When I am trying to sign in to an powerbi embedded application and while granting consent, then we get one of the following error. How can i fix this problem
Screenshot of problem
The root cause of the problem is User consent is disabled for the tenant.
To fix this issue we need to Enable user consent for the entire tenant (all users, all applications).
Follow these steps to enable user consent for tenant.
In the Azure portal, navigate to "Azure Active Directory" => "Users and groups" => "User settings".
Enable the "Users can consent to apps accessing company data on their behalf" setting and save the changes
An admin can grant permissions to the application - either for the entire tenant or a specific user.
References:
https://learn.microsoft.com/power-bi/developer/embedded/embedded-troubleshoot
Related
We are working on a Django app, in which we are using Gmail API's services (Restricted SCOPE).
As our app is still under construction so we didn't submit it for verification on the google cloud form. The app that we are trying to authenticate is used for internal development and we did not publish it to our users.
So we are facing "This app is not verified" screen and fortunately, we can log in after skipping this screen by clicking on the Advance option. We tried it with our personal and test accounts it works well.
But whenever our client trying to authenticate Gmail with the app he is facing this issue. "Sign in with Google temporarily disabled for this app".
We checked we did not reach the limit of 100 users accessing the application.
Is this because of the location issue? or our client is using some kind of Anti Virus or any other extra security checkup? What issue it can be? can someone please help?
"Sign in with Google temporarily disabled for this app".
Once you have reached this point you have used up your quota of users who can sign into your application. As you mention the limit is 100 users who have authenticated your application.
What counts as a user has been debated for a long time.
If a developer authenticates your app then revokes their access then authenticates again this in my experience is probably counted as two against your quota.
So its not really number of unique users, but number of users who have seen an consented to the consent screen.
As you have now reached this limit your only option is to
wait for verification
create a new project on developer console and start the verification process again but with a new 100 users
You should setup for Oauth consent screen.
You can setup Oauth consent screen for oauth authenticate through "navigation -> APIs&Services -> Oauth consent screen".
Then you need to fill in required informations below.
Your app logo (if applicable)
Your app name, which will be a dynamic link to give users your app's support email address
The data you are requesting, or scopes, which you will add in the next step
Links to your app's privacy policy and terms of service
After you fill in domain,links..etc properly, You can use oauth authentication on your app.
When i try to integrate power BI report in my app i have this error:
Error retrieving Access token
AADSTS650: The user or administrator has not consented to use the application with ID '45ea49-48eb-4c4-a4ca-97dd84f5d85' named 'PBI Emb APP'. Send an interactive authorization request for this user and resource.
Can someone explain the problem.
regards,
You must log into Azure portal, go to Azure Active Directory -> App registrations, select your app, click View API permissions, and then grant admin consent by clicking the button at the bottom:
If you don't have access to the portal, or the button is disabled, you must ask your admin to do it for you.
This happens because you are logging in in an unattended way. If it was an interactive login, you will get a prompt to consent, but when doing it the way you do now, there is no way for prompting you to give the consent or decline it.
When I logout the user in my application with Google IAP authentication by visiting the /_gcp_iap/clear_login_cookie the user is prompted to the Google account selection page, but if I open a new tab and visit my website, the user is still logged in.
Any chances I am missing something?
Clearing the cookie does not change the fact that the user is still logged into Google Accounts. When the user goes to your website again, opens a new tab, etc. the user is still authenticated with Google and therefore is still authenticated with Google IAP. When a user is authenticated with their Google Account, they are authenticated will all services that use that identity provider for authentication.
The solution is to logout the user from their Google Account, but this affects all sites/accounts and not just your site. This is a bit draconian for most users. Maybe a better choice is to not offer the ability to logout of your site since you do not control the authentication (login/logout) process.
Google has an issue tracker for this item:
https://issuetracker.google.com/issues/69698275
I set up a GitHub pages project site using my organization's Enterprise account. The page is supposed to be public, but it still requires LDAP authentication. Is there a way to have it be really public?
It sounds like your GitHub Enterprise is running in "Private Mode", from the admin UI:
Private mode only allows users with accounts to access any part of your installation. The sign-up page will be disabled, as will anonymous clones over git://.
To change this an admin user would need to navigate to:
your.enterprise.github.url/setup/settings
And uncheck the "Private Mode" checkbox.
I am tryng to get count of user profiles via UserProfileService web serivce (Sharepoint Server 2010), but for all users(except sharepoint system acount) returned
Operation Failure ---> Access Denied: Only an administrator may
retrieve a count of all users.
With sharepoint system acount (say 'domain\megauser') it is work as expected.
I try add other users to farm administrators group, site collection administrators group, but it did not help - same error.
Can I give even more rights for user(more than farm administrator)? Or UserProfileService require some special permissions?
You have to add the other users to the UserProfileService Application:
Go to the Central Application - Manage Service Applications
Click the User Profile Service Application (highlight it)
Open Service Application Tab and click Permissions
Add the users with the given permissions (i.e. Full Control)