a user was accidentally deactivated.
i want to customize login in Liferay 6.2. I've internal liferay users and ldap users. All users have a record in liferay user_ table. The differences are: internal users must change password at first login and see password reminder question.
Ldap users make only login with their password.
Acutally Liferay ask to ldap users to change their password and set password reminder question. These users change password but at next login, login is possible by old ldap password (correct). Liferay must not write in ldap.
How can i remove password change and password reminder question for ldap user?
There's a password policy that you can set per organization. If you introduce a new organization for each of the groups (or just one might suffice as well) you can have individual password policies per organization.
In Password policies you can configure quite a lot of stuff, e.g. should passwords be changed on first login etc. You can also select the "LDAP Password Policy" in the LDAP configuration screen. I'm rarely working with password policies, thus it's hard to give detailed directions - let me know if this is sufficient or if you need more detailed pointers