I have a similar setup as described in the question I can't enable MFA for Oracle Identity Cloud Service user but a different problem: I cannot enable Multi-Factor Authentication for any user.
On the Oracle Cloud Infrastructure (OCI) console, I do see the "Enable Multi-Factor Authentication" in one of the accounts under Identity >> Users >> User Details. After following all the steps, including scanning the barcode and entering the verification code, when I click the verify button on OCI I get this error: "Multi-factor authentication can only be enabled by the user."
What does this mean? I thought I was the user! I've searched online for this error and looked at documentation, but see no clue.
MFA can only be enabled for Your Own Account.
Tenancy Administrators have no way to enable MFA for other users in OCI but Administrators can disable MFA for other users.
Your Own Account meaning the one which you used for login.
For ex: In below snapshot from OCI, I am trying to enable MFA for other user. I am the Administrator for this tenancy.
Related
I have an Azure VM and I want to configure MS Office applications like MS Outlook & MS Excel on it and also, chevron applications like Well Plan. To be able to do that I need a service account with MS Office license but I don't know how can I get a service account for an Azure VM. If anyone has any idea on how can I do this then please respond.
Thanks & Regards
You don’t require any service account to configure any application on azure VM.
Would suggest you to follow the below step to achieve your requirement in correct way.
Step 1 : You need to first enable AAD Login into your VM.
You can refer this MS Document to enable AAD login into your VM
ONCE configured, login with your AAD account in the VM
Step 2: Make Sure to give RBAC role (Virtual Machine Administrator Login or Virtual Machine User Login) as per your requirement for that user.
Then install office on your VM as the license is already assigned to your AAD account.
If not, you can refer this Document to assigned licences to User/Group.
I got MySql Server on Azure and is configured with Azure Directory Admin.
Example
MySql Servername: mysqlserver and
MySql AD Admin Account: admin#organistionname.com.au (this organisation domain account)
Can see above account from MySql Server under User Accounts.
I stood-up Azure Web App for phpMyadmin and configured to pointed to above MySql db.
When an logging into phpMyAdmin with above Active Directory Admin Account is getting validated against AD, but getting error
mysqli::real_connect(): (HY000/9013): An error occurred while validating the access token. Please acquire a new token and retry.
I need to get a Ad token which need to passed to MySql server.
How to achieve this in Azure Web App?
This documentation should help you: https://learn.microsoft.com/en-gb/azure/mysql/howto-configure-sign-in-azure-ad-authentication#connecting-to-azure-database-for-mysql-using-azure-ad.
You need to acquire an access token in your code for your user against the resource: https://ossrdbms-aad.database.windows.net or against the scope (if using v2): https://ossrdbms-aad.database.windows.net/.default.
Acquiring access tokens with AAD is a whole another topic and the exact way depends on your app.
This answer might help for that: https://stackoverflow.com/a/33512913/1658906
I have the same set up (except phpmyadmin running in a container in AKS).
I believe phpmyadmin can't connect to mysql with azure ad enabled (at least with an AD user/group) because the token (password) is required to be sent in cleartext, and phpmyadmin hashes it before sending it.
I think that's why I get the An error occurred while validating the access token. Please acquire a new token and retry. error.
That's also why in the docs, they set the --enable-cleartext-plugin flag on their example mysql cli commands.
Also in the docs, they state that it's only tested with myqsl cli and mysqladmin.
I'm currently planning on ditching phpmyadmin for azure bastion and a VM running mysqlworkbench for this reason.
From my workstation I can fire templated Dataflow jobs with the gcloud dataflow jobs command. The required authorization to insert a new job come from my workstation where I'm logged in.
On the Compute Engine instance I rely on it's service account. The one with (number)-compute#. Within the AIM section I enabled Dataflow/Dataflow Admin, Dataflow/Dataflow Developer and Dataflow/Dataflow Worker for this service account to be safe.
I even added Cloud Dataflow Service Agent when I came across that one.
Then I try to start a Dataflow from the command line but I get an error about insufficient authentication scopes: ERROR: (gcloud.dataflow.jobs.run) PERMISSION_DENIED: Request had insufficient authentication scopes.
If I do a gcloud config auth and login with my personal account, of course, it works.
Somehow I'm missing the proper permissions to set to the applied service account.
Is there a guideline I missed? Can somebody please point me into the right direction?
The error message indicates that the instance does not setup access scope properly. To launches a job from a GCE VM, the VM must have compute.read-only, compute, or cloud-platform scope for the project.
The way to verify it is using the command "gcloud compute instances describe --zone=[zone][instance]" and look for "scopes".
This document and this existing question may provide useful guidelines for you.
I'm trying to use the nodejs lib for Datastore from a Compute Engine machine. The code runs well when I run it with my user on the Compute Engine machine. But when I run it with sudo I get an error of Request had insufficient authentication scopes. Looking at the setting of the machine, I found that the service account of the machine does not have access to Datastore - but no option to enable access!
How do I grant the root user access to Datastore?
Set IAM permissions for service accounts in "Developer Console -> IAM & Admin -> IAM".
I am not able to get all mailboxes using this cmdlet "Get-Mailbox", instead it is returning only one mailbox details for the account which is used for authentication.
I have enabled windows authentication on Powershell in IIS for accessing exchange powershell using C# console application and authenticating it with administrator account.
If you are indeed typing "Get-Mailbox" and nothing else either:
A) You do not have the correct access rights to Exchange
or
B) You only have one mailbox in Exchange.