Linking Azure Active Directory doesn't allow granting of permissions to users

[DaveMiscampbell]

What App Center service does this affect? AppCenter portal

Describe the bug I have connected my AppCenter account to our Azure Active Directory instance, however, logging in with a user from that instance leads to a screen with no apps. There also appears to be no way to add users from that AAD instance to any of our apps or groups.

To Reproduce Steps to reproduce the behavior:

1. Go to Organization > Manage > Azure
2. Observe that our organization is linked to our Azure Active Directory Tenant
3. Go to any app > People
4. Try to add a user from the Azure Active Directory Tenant - this doesn't appear to be possible
5. Log in as a user from that Azure Active Directory Tenant - no apps are visible

Expected behavior Be able to add user's from Azure Active Directory to App Center and have them able to see apps when they log in.

Desktop (please complete the following information):

• OS: Windows
• Browser: Chrome

Additional context We had an account using our Azure AD Tenant using Hockey App which I have recently deleted. Happy to discuss all of this in more detail - but potentially not in a Github issue.

[maestersid]

Hi DaveMiscampbell,

Thanks for the feedback on this. Improving access control is an area we are looking at. We have put together a draft spec in our repo if you have not seen it. Better AAD support is one of the items on the list as part of that work. Would love your input.

[DaveMiscampbell]

@jwhiteDev Thanks - good to know you guys are looking into it. The document you've linked to looks good and makes sense - those are definitely all helpful features to have.

My main question remains - what's the point of adding my Azure Active Directory Tenant to my AppCenter subscription if I can't grant access to any of the users who are part of it? It doesn't seem to have any other function that I can see. Obviously understand this could be a work in progress but it feels like something isn't working as expected rather than the feature isn't implemented yet.

Thanks for your help!

[patniko]

@DaveMiscampbell you can add security groups to distribution groups within App Center so you can manage large sets of testers inside and outside of your org in one place. Like @jwhiteDev mentioned we'll be expanding on this as that was just the start. 😄

[bakerm00]

anyupdate on this - i've found the roadmap in the repo and Azure AD idP is still lacking. our Security team are having kittens due to GDPR and lack of true iDP configuration feature set and security audit logging

[ryanmendoza]

This would be a very useful feature to be added. I would also like to add that allowing Active Directory groups to be added to a Team would be just as useful.

[theoriginalmarc]

The ability to restrict access to AAD is required in our organization. No to mention @ryanmendoza recommendation of "Active Directory groups to be added to a Team would be just as useful". I'm afraid that till these are implemented, leveraging Visual Studio App Center is a non starter for us.

[Graimalkin]

Same boat as these other people.

Our organization wants tight linking of identity and AAD for applications, Microsoft App Center doesn't provide this.

• There is no way to add an AAD security groups to manage permissions.
• Adding an O365 group sends the email invite to the group - and the first person to accept gets invited in with their email. The rest of the people are out of luck.
• You can still email invites to non-domain users.

Please tighten up the AAD identity linking. Our dev's are crying for this tool, but it's not safe to release it to them.

[nachopv]

Hi @maestersid We TOTALLY support this feature too, and it seems vital to big corporate accounts mantainability and policy compliance

Are there any news regarding it? the issue has almost 2 years already

[ghost]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[retifrav]

(occurring some activity)

[ghost]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[retifrav]

(occurring some activity)

[yrjo]

hi guys, is there any plan to continue on work related to integration between AAD and appcenter? thx a lot

[nachopv]

Same question here. Any plans to support it?

[Panda-Sharp]

I just connect app center to our AAD, and I was looking into a way to add users from the organization, so I just found this issue out

Any update?

If I can add a personal feedback, would be really amazing if the appcenter would be integrated into Azure DevOps, will be much easier to manage everything in one place. thanks

[ghost]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[retifrav]

(occurring some activity)

[ghost]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[retifrav]

(occurring some activity)

[Panda-Sharp]

Any Update on this?

I have couple of extra feedbacks:

1. Would be nice to be able to add an Azure AD group to a Team not only to a distribution group
2. Would be nice to be able to add a Team to a distribution group

Thanks

[alatas]

April 8 is approaching, what is our 3rd year celebrations program for this feature request?

[Panda-Sharp]

April 8 is approaching, what is our 3rd year celebrations program for this feature request?

Look like there is no interest to add features to App Center :(

[rlasker-b2w]

I am particularly interested in this because now app invites must be accepted by the same email address that they are sent to. We have contractors with AD accounts but no mailboxes associated to them. Being able to directly add users from our linked AD would be the only solution as now we have to allow outside accounts access which makes managing them more cumbersome.

[ghost]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[retifrav]

(occurring some activity)

[ghost]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[retifrav]

(occurring some activity)

[andymillermz]

Also very interested in this - bumping up against a similar issue in setting up our AppCenter instance.

you can add security groups to distribution groups within App Center so you can manage large sets of testers inside and outside of your org in one place.

They said its for adding testers, but I'm not seeing any users actually in these groups actually given any permissions at all? The feature seems completely broken, unless I'm misunderstanding something.

[ghost]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[retifrav]

(occurring some activity)

[ghost]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[alatas]

(some activity)

[iferdowsi]

It's a bit strange that we can associate Azure Active Directory groups to App Center groups, but the users in those AAD groups don't actually get access to the app.

[Panda-Sharp]

It's a bit strange that we can associate Azure Active Directory groups to App Center groups, but the users in those AAD groups don't actually get access to the app.

It's even more strange that in 4 years we didn't get any update on this issue from Microsoft

[imanf]

@wisdeom can you provide an update on this issue?

[microsoft-github-policy-service[bot]]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[microsoft-github-policy-service[bot]]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[Panda-Sharp]

Activity

[microsoft-github-policy-service[bot]]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[microsoft-github-policy-service[bot]]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[Panda-Sharp]

Activity

[albinvass]

Any update on this?

[retifrav]

Yes, there is an update! App Center is getting killed next year. So this issue isn't going to be a problem anymore :)