Prompts for local user and not the server

I am attempting to create a portal for Deploying ARM templates and I need to be able to have the Connect-AzAccount Prompt for tenant login display on the users’ machine who is visiting the deployment page. I am not sure how to make that happen since code is executed from the server the Dashboard is being hosted by.

Hi @noahpeltier,

You’re talking about the MFA window when you’re connecting to Azure?
image

Yes exactly. I need that to come up on the client side

Hi again @noahpeltier,

I think that might be quite hard to archieve.
Are we talking Partner-Access or single-tenant access?

Well the way I’ve been deploying servers and other assets to a customers tenant is using the Connect-AzAccount command and then running my scripts to deploy everything We need. What I want to do is have a portal we can host on a server that will deploy a base stack to a clients tenant, so we’d need to login to their tenant, and then we can deploy from the UD page.

Hi again @noahpeltier,

Easy way to go:
oAuth v.2 auth on your dashboard, with the -savetoken param.
This will give you a token which (if configured correctly) should provide access to your customers. You might have to reauth the user using the partnercenter module or directly to the graph module.

Haven’t actually done this myself yet, it’s on the backburner for now :open_mouth:
Casually summoning @mylabonline to hopefully provide some tips & tricks!

Hey Guys @noahpeltier, @BoSen29

If you want to use the UD Login OpenID you will be limited to the tenant you specify within the Authentication Method. you cannot create a dynamic tenant variable (I tried) as when the auth methods load (start-uddashboard) the vars don’t exist so login provider will fail allowing bypass for authentication.

What we do - we have a lot of “dashboards” and portals, CSP, Office 365, Azure, AWS… so many accounts supporting customers. so we are currently rolling out Azure Lighthouse to support our customers. I won’t dig deep into what Lighthouse is, but just note that your account in your MSP Tenant will have access to the customers’ Azure Subscriptions configured for delegation. and no need to switch your context/tenant to gain access

So with that - If I now log in to UD using my MSP Tenant credentials I can now pull Azure data via REST or PowerShell using the access_token provided by UD using the -SaveToken param.

Only a few sentences for a very complex scenario but let me know if I can help provide any guidance.

1 Like