When it comes to software, user experience is paramount. One area that could benefit from improvement is the way we handle ‘My Access’ approvals.
When someone requests access, the recipient gets a detailed email with a neat table. This table clearly shows who requested what access and their reasons for doing so.
Room for Improvement
However, when it comes to approval notifications, the details are missing. The recipient only knows that the access was approved but doesn’t see who approved it or why. To find this information, they have to click a link and navigate through the history to locate the specific approval.
It would significantly enhance the user experience if the approval email could directly provide these details, similar to the access request email. This change would offer users a consistent experience, reduce the number of steps to find information, and increase overall efficiency.
Currently to add users to roles in Tina CMS there is a multi-step process. First users must be added to Azure AD and added to the enterprise App in AD as users. Then they need to be manually invited in Tina CMS and thirdly added to a role in the particular project. This is a time-consuming manual process and could easily be resolved. This would be really painful in large organizations.
Setting up System for Cross-domain Identity Management (SCIM) for Tina CMS would provide a range of benefits for organizations looking to manage their user identities and access across multiple systems. With SCIM, organizations can easily provision and deprovision users in Tina CMS and manage their access rights.
One of the key benefits of using SCIM with Tina CMS is increased efficiency and reduced errors. With SCIM, user accounts can be created or updated in real-time across multiple systems, ensuring that access rights are always up-to-date and accurate. This eliminates the need for manual updates and reduces the risk of errors, saving time and resources for IT teams.
Enabling SCIM for Tina CMS is improved security and compliance. SCIM provides a standardized way to manage user identities and access, which can help organizations meet security and compliance requirements more easily. By ensuring that access rights are properly managed and maintained, organizations can reduce the risk of data breaches and unauthorized access to sensitive information.
Your Azure credentials have not been set up or have expired,
1955 | please run Connect-AzAccount to set up your Azure credentials.
1956 | ClientAssertionCredential authentication failed: A
1957 | configuration issue is preventing authentication - check the
1958 | error message from the server for details. You can modify the
1959 | configuration in the application registration portal. See
1960 | https://aka.ms/msal-net-invalid-client for details. Original
1961 | exception: AADSTS700024: Client assertion is not within its
1962 | valid time range. Current time: 2022-10-20T07:47:12.7446078Z,
1963 | assertion valid from 2022-10-20T07:37:08.0000000Z, expiry time
1964 | of assertion 2022-10-20T07:42:08.0000000Z. Review the
1965 | documentation at
❌ Bad example – Error on deployment – assertion valid from 2022-10-20 07:37 to 2022-10-20 07:42 🔥(5 minutes)
Being able to sign in using Azure to almost everything has been around for a few years now. Why is this still not available to use in 1Password? This means that staff just require a single password to login to almost all the services that they use. They can make that a nice long password or even be password-less and sign into everything.
If SSO with Azure was enabled then we would also be able to use Conditional Access Policies. We already have Conditional Access policies that not only check where a user is signing in from (which can also be done in 1Password) but we are also able to restrict which devices can login and for users of Azure AD Premium P2 we can use Microsoft’s AI and stop ‘Risky Users’ from signing into our 1Password. This would also allow us to use our existing MFA solution (instead of needing a new one for 1Password).
1Password has decided to use a solution to sort passwords using free text tags. This works well in small teams but in large teams this won’t work. Can you imagine how many possible spellings there are for Service-Account? The only other solution is to have multiple vaults, but that isn’t ideal either as then we would need a vault for SysAdmin-SVC-Accounts, Designer-SVC-Accounts and Dev-SVC-Accounts. This presents problems because then we would need to set permissions on each of those. There is also a possibility that we might need to put the same login in more than 1 of those vaults. This would not be a problem if we had folders and subfolders.
It would even work better if Tags could be specified by Admin users and passwords could be set to require at least 1 tag. But as it stands, if we want our users to add and update details then they are able to create free text tags or even worse not put a tag at all.
See the below text from our document on how to set up the security ourselves
Whenever you create a Site Collection, two O365 groups get created (xxx-Owners and xxx-Members). For retro-compatibility, these O365 groups are automatically added to the SharePoint groups at creation time.
(Note for SharePoint gurus: O365-xxx-Members is mapped to SharePoint-xxx-members, but O365-xxx-Owners is mapped to… Site Collection Administrators! Crazy.)
SharePoint membership grants access to SharePoint resources, while access to Teams features (Channels, tabs, apps) is controlled directly via O365 groups.
The problem with this model is we cannot add AD (Active Directory) groups (or even O365 groups) within O365 groups (no nesting allowed). So, if we want to give access to two different sites to the same people (say SSWDevelopers), we must add ALL MEMBERS manually on EACH generated O365 group. That is ridiculous, and hard to maintain long term.
See the below screenshot – this is the default on the lists app. It shows all lists that I have permissions for and have added as a favourite list. Although it says ‘Home’ it shows not only lists in the ‘Home’ site but also any other lists that I have access to. These lists are not in the ‘Home’ site but are in other sites.
If I don’t know what the name of the list is that I am looking for how do I find it?
It would be better if I could see the hub-site navigation from the normal SharePoint site. That way I could just navigate to the SysAdmins site and see the lists in that site, or the Designers and see those lists. That would give more context.
In Teams when in video chat with only 1 other person and click Share Content | (there is no Whiteboard app)
When I add someone else to the call I can see the whiteboard app.
This is weird and wastes a lot of time debugging why this feature comes and goes. The button should always be there and if Microsoft don’t want to enable it for 2 people for some reason pop a message that says “Whiteboard is for 3 or more users”.