Azure Active Directory

the azure active directory connector enables streamlined user account management and automation of identity related tasks within the azure ecosystem azure active directory (azure ad) is microsoft's cloud based identity and access management service, which helps employees sign in and access resources this connector enables swimlane turbine users to manage user accounts and automate identity related workflows directly within the platform by integrating with azure ad, users can create, delete, retrieve, list, and update user accounts, streamlining identity management and enhancing security automation within their organizations prerequisites to utilize the azure active directory connector with swimlane turbine, ensure you have the following oauth 2 0 client credentials for authentication with these parameters url the endpoint url for azure ad services client id the application (client) id registered in azure ad client secret the application secret that was generated for the app registration in azure ad token url the url to retrieve the oauth2 token from azure ad scope the scope of the access request, which might include one or more permissions asset setup client credential flow authentication authentication uses azure application oauth2 you will need an admin account in azure to create the application recommended application permissions (feel free use custom permissions if you only use certain actions) user readwrite all directory readwrite all directory accessasuser all user readbasic all directory read all user manageidentities all user enabledisableaccount all user enabledisableaccount all in order to set up the asset, you need the following azure application client id azure application client secret azure tenant id steps to create the azure app go to the app registration page https //portal azure com/#blade/microsoft aad registeredapps/applicationslistblade in the azure portal click new registration enter a name for your new application and choose accounts in this organizational directory only , then click register at the bottom navigate to the api permissions tab on the left navigation menu select add a permission select microsoft graph select application permissions , then mark all the permissions you need for the actions you are using (see suggested permissions at the top of the asset setup section) click the add permissions button at the bottom of the page select grant admin consent for your organization, then your permissions should look as below navigate to the certificates & secrets tab and select new client secret fill out the description and expiration, then click the add button at the bottom the value of the secret you just created is the client secret needed for the swimlane asset navigate to the overview tab on the left menu the client id and tenant id needed in the asset are shown on this page the client id , tenant id , and client secret described in the steps above are the credentials you need for the asset notes for more information refer to api documentation api document https //learn microsoft com/en us/graph/api/resources/user?view=graph rest 1 0query parameters documentation odata v4 https //docs microsoft com/en us/graph/query parameters for more information about the use of consistencylevel and $count, see advanced query capabilities on directory objects https //learn microsoft com/en us/graph/aad advanced queries?tabs=http configurations oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url must start with https //login microsoftonline com/ https //login microsoftonline com/ and then continue with the tenant id, and then be prepended with /oauth2/v2 0/token string required client id the client id string required client secret the client secret string required scope list of permission scopes for this action array required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create user creates a new user object in azure active directory, including all necessary attributes endpoint url /v1 0/users method post input argument name type required description accountenabled boolean optional parameter for create user displayname string optional name of the resource onpremisesimmutableid string optional unique identifier mailnickname string optional name of the resource userprincipalname string optional name of the resource passwordprofile object optional parameter for create user forcechangepasswordnextsignin boolean optional parameter for create user forcechangepasswordnextsigninwithmfa boolean optional parameter for create user password string optional parameter for create user output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "fri, 18 aug 2023 11 21 47 gmt", "content type" "text/html; charset=utf 8", "content length" "16586", "connection" "keep alive", "cache control" "public, stale while revalidate=900, max age=900", "content encoding" "gzip", "expires" "fri, 18 aug 2023 11 13 00 gmt", "last modified" "fri, 18 aug 2023 10 55 00 gmt", "etag" "\\"q5cbyw9tosws\\"", "vary" "accept encoding, host", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x ms version" "12 43 2 1 (v12 42 0 1#6c4023fb99 230803 0127) signed", "strict transport security" "max age=31536000; includesubdomains", "nel" "{\\"report to\\" \\"network errors\\",\\"max age\\" 86400,\\"success fraction\\" 0 001,\\"failure " }, "reason" "ok", "response text" "" } ] delete user removes a user from azure active directory using their unique identifier (id) requires the user's id as a path parameter endpoint url /v1 0/users/{{id}} method delete input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "wed, 23 aug 2023 14 02 55 gmt", "content type" "text/html; charset=utf 8", "content length" "999", "connection" "keep alive", "cache control" "private", "content encoding" "gzip", "vary" "accept encoding", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x ms version" "12 43 4 1 (v12 42 0 1#162d343f82 230814 2250) signed", "strict transport security" "max age=31536000; includesubdomains", "x ua compatible" "ie=edge", "x frame options" "sameorigin", "x azure ref" "20230823t140255z bg05mztcd56310tsaceruzncb400000003h0000000002692", "x cache" "config nocache" }, "reason" "ok", "response text" "" } ] get user retrieves detailed properties and relationships of a user in azure active directory using their unique id endpoint url /v1 0/users/{{id}} method get input argument name type required description id string required unique identifier $select string optional filters properties (columns) output parameter type description status code number http status code of the response reason string response reason phrase response text object output field response text businessphones array output field businessphones displayname string name of the resource givenname string name of the resource jobtitle string output field jobtitle mail string output field mail mobilephone string output field mobilephone officelocation string output field officelocation preferredlanguage string output field preferredlanguage surname string name of the resource userprincipalname string name of the resource id string unique identifier example \[ { "status code" 200, "response headers" { "date" "wed, 23 aug 2023 13 20 02 gmt", "content type" "text/html; charset=utf 8", "content length" "16595", "connection" "keep alive", "cache control" "public, stale while revalidate=900, max age=900", "content encoding" "gzip", "expires" "wed, 23 aug 2023 13 26 00 gmt", "last modified" "wed, 23 aug 2023 13 08 00 gmt", "etag" "\\"whurpqeayniy\\"", "vary" "accept encoding, host", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x ms version" "12 43 4 1 (v12 42 0 1#162d343f82 230814 2250) signed", "strict transport security" "max age=31536000; includesubdomains", "nel" "{\\"report to\\" \\"network errors\\",\\"max age\\" 86400,\\"success fraction\\" 0 001,\\"failure " }, "reason" "ok", "response text" { "businessphones" \[], "displayname" "adele vance", "givenname" "adele", "jobtitle" "retail manager", "mail" "adelev\@contoso onmicrosoft com", "mobilephone" "+1 425 555 0109", "officelocation" "18/2111", "preferredlanguage" "en us", "surname" "vance", "userprincipalname" "adelev\@contoso onmicrosoft com", "id" "87d349ed 44d7 43e1 9a83 5f2406dee5bd" } } ] list user retrieve a comprehensive list of user objects from azure active directory, including names and roles endpoint url /v1 0/users method get input argument name type required description $count string optional retrieves the total count of matching resources $expand string optional retrieves related resources $filter string optional use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter https //learn microsoft com/en us/graph/filter query parameter $orderby string optional orders results $search string optional returns results based on search criteria $select string optional filters properties (columns) $top number optional sets the page size of results headers object optional http headers for the request consistencylevel string optional this header and $count are required when using $search, or in specific usage of $filter output parameter type description status code number http status code of the response reason string response reason phrase response text array output field response text businessphones array output field businessphones displayname string name of the resource givenname string name of the resource jobtitle object output field jobtitle mail object output field mail mobilephone string output field mobilephone officelocation object output field officelocation preferredlanguage string output field preferredlanguage surname string name of the resource userprincipalname string name of the resource id string unique identifier example \[ { "status code" 200, "response headers" { "date" "wed, 23 aug 2023 13 46 59 gmt", "content type" "text/html; charset=utf 8", "content length" "16609", "connection" "keep alive", "cache control" "public, stale while revalidate=900, max age=900", "content encoding" "gzip", "expires" "wed, 23 aug 2023 13 41 00 gmt", "last modified" "wed, 23 aug 2023 13 23 00 gmt", "etag" "\\"sovjwpdqdurp\\"", "vary" "accept encoding, host", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x ms version" "12 43 4 1 (v12 42 0 1#162d343f82 230814 2250) signed", "strict transport security" "max age=31536000; includesubdomains", "nel" "{\\"report to\\" \\"network errors\\",\\"max age\\" 86400,\\"success fraction\\" 0 001,\\"failure " }, "reason" "ok", "response text" \[ {}, {} ] } ] update user updates a user's account status in azure active directory using their unique id and the 'accountenabled' parameter endpoint url /v1 0/users/{{id}} method patch input argument name type required description id string required unique identifier aboutme string optional a freeform text entry field for the user to describe themselves accountenabled string required true if the account is enabled; otherwise, false this property is required when a user is created a global administrator assigned the directory accessasuser all delegated permission can update the accountenabled status of all administrators in the tenant agegroup string optional sets the age group of the user allowed values \ null , minor, notadult and adult refer to the legal age group property definitions for further information birthday string optional the birthday of the user the timestamp type represents date and time information using iso 8601 format and is always in utc time for example, midnight utc on jan 1, 2014 is 2014 01 01t00 00 00z businessphones string optional the telephone numbers for the user note \ although this is a string collection, only one number can be set for this property city string optional the city in which the user is located companyname string optional the company name which the user is associated this property can be useful for describing the company that an external user comes from the maximum length is 64 characters consentprovidedforminor string optional sets whether consent has been obtained for minors allowed values \ null , granted, denied and notrequired refer to the legal age group property definitions for further information country string optional the country/region in which the user is located; for example, us or uk department string optional the name for the department in which the user works displayname string optional the name displayed in the address book for the user this is usually the combination of the user's first name, middle initial and last name this property is required when a user is created and it cannot be cleared during updates employeeid string optional the employee identifier assigned to the user by the organization the maximum length is 16 characters employeetype string optional captures enterprise worker type for example, employee, contractor, consultant, or vendor returned only on $select givenname string optional the given name (first name) of the user employeehiredate string optional the hire date of the user the timestamp type represents date and time information using iso 8601 format and is always in utc time for example, midnight utc on jan 1, 2014 is 2014 01 01t00 00 00z employeeleavedatetime string optional the date and time when the user left or will leave the organization the timestamp type represents date and time information using iso 8601 format and is always in utc time for example, midnight utc on jan 1, 2014 is 2014 01 01t00 00 00z employeeorgdata string optional represents organization data (e g division and costcenter) associated with a user interests string optional a list for the user to describe their interests jobtitle string optional the user's job title mail string optional the smtp address for the user, for example, jeff\@contoso onmicrosoft com mailto\ jeff\@contoso onmicrosoft com changes to this property will also update the user's proxyaddresses collection to include the value as a smtp address for azure ad b2c accounts, this property can be updated up to only ten times with unique smtp addresses cannot be updated to null mailnickname string optional the mail alias for the user this property must be specified when a user is created mobilephone string optional the primary cellular telephone number for the user mysite string optional the url for the user's personal site officelocation string optional the office location in the user's place of business output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "fri, 18 aug 2023 11 47 19 gmt", "content type" "text/html; charset=utf 8", "content length" "1000", "connection" "keep alive", "cache control" "private", "content encoding" "gzip", "vary" "accept encoding", "x content type options" "nosniff", "x xss protection" "1; mode=block", "x ms version" "12 43 2 1 (v12 42 0 1#6c4023fb99 230803 0127) signed", "strict transport security" "max age=31536000; includesubdomains", "x ua compatible" "ie=edge", "x frame options" "sameorigin", "x azure ref" "20230818t114719z v7556zx97h4335ppu1mubfv65s000000021g00000000yd3z", "x cache" "config nocache" }, "reason" "ok", "response text" "" } ] response headers header description example accept ranges http response header accept ranges bytes access control allow origin http response header access control allow origin cache control directives for caching mechanisms private connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 1000 content security policy http response header content security policy frame ancestors 'self' content type the media type of the resource text/html; charset=utf 8 date the date and time at which the message was originated fri, 18 aug 2023 11 21 47 gmt etag an identifier for a specific version of a resource "sovjwpdqdurp" expires the date/time after which the response is considered stale wed, 23 aug 2023 13 26 00 gmt last modified the date and time at which the origin server believes the resource was last modified wed, 23 aug 2023 13 08 00 gmt nel http response header nel {"report to" "network errors","max age" 86400 ,"success fraction" 0 001,"failure fraction" 1 0} permissions policy http response header permissions policy accelerometer=(), ambient light sensor=(), battery=(), camera=(), gyroscope=(), magnetometer=(), screen wake lock=() referrer policy http response header referrer policy strict origin when cross origin report to http response header report to {"group" "network errors","max age" 86400 ,"endpoints" \[{"url" " https //eafc nelreports net/api/report?cat=aportal https //eafc nelreports net/api/report?cat=aportal "}]} strict transport security http response header strict transport security max age=31536000; includesubdomains timing allow origin http response header timing allow origin vary http response header vary accept encoding, host x azure ref http response header x azure ref 20230823t140255z bg05mztcd56310tsaceruzncb400000003h0000000002692 x cache http response header x cache config nocache x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x ms content source http response header x ms content source diskpersistentcontentcache x ms version http response header x ms version 12 43 4 1 (v12 42 0 1#162d343f82 230814 2250) signed