Would you like to know if it is possible to store the conversations between Kaizala Groups and Participants, if it is possible to store the messages?
Kaizala Pro subscription allows organizations to store/backup Org group conversations. Tenant Admin for Org can enable data retention for your Org groups using Kaizala Management Portal.
Sign-In to Kaizala Management Portal
Open Settings page
If you are Tenant Admin, you will find option to enable ‘Data retention for all org groups’
Related
I have Auth0 configured with Social Connections > Microsoft Account.
This is linked through Client ID/secret to a Microsoft Azure Active Directory tenant in my Microsoft organisation, with an App Registration set to allow:
Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
All users with a work or school, or personal Microsoft account can use your application or API. This includes Office 365 subscribers.
When I log in through my app, I can authenticate successfully using my personal account eg. blah.blah#gmail.com
However, when I try to authenticate with my work account blah.blah#myawesomecompany.ai, which is managed with an Azure Active Directory, it fails with
"That Microsoft account doesn’t exist. Enter a different account or get a new one.":
I thought given the Microsoft settings it would allow it connect.
How can I make Auth0 allow Microsoft authentication with other company's existing Azure Active Directory?
Also - can I configure it to limit that feature to specific companies AAD eg. those I have specifically nominated?
Is there a way to configure this without having to upgrade to Auth0 Enterprise?
I tried to reproduce the same in my environment and got the results like below:
I created an Azure AD Application:
Note that: Make sure to use common endpoint for Multi-Tenant and Microsoft accounts.
For sample I used the below endpoint to authorize the users:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=ClientID
&response_type=code
&redirect_uri=RedirectURI
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345
When I tried to sign-in with the personal account, the user logged in successfully like below:
And now I tried to login with other tenant user like below:
By using common endpoint, I am able to sign with personal accounts and other tenant accounts too successfully.
To limit the feature to specific companies AAD, check this blog.
Auth0 Enterprise is required to authorize tenants to the Azure AD Application.
For more in detail, refer below MsDocs:
Use tenant restrictions to manage access to SaaS apps - Microsoft Entra
Multi-tenant application with a whitelist on tenants authorized by Marshaljs
Assuming you want to use multi-tenant app to allow users from different company to sign in your application with their work account. Let's assume you create an Azure AD application in your tenant(tenantA).
Then in your app, you may set the TenantId as the tenant id so that even you created a multi-tenant app, you will only allow users in your tenant to sign in. And the sign in request may look like https://login.microsoftonline.com/{tenantA_tenant_id}/oauth2/v2.0/authorize?, with this link, you will be able to use account like user#tenantA.onmicrosoft.com to sign in, you can also use personal account which is invites to tenantA as a guest to sign in your account.
If you want users in tenantB to sign in your app with account like user#tenantB.onmicrosoft.com, then you must set the TenantId in your app as common which will make the auth request look like https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
Then when sign in the application created by tenantA with account in tenantB, you may see screenshot below. After consenting it, user#tenantB.onmicrosoft.com can sign in this application.
How to give access to my team mate on IBM Cloud account on the resources, Domain Registration Service and Internet Services resource?
The admin wants add privileges. But when he looks the list, can not find the Domain Registration and internet services. The users are already in the IBM Cloud account.
There are a couple of ways to accomplish that with IBM Cloud IAM (Identity and Access Management), including granting the permissions directly to the users in questions or creating an access group with the privileges first and adding the users to that group (best practice).
DNS Services has the listed roles including Administrator
Cloud Internet Services has a Manager service role
So your admin would
create an access group
add the privileges for DNS Services and CIS to it as policies
would need to make sure that privileges on the resource group to see the service instances are added
add the users to the access group.
Thereafter, you should have access.
We currently have an account with our company that we use to collect some information from the GA account of our customers.
This account is an #ourdomain account.
We intend to automate these queries by performing them via the GA API.
When creating an authentication key, an account is automatically created # query-domain-domains.iam.gserviceaccount.com.
I ask, is it possible to create an authentication key (JSON) for the account that is already readable in our client accounts, or will we have to ask the more than 1000 domains to add permission to our new user?
Thank you for any help.
Eduardo
To give permissions to a new user account you have to have permissions in the first place, so you cannot create a new service account that already has them.
However if your already have a user account with user management permissions you can use that to insert the service account programmatically via the Management API.
Is it possible to integrate Bluemix Public Accounts/User (means IBM IDs) in a LDAP of Company User Management?
Reason the ensure on-boarding and off-boarding can be done on a central place inside a company.
Is this topic related to a ibm market place integration possibility?
https://www.ibm.com/support/knowledgecenter/en/SSZPE3_9.1.1/Platform/LDAP/LDAP_AD_integration_features.html
This can be done with a federated ID.
This ID can be used to sign up for Bluemix only if your company has already worked with IBM to register. Registering a company's domain with IBM enables users to log in to IBM products and services by using their existing company user credentials. Authentication is then handled by your company's identity provider. When you log in to Bluemix with a federated ID, you are prompted to log in through your company's login page. For information about requesting to register your company or organization's domain with IBM, or for more information about the process, see IBMid Enterprise Federation Adoption Guide External link icon. An IBM sponsor, such as an offering advocate or client advocate, is required when you request to register federated IDs.
Link: https://console.bluemix.net/docs/admin/account.html
The integration between OIM and Microsoft Exchange is in place. Now we want to provision lync or skype for business to this user. What are the possible ways to do it? Also is it necessary to have O365 email id for every user whom we want to grant skype for business access?
My research says :
Create custom O365 connector and use Graph APIs to perform user life cycle operations like provisioning deprovisioning.
Use Exchange connector and create a process task that will call some API to create skype account.
The approach we choose to solve this problem is we created Skype Enabled user group in AD , and assigning the users to this AD group if they have skype enabled flag true in the user profile.
At Active directory end Admin guys are managing the provisioning of Skype for Business Account.