This is a very common question that I have. Also this is quite easy for “us” using VSTS for the last 5 years, because VSTS is so spread out, that some people do no know how to add new users into VSTS.
(to see how to create a Microsoft Account, ex-LiveID, see after)
CONTEXT : Without voluntarily enter into details, let’s start by saying that
- VSTS can use your AD (Active Directory) Account, provided you add an ADFS or use your AAD (Azure Active Directory)
- VSTS can use your Office 365 Corporate Accounts (indeed, it is Azure Active Directory behind the scene)
- VSTS can use a Microsoft Account (formally known as liveID, such as @outlook.com, @outlook.fr, @live.com, @live.fr, …)
The first 2 choices are THE recommended solution in terms of security (where you could also add multi-factor authentication to further improve security). Besides, when the user leaves the company, he automatically looses its access to ALL corporates accounts, including VSTS.
The third option is however used as a “hack” to provide quickly access to VSTS without having the pain to go thought the IT department connecting VSTS to the AAD.
Origin of numerous confusions : when mixing the two !!
If you have a Corporate Account say FName.LastName@Viseo.com, you were able to “convert” it into a Microsoft Account (not possible now for many reasons). But now, when you Log In, you have 2 choices !! (as per today, we have 2 portals : new one as default, and a button to switch to the former one. See next).
HOW TO CREATE A Microsoft Account (former LiveID) ?
Here’s an easy way (out of many) :
- Go to any Microsoft portal using MS Account, for instance https://outlook.com or https://onedrive.com …
- Since you don’t yet have a MS Account, you cannot Sign In, so just click “Sign up for free”
- Then “Create a Microsoft Account
- It’s where you have 2 solutions :
- either invent an email address that respects the policies
For instance, also in the past that was possible, you CANNOT choose your company one based on your AD ou Azure AD) - or click “Get a new email address” (recommended most of the time)
AS PER TODAY, we have 2 portals
Switching back to the previous portal using the link at the bottom right
APPENDICES and ADVANCED and LINKS !
Nowadays, Microsoft offers an easy way to Log in. However to try to understand what’s behind the scene, and for the sake of the illustration, let’s force it back to the former portal (so I can document this before it goes away for a simplified version). The former VSTS login portal accepts both MS Account and Corp Account :
When trying to Log in via Visual Studio 2017, we have this popup : 
Then VS2017 detects the Login has 2 types : MS Account and Corporate Account. So he asks the question
Choose the one that corresponds to you, then enter the corresponding password (ideally, best not to us the same password for the 2 accounts. Because, in one gets hacked – most likely the MS Account as opposed to Corporate Account with MFA)
(notice the button on the Top to switch back to the new portal)
We have MANY CASES
When you use your Corporate Account that is NOT connected to VSTS (i.e. not connected to Azure AD), for example FName.LastName@Total.com, then, when we start entering the Login FName.LastName@Total.com, the portal will check 2 seconds what type of login it is. When we enter the password
| Microsoft Account (ex Personal LiveID) | Corporate Account (eg. Azure AD, O365) |
https://login.microsoftonline.com/
|
LINKS from Microsoft
- Read about cleaning up the Azure AD and Microsoft account overlap
- Learn about connecting your VSTS account to an Azure AD tenant
- Learn about the impact to your VS subscriptions when you connect to AAD
- Learn how to bring guest users, either MSA sign-ins or members of external Azure AD tenants, into your Azure AD tenant
- Provide your users guidance on how to rename their personal accounts
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.