Appcenter: Linking Azure Active Directory doesn't allow granting of permissions to users

Created on 8 Apr 2019  路  10Comments  路  Source: microsoft/appcenter

What App Center service does this affect?
AppCenter portal

Describe the bug
I have connected my AppCenter account to our Azure Active Directory instance, however, logging in with a user from that instance leads to a screen with no apps. There also appears to be no way to add users from that AAD instance to any of our apps or groups.

To Reproduce
Steps to reproduce the behavior:

  1. Go to Organization > Manage > Azure
  2. Observe that our organization is linked to our Azure Active Directory Tenant
  3. Go to any app > People
  4. Try to add a user from the Azure Active Directory Tenant - this doesn't appear to be possible
  5. Log in as a user from that Azure Active Directory Tenant - no apps are visible

Expected behavior
Be able to add user's from Azure Active Directory to App Center and have them able to see apps when they log in.

Desktop (please complete the following information):

  • OS: Windows
  • Browser: Chrome

Additional context
We had an account using our Azure AD Tenant using Hockey App which I have recently deleted. Happy to discuss all of this in more detail - but potentially not in a Github issue.

account feature request
Source
picture DaveMiscampbell
👍8

Most helpful comment

Same boat as these other people.

Our organization wants tight linking of identity and AAD for applications, Microsoft App Center doesn't provide this.

  • There is no way to add an AAD security groups to manage permissions.
  • Adding an O365 group sends the email invite to the group - and the first person to accept gets invited in with their email. The rest of the people are out of luck.
  • You can still email invites to non-domain users.

Please tighten up the AAD identity linking. Our dev's are crying for this tool, but it's not safe to release it to them.

picture Graimalkin on 15 Dec 2020
👍2

All 10 comments

Hi DaveMiscampbell,

Thanks for the feedback on this. Improving access control is an area we are looking at. We have put together a draft spec in our repo if you have not seen it. Better AAD support is one of the items on the list as part of that work. Would love your input.

maestersid picture maestersid on 8 Apr 2019

@jwhiteDev Thanks - good to know you guys are looking into it. The document you've linked to looks good and makes sense - those are definitely all helpful features to have.

My main question remains - what's the point of adding my Azure Active Directory Tenant to my AppCenter subscription if I can't grant access to any of the users who are part of it? It doesn't seem to have any other function that I can see. Obviously understand this could be a work in progress but it feels like something isn't working as expected rather than the feature isn't implemented yet.

Thanks for your help!

DaveMiscampbell picture DaveMiscampbell on 8 Apr 2019
👍1

@DaveMiscampbell you can add security groups to distribution groups within App Center so you can manage large sets of testers inside and outside of your org in one place. Like @jwhiteDev mentioned we'll be expanding on this as that was just the start. 馃槃

patniko picture patniko on 9 Apr 2019

anyupdate on this - i've found the roadmap in the repo and Azure AD idP is still lacking.
our Security team are having kittens due to GDPR and lack of true iDP configuration feature set and security audit logging

bakerm00 picture bakerm00 on 10 Dec 2019

This would be a very useful feature to be added. I would also like to add that allowing Active Directory groups to be added to a Team would be just as useful.

ryanmendoza picture ryanmendoza on 24 Feb 2020
👍1

The ability to restrict access to AAD is required in our organization. No to mention @ryanmendoza recommendation of "Active Directory groups to be added to a Team would be just as useful".
I'm afraid that till these are implemented, leveraging Visual Studio App Center is a non starter for us.

theoriginalmarc picture theoriginalmarc on 29 May 2020

Same boat as these other people.

Our organization wants tight linking of identity and AAD for applications, Microsoft App Center doesn't provide this.

  • There is no way to add an AAD security groups to manage permissions.
  • Adding an O365 group sends the email invite to the group - and the first person to accept gets invited in with their email. The rest of the people are out of luck.
  • You can still email invites to non-domain users.

Please tighten up the AAD identity linking. Our dev's are crying for this tool, but it's not safe to release it to them.

Graimalkin picture Graimalkin on 15 Dec 2020
👍2

Hi @maestersid
We TOTALLY support this feature too, and it seems vital to big corporate accounts mantainability and policy compliance

Are there any news regarding it? the issue has almost 2 years already

nachopv picture nachopv on 4 Feb 2021

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

msftbot[bot] picture msftbot[bot] on 6 Jul 2021

(occurring some activity)

retifrav picture retifrav on 6 Jul 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kuyazee picture kuyazee  路  3Comments
KSemenenko picture KSemenenko  路  3Comments
vonovak picture vonovak  路  3Comments
master-lincoln picture master-lincoln  路  3Comments
egorikftp picture egorikftp  路  3Comments