How to login to Azure Stack Admin Portal with local account

Category: azure stack

Question

Brian Xin Li on Thu, 18 Jul 2019 20:02:58


Hi,

I am new to this and also don't have much AD knowledge so seeking help here.  Below is the step:

1.  During the ASDK installation, my AD global admin types in his credential so it's fully installed and verified successfully.

2. In the Identity Provider, we choose "Azure Cloud" and for AAD directory, enter my company's domain say  abc.com

3. We also registered the Azure Stack, with again my AD global admin types in the credential


4. I am a regular user of our domain abc.com

5.  I have the login info for both azurestack\AzureStackAdmin and azurestack\CloudAdmin and can rdp into the ASDK host.

6.  When I tried to access the admin portal via adminportal local azurestack nexternal (sorry I have to separate by space otherwise MS will not allow me to submit this question) it will only take email login instead of the local account in step 5).  If I login with my own email account, it will login but complaint "insufficient privilege" and cannot see/do much on the portal.

So my question is 1) can I login to AZ admin portal with local account 2) if not, looks like my AD account privilege needs to be elevated and if so, what type of roles/permissions my account needs to have in order to manage the admin portal?

thx,

Brian Li

Replies

TravisCragg_MSFT on Fri, 19 Jul 2019 05:46:00


1) Have you enabled multitenancy and appended the portal URL with your domain?

Brian Xin Li on Tue, 30 Jul 2019 03:51:35


Thank you TravisCragg_MSFT for the reply!  At least I know someone is watching my thread...

Well, my issue is not with the signin URL which is needed for different domain users to login to user portal.  But rather, domain account from which the ASDK is registered on.  

Answering my own questions, I have not found a way to login as local admin of ASDK (again, it takes email only, not username).  But I am able to have the global admin adding myself as the co-owner of ASDK by following link below:

https://social.msdn.microsoft.com/Forums/azure/en-US/7f3c2aed-7fb8-43f1-8302-71e263b74612/account-management-service-admintenant?forum=AzureStack

1. Create an new user account (co-administrator) in Azure AD; skip this step if you are using existing account.

2. Login into MAS portal with original Service Admin -> Browse -> Subscriptions -> Default Provider Subscription -> Access (small icon with 2 people) -> +Add -> Owner -> Add the new account.

TravisCragg_MSFT on Tue, 30 Jul 2019 21:24:46


I am glad you were able to resolve the issue, and thanks for following up with your solution!