We use Bitbucket for our source code repository. One of our colleagues has unfortunately lost their 2FA device and has also lost their recovery keys. Because Bitbucket is self administered this means that they can no longer log into that account.
This is a work account, so there is no personal repositories. All repositories are accessed via invitations to company work spaces. So I'm wondering would it be possible to somehow delete the account and then recreate it (with the email) and then invite the new account into the relevant work spaces?
So the questions are:
Is this possible?
If possible, what are the downsides of this approach?
Related
I want to develop and publish a bot for Teams, to interface with my SaaS (I already have a Slackbot that I'm porting). I'm creating a Bot Channel Registration as per this guide and came across the choice of whether to auto-generate a new App Id and password, or manually registering one (described here). I already have an Azure AD app for my SaaS that is published to the AppSource marketplace (the integration currently mainly allows logging in with your M365 account and syncing users from AD). Is it possible, and would it make sense to use the same App ID for the bot I'm developing for the same SaaS? Or is it somehow not advisable? And relatedly, can I expand my existing listing on AppSource to also contain the new bot, or should this be a separate listing?
I noticed in the documentation for manual registration of a bot, that it says that bots only work with "Accounts in any organizational directory and personal Microsoft accounts (e.g. Xbox, Outlook.com)" - my existing app only works with organization accounts, not personal accounts (since it's a B2B app) - does that change things?
Perhaps consider the question the other way - is there any good reason TO re-use the app ? It's very easy and basically free to create an additional app, and that way you don't run the risk of possibly ending up with settings needed for one scenario that conflict with another scenario's requirements, now or in the future. Here are some other possible considerations though:
new apps require Publisher verification, since 9 Nov 2020. This won't affect you for an internal app, which can be consented to by a global admin.
If you need the user (or admin) consent for some set of privileges (e.g. delegated Graph access), then using the same app might make sense. An example, in a Teams context, might be a bot and a tab that both need to access something from the Graph on the user's behalf. You could get consent in one context, and use it to access the resources from both contexts.
In a nutshell, and especially without a really really good idea of both of your current and planned use cases, it's hard to give a really solid 'yes' or 'no'. My gut says go with a separate app for a separate, unrelated scenario though.
Reusing the same appid against any other B2B won't create any problem. Being said that you can't use the above app if you're planning to implement/use BOT framework with it, as it's registered for organization only.
If you plan to create BOT related app registration then i would
suggest you to create new app registration with Organization +
personal for you scenario.
Please see the documentation and it's disclaimer:
In the above document it's pretty clear if you create any other app registration (other than Organization + personal), then the BOT will be unusable.
How could I easily change the match configuration so it continues working with a new user?
We had a person who was account owner whose account was used to perform the build via FastLane. Since Apple introduced the new 2-factor authentication which is mandatory for the account owners we had to either authorize computer via 2fa occasionally or use some other account which is not of account owner role. We want to change the user to the specialized account only for fastlane builds. I have a feeling I will need to nuke everything and start from scratch but I would rather get some input before doing that.
I already created accounts needed for apple developer portal and for iTunesconnect. I changed fastfile, matchfile, deliverfile and .env but it always pulls the old user somehow.
We are using the git for storing credentials but as far as I know I should not have to touch anything there since it's only used for sync.
I tried using
fastlane match development
And it verifies on the portal but then it installs old users certificate.
I am building an iOS app that is going to be used internally within my company. An administrator wants to be able to give certain employees logins to use the app across multiple devices.
For example, Administrator will assign Employee A and Employee B their own username and password. The app will be installed on Device X, Y, and Z. Employees A and B need to be able to login to any device (say, Device X), do stuff in the app and save their changes, and then login to another device (say, Device Z) and see their changes. Administrator would like to be able to manage the logins within the app (i.e. after entering an administrator password).
I have looked into iCloud Keychain to store the username/password pairs but it sounds like Keychain is meant to only be used with one Apple ID (which I assume all company devices would be attached to one Apple ID so maybe Keychain could work).
In summary, my questions are:
Where can I securely store user login information (if not on Keychain)? Do I need my own server or are there services within the Apple API that would help accomplish this?
How can I utilize the logins from any device with my app?
Are there any APIs or Wrappers that would simplify this process? I found Locksmith but I'm not sure if it will work for what I need.
I appreciate any suggestions!
You will need a back-end server. However, if you are looking for a simpler solution, I would recommend AWS Mobile Hub:
https://aws.amazon.com/mobile/
They provide Authentication and NoSQL services without having to setup your own servers. All in all, it's a pretty comprehensive offering.
I have an app on store and all client are used it. Sometimes some client needs additional feature that isn't wanted by others so in that case I make AdHoc build for that particular client, but it is not proper solution.
I think on Enterprise solution but apple not allowed to distribute outside the organization in it and I have all users are clients.
If your app has a user login, download a user specific configfile directly after login and check in code for feature availability by looking into it. Large companies like Spotify and also startups do it this way to test new features without releasing them to all.
I have a developer account and I'm developing an app for someone. I want him to be able to change datas in CloudKit so I want to use his iCloud account(He doesn't have a developer account, just personal account). However, i don't know how to differentiate my developer account and his iCloud account.
Thank You
I believe CloudKit's notion of public and private databases may achieve what you need to do. As a reference, I am referring to slide 45 in Apple's WWDC presentation on cloudkit (http://devstreaming.apple.com/videos/wwdc/2014/208xx42tf0hw3vv/208/208_introducing_cloudkit.pdf)
Considering that each app has a container, and that container includes 1 public database (that all users of the app can access) plus a multitude of private databases (one per user), if the data you're storing isn't private, then consider storing it in the public database. You can modify it as needed during development by being logged into your iCloud account, and your client can modify it as well by being logged into his iCloud account. (Apple docs say the public database is stored in the App developer's iCloud space)
If you store the data in the private database, however, it will be written to an instance of the private database belonging to the currently signed-in user. So anything you write would go into a private database instance (which Apple docs says resides in each user's personal iCloud space) and anything he writes would go into his private database instance. Until recently, that was the end of the story. However, now, cloudKit supports CKShare which, in a nutshell, allows a user to grant access to specific shared items inside their private db. So you could still write the data to a private DB but allow access via a CKshare.
Finally, there's another option, but I don't recommend it. In the device settings, you can log out of iCloud and log back in as another user. In which, you're still developing on your device, but you're logged into iCloud as your client. This has many drawbacks, though. First and foremost, credential sharing is always a bad security practice. But, probably a more immediate consequence will be your device will no longer be sharing with/backing up to your iCloud account, but instead with the client's.
It's hard to give more specific advice without better understanding the scenarios you're implementing.
** update based on OP's comment **
I see now. Using the development cloudkit dashboard probably isn't going to work. AFAIK, you must log in with a development account, not just an iCloud account, to use the cloudkit dashboard. So your client won't be able to get in at all, anyway. You could add your client's email address as a member of your development team, which will let them log into your cloudkit dashboard; however, that also gives them access into portions of your iTunesConnect as well. And, it really won't scale to support additional users of your app.