Hi Admin, watching your video after 3 years of upload and it still is the best video. Once you have given consent in the first step (As an admin) why do you have to give consent each and everytime you access a different API? May be my question is basic. But please answer.
He has covered this in next videos. It is because MS follows incremental access. If you query different API then you should have different permission that has rights to access that API data. It helps to put more granular control over your data.
Hi, I'm trying to use Azure AD for authentication (SSO) but for the authorization I want to manage it using my local database. Is it possible to do that? Please suggest..
You want to manage Azure AD from your local database. I am not sure what you mean by local database. But to put it simple, you can have your own custom application created, which can make calls to Microsoft Graph, in order to create update or remove objects.
@@ConceptsWork Hi, No I'm not wanting to manage Azure AD from the local database. I want to use Azure AD for SSO authentication. But for Authorization I want to use the local database because the product owner want it that way. He don't want to use Azure AD for the authorization. Once a user is authenticated using Azure AD, we want to use the table (UserRoles) for the authorization. It's a long pending issue at my side. One of my friend told me that his senior did by attaching claims to the JWT token according to the values stored in local database. P.S.: Seems, I didn't get the notification for your reply. Just noticed message now while using app.
Yes Nirmal, it is possible. You have to follow claim caching process, where some custom claims can be requested by Azure AD identity provider for the token that you are requesting. Once you have received the token save the respective claims in your database and on top of that, you can develop an authorization layer on your application. If you want to know, how custom claims are used, check this-ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-4wmKLAPvU6c.html
I added users to my organization in azure devops but in get organization users In Graph explorer am only getting one with my same logged in email id only please help me out how can I get all users I added in azure devops in my organization project
@@ConceptsWork docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http This is link which saying regarding permission and consents how can I do that not getting all confusing to me