Prevent tenant sign up from Service Management Portal

Question

Is there a way to remove the "Sign up" link from the WAP tenant login page to prevent tenant's from subscribing straight to public plans?

Answer 1

Have you thought about just using your own STS? Discard the "example" one that comes with WAP? If you are trying to integrate to some external billing system or use something else for signup, that collects more information (maybe billing info such as a credit card or other stuff) it would be way easier to just supply your own WS-Trust STS, that uses the external system's users credentials and not need to have a "double" signup process.

If you need some example code I would be glad to share. Same thing goes for anyone else. If there is some interest I will set up a site where we can communicate.

Answer 2

Short answer is no you can't. Better answer is to not allow public plans. ;)

As @Dave said though, you might be better off creating a custom STS to allow for proper tracking and auditing. Another option is to just use ADFS with a custom claims authorization rule that specifies only users of a given group (or whatever) can log in.

@Dave, why not stick it up on Github?

---

Developer Security MVP | www.syfuhs.net

Answer 3

@Steve: I don't have any public plans and still the "registration process" is open. I would like to subscribe tenants manually to different plans so I would create the user accounts also myself. That's why the sign up form is useless.

Answer 4

This is the design here:

"Anyone" can sign up to your cloud portal, but "no one" can subscribe unless you make a plan public, or add them manually.

The first registration will only create an account in the WAP database. Once a subscription is added, you are actually getting a tenant through SPF->VMM.

Remember that the design of WAP is to deliver cloud computing, IaaS, PaaS and more goodies inherited from Windows Azure itself. 

If you wan't to remove certain options and features, you must modify the WAP itself. 

So to summarize as Steve said, don't make any plans public, keep them private so that you can control who get the access to your internal/private plans.

---

Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )

Answer 5

Just add some complex invitation code (from the admin portal) to prevent users from signing up to a public plan.

Marc van Eijk 

Answer 6

You have 2 options:

1. Configure tenant portal with custom STS like ADFS or your own auth site. this way you control that signup option should be displayed or not.

2. In admin portal, go to user accounts -> configure and select "Disable" for "Tenant self-service subscription management". This will not prevent tenant from signup but surely prevent them from signing up for any plans even if you have public plans. that way you have full control who can subscribe and who cannot.

---

Manish Tandon

Answer 7

If Single Sign on using ADFS is not suitable, you could remove the Signup button from the login/signup screen

You can find the html page at the tenant portal:

C:\inetpub\MgmtSvc-AuthSite\Views\Login\Index.cshtml

Look for this text:

<li><a href="#" class="kt-signup-button">@TenantPortalControllerResources.SignUp</a></li>

Best regards, Hans Vredevoort

Hyper-V MVP
@hvredevoort

---

Principal Consultant and Hyper-V MVP at www.inovativ.nl

Answer 8

Updating existing files is not supported scenario. Any such updates will be lost post next update of WAP.

---

Manish Tandon