We have recently installed TFS 2010. Our Active Directory users (i.e. my company's staff) can access it just fine.
However, we also have contractors working in the office who do not have an AD account. I am having difficulty trying to get the non-AD users to connect to TFS through Visual Studio. The contractors are on the same LAN but have no AD account, which we do to restrict access to other resources on the network.
I created local Windows user accounts on the server for the contractors. With the local account they can access the TFS web front end but still cannot connect through Visual Studio.
Is there any way to do this? Do the contractors need to have Remote Desktop access to the server itself?
You should definitely give your contractors AD accounts. If you want to restrict access to internal resources, you can use Organisational Units in AD, like
MyCompany
Employees
Contractors
And set access restrictions to your resources according to groups linked to the OUs.
Giving remote access to the server will just create another set of issues.
When you install a non Express version of TFS, you need an AD for authentication, you can't use properly the TFS server from a non AD account.
From this point you have two solutions:
Create AD account for contractors (one per company or one per user, your call).
Create a domain Trust between your domain and the contractor's one. See this documentation for more info.
I don't understand clearly the Remote Desktop part, explain please.
Related
We want to access our on premises TFS with VSTS CALs. We were trying it with the following information from https://marketplace.visualstudio.com.
We created a user in VSTS with Basic level permissions. It allowed us to create with the email ID of the user. Where as we can not login to the TFS Server with the email ID.
We didn't understand how the VSTS license integrates with our TFS on premises.
Please let us know how we can use VSTS CALs to access TFS Server.
Just as Edward said in the comment, you must first configure your VSTS account have the corresponding access and permission in TFS server.
For example, if you have a domain account company/Ram Datla / Ram Datla#company.com and the user have add in your local TFS server.
For TFS you pay per user for team members who need to use Basic
features like Code or Agile Planning. Team members who have a Visual
Studio subscription are free to add because Basic features are
included in their subscription as a benefit.
If you haven't paid for this Ram Datla#company.com account. You could also be able to access TFS server , however just as a stakeholders, which provides access to a limited set of features. It's also free to add stakeholders to TFS.
If you have paid for the Ram Datla#company.com account with Basic level, then you could also use this account to also have Basic level(who need to use Basic features like Code or Agile Planning) in your local TFS server. Thus you don't have to pay this user again.
Q: Why should I pay via VSTS for my TFS users?
A: You get many benefits, for example:
Paying via VSTS gives your users the flexibility to access both TFS and VSTS for the same price.
You can pay monthly for users who need temporary access.
You get all the purchasing capabilities that Azure offers, like payment via credit card, through a Cloud Solution Provider (CSP)
partner, through the Enterprise Agreement, and more.
Suggest you first go through below links with more detail explain of pricing:
Team Foundation Server Pricing
Buy access to Team Foundation Server
Also take a look at the different Authentication of TFS and VSTS.
I am getting error "No identities found" when inserting member to my team. I've verified the email address is correct. Why am I seeing this text? How can i fix this?
why cannot found?
You have to use an Active Directory account for on-premise TFS -- you can't provide a hotmail account.
According to your screenshot, you are working on VSTS, you could double confirm this-- sever url should like https://xxx.visualstudio.com.
And you want to login VSTS with an non Microsoft email, you should pay attention to below:
Sign up for Visual Studio Team Services with a work or school account
Control access to Visual Studio Team Services the same way you do with
Microsoft services like Office 365 and Azure. When you sign up with a
work or school account, your Visual Studio Team Services account is
connected to your organization's directory (tenant) in Azure Active
Directory (Azure AD). You can then use the same username and password
as other Microsoft services, like #fabrikam.com. Azure AD helps you
enforce policies around accessing your team's critical resources and
key assets.
More details, please refer link from MSDN: Sign up for Visual Studio Team Services: Git & Agile for DevOps, continuous integration, & continuous delivery
Finally, just follow the details steps in this tutorial to add users to a team project.
I have a virtual environment running on azure, and have installed and setup TFS correctly.
However I would like to know how I can give access to my project by using a hotmail account, or for example invite someone to the team which does not have a user in the active directory? I hope this is possible! :)
If you're using on-premise TFS hosted in Azure, you can't. User accounts are backed by AD/Windows security, plain and simple.
If you're using Team Services, you can use any email address you want and they can sign that email address up to be a Microsoft account, if it isn't already.
I'm a QA team member and responsible for granting access to developers, there is more than 100 developer and sometimes I forget revoke the access which was granted, it has dire consequences for me! I developed an application to remind me to revoke accesses, but still I'm facing the same problem because there is two other colleagues granting accesses
is there any option in TFS to grant accesses for a limited time?
thank you in advance
You should manage access to TFS via an Active Directory groups. It's easy to manage AD group membership via C# or even via PowerShell, and then all you need to do to revoke access is pull the user out of the AD groups.
I just signed up on TFS for a free account and now I want to invite a colleage in my company. I want to invite him using his company email instead of his microsoft email account. How can I do that? I tried to add him using his company account but when he gets an email for joining the TFS, the login page only allows to use Microsoft account.
According to your description with a free account(Microsoft Account).I'm wondering if you are using VSTS. TFS on-premises will use the domain account to login in TFS, not Microsoft Account.
If you want to login VSTS with your company account.
Sign up for Visual Studio Team Services with a work or school account
Control access to Visual Studio Team Services the same way you do with
Microsoft services like Office 365 and Azure. When you sign up with a
work or school account, your Visual Studio Team Services account is
connected to your organization's directory (tenant) in Azure Active
Directory (Azure AD). You can then use the same username and password
as other Microsoft services, like #fabrikam.com. Azure AD helps you
enforce policies around accessing your team's critical resources and
key assets.
More details, please refer link from MSDN: Sign up for Visual Studio Team Services: Git & Agile for DevOps, continuous integration, & continuous delivery