Forum / Password Vault Manager - Support

Can't add Azure AD guest users

I'm testing Password Vault manager with a Azure SQL Database as DataSource. I'm currently unable to add Azure AD Guest users to the tool. Is there any way to do that?

Here's the exception:
System.Data.SqlClient.SqlException (0x80131904): Principal '*******************' could not be found or this principal type is not supported.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName, Boolean async, Int32 timeout, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Devolutions.RemoteDesktopManager.Business.DataSources.DatabaseConnectionDataSource.ExecuteNonQuery(String sql, IDbConnection dbConnection, IDbDataParameter[] parameters, Int32 commandTimeout)
at Devolutions.RemoteDesktopManager.Business.DataSources.SQLServerSecuritySubDataSource.c0f1073165f8f02c085488db7a4527c40(String c18973cea236a9feff75c32ca7d1697d5, IDbConnection cc8ffdaea2e23db4129bef3df37e0e2f5, IDbTransaction c5a0ca8eaa594113c2f0b3cfe13dedff9)
at Devolutions.RemoteDesktopManager.Business.DataSources.SQLServerSecuritySubDataSource.cc9ef1b9149bf4e5c56322b29f013c3fd(UserEntity cf98b881282579a38f0d3820b4755fa4a, Boolean cd589fb599494638c495afc5cf9b2449e, String ceb81d1ee93f91e0bc57f34876c263863, SaveUserInfoAdvancedCustomData ca846991ced5070300e1c8ec384f436f9, Guid[] cf090f8a8f0907c3009c224a9172cab64)
ClientConnectionId:f42aa98b-9ae2-4ef6-94e4-6cd08d41be32
Error Number:33130,State:1,Class:16

Clock11 mths

Stefane is our expert with Azure and he is currently on vacation. I will ask him to check this with you when he gets back,

Regards

David Hervieux

signaturesignature

Clock11 mths

Hello,

Sorry to jump in, but as I understand you want to create an Azure AD user in PVM.

We have a few steps to follow for the configuration and I don't think that the steps are in the PVM documentation (I will verify and update the documentation).

Could you consult the following link to make sure that the basic configuration has been made in Azure
https://help.remotedesktopmanager.com/installation_configureazuread.htm

Best regards,



Jeff Dagenais

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock11 mths

I can create users that belongs directly to the directory, but users that have been created as Guests in the directory by means of Azure AD B2C cannot be added.

Clock11 mths

Hello Guido,


I'm having a hard time figuring out if Guests are allowed or not. My guess, with the error you are receiving, would be not allowed.

You could try to create the user manually. This would eliminate all of RDM's code and if it works would allow us to better understand what the underlying issue in RDM.

You can follow this link for detail steps: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure#create-contained-database-users-in-your-database-mapped-to-azure-ad-identities

Summary:
- Start SQL Server Management Studio (SSMS)
- Connect to you Azure SQL Database using your Azure AD account
- In a query window run : CREATE USER <GUEST_Azure_AD_principal_name> FROM EXTERNAL PROVIDER;

If this works then the issue is in RDM. If not, SQL Azure doesn't yet support Guest accounts. If this is truly the case then keep in mind that all things Azure changes very rapidly and it could be supported shortly. We try to keep up to date as much as possible with the available features. When/if it is supported we will make the required changes to RDM to support it.

Best regards,

Stefane Lavergne

signaturesignature

Clock11 mths

Just found this information have a look at the "Azure AD features and limitations" section

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication

Microsoft accounts (for example outlook.com, hotmail.com, live.com) or other guest accounts (for example gmail.com, yahoo.com) are not supported. If you can log in to https://login.live.com using the account and password, then you are using a Microsoft account, which is not supported for Azure AD authentication for Azure SQL Database or Azure SQL Data Warehouse.

Best regards,

Stefane Lavergne

signaturesignature

Clock11 mths