内部部署AD用户/组 - VSTS中的权限 [英] on-premise AD User/Groups - permissions in VSTS
问题描述
大家好,
有一个我无法准确描述的问题 - 但是让我们试一试。
我们正在与Azure AD同步我们的内部部署AD,并使用ADFS 3.0来实现我们的SSO体验。对于sharepoint,Exchange等,一切正常。
在每个VSTS项目中,我们尝试使用内部部署AD组管理权限 - 与Azure AD同步并在VSTS项目中设置。
如果我将用户分配给此AD组,触发同步(或等待它),我可以在VSTS项目权限中看到包含所有用户的用户组。
一切似乎都很好并准备好上班。但事实并非如此。通过本地AD组设置权限的用户无权访问项目 - 他们无法看到它们。
将用户直接分配给VSTS组后,将授予访问权限。但这不是应该的方式。
你有什么想法,我做错了什么?
先谢谢你。
Brgds,
Bastian
Hello Bastian,
根据我的理解我所经历的文件是,
尽管本地AD用户可以访问项目,但在与Azure AD组同步后,这些组由Azure维护,因此我们无法分配
团队服务权限直接分组。
您所遵循的流程是正确的,通过向团队服务组添加
Azure AD组并具有必要的权限来授予访问权限。
希望这有助于。
此致
Hi all,
there is a problem I cannot describe exactly - but let's give it a try.
We are syncronizing our on-premise AD with Azure AD and are using ADFS 3.0 for our SSO experience. Everything is working fine for sharepoint, Exchange, etc.
In every VSTS Project we try to manage permission with on-premise AD groups - synchronized to Azure AD and set in VSTS Projects.
If I assign a user to this AD group, trigger the synchronisation (or wait for it), I can see the user group with all users in it in VSTS Project permissions.
Everything seem to be fine and ready for work. But it isn't. Users who come permissions set via local AD groups do not have access to there projects - they cannot see them.
After assigning users directly to VSTS group, the access will be granted. But that is not the way as it should be.
Do you have any idea, what I am doing wrong?
Thank you in Advance.
Brgds,
Bastian
Hello Bastian,
As per my understanding from the documentation which I have gone through about this is,
Even though Local AD users have access to projects, after syncing with Azure AD group, these groups are maintained by Azure, so we can’t assign Team service permission directly to group.
The process which you have followed is correct to give access permission by adding Azure AD group to the Team Services group and that has the necessary permissions.
Hope this helps.
Regards,
这篇关于内部部署AD用户/组 - VSTS中的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
