Azure Active Directory

the azure active directory connector enables streamlined user account management and automation of identity related tasks within the azure ecosystem azure active directory (azure ad) is microsoft's cloud based identity and access management service, which helps employees sign in and access resources this connector enables swimlane turbine users to manage user accounts and automate identity related workflows directly within the platform by integrating with azure ad, users can create, delete, retrieve, list, and update user accounts, streamlining identity management and enhancing security automation within their organizations prerequisites to utilize the azure active directory connector with swimlane turbine, ensure you have the following oauth 2 0 client credentials for authentication with these parameters url the endpoint url for azure ad services client id the application (client) id registered in azure ad client secret the application secret that was generated for the app registration in azure ad token url the url to retrieve the oauth2 token from azure ad scope the scope of the access request, which might include one or more permissions asset setup client credential flow authentication authentication uses azure application oauth2 you will need an admin account in azure to create the application recommended application permissions (feel free use custom permissions if you only use certain actions) user readwrite all directory readwrite all directory accessasuser all user readbasic all directory read all user manageidentities all user enabledisableaccount all user enabledisableaccount all in order to set up the asset, you need the following azure application client id azure application client secret azure tenant id steps to create the azure app go to the https //portal azure com/#blade/microsoft aad registeredapps/applicationslistblade in the azure portal click new registration enter a name for your new application and choose accounts in this organizational directory only , then click register at the bottom navigate to the api permissions tab on the left navigation menu select add a permission select microsoft graph select application permissions , then mark all the permissions you need for the actions you are using (see suggested permissions at the top of the asset setup section) click the add permissions button at the bottom of the page select grant admin consent for your organization, then your permissions should look as below navigate to the certificates & secrets tab and select new client secret fill out the description and expiration, then click the add button at the bottom the value of the secret you just created is the client secret needed for the swimlane asset navigate to the overview tab on the left menu the client id and tenant id needed in the asset are shown on this page the client id , tenant id , and client secret described in the steps above are the credentials you need for the asset notes for more information refer to api documentation https //learn microsoft com/en us/graph/api/resources/user?view=graph rest 1 0 https //docs microsoft com/en us/graph/query parameters for more information about the use of consistencylevel and $count, see https //learn microsoft com/en us/graph/aad advanced queries?tabs=http configurations oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url must start with https //login microsoftonline com/ and then continue with the tenant id, and then be prepended with /oauth2/v2 0/token string required client id the client id string required client secret the client secret string required scope list of permission scopes for this action array required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create user creates a new user object in azure active directory, including all necessary attributes endpoint url /v1 0/users method post input argument name type required description accountenabled boolean optional parameter for create user displayname string optional name of the resource onpremisesimmutableid string optional unique identifier mailnickname string optional name of the resource userprincipalname string optional name of the resource passwordprofile object optional parameter for create user passwordprofile forcechangepasswordnextsignin boolean optional parameter for create user passwordprofile forcechangepasswordnextsigninwithmfa boolean optional parameter for create user passwordprofile password string optional parameter for create user input example {"json body" {"accountenabled"\ false,"displayname" "adele vance","onpremisesimmutableid" "adele","mailnickname" "adelev","userprincipalname" "adelev\@contoso onmicrosoft com","passwordprofile" {"forcechangepasswordnextsignin"\ false,"forcechangepasswordnextsigninwithmfa"\ false,"password" "xwwvj]6nmw+bwh d"}}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"date" "fri, 18 aug 2023 11 21 47 gmt","content type" "text/html; charset=utf 8","content length" "16586","connection" "keep alive","cache control" "public, stale while revalidate=900, max age=900","content encoding" "gzip","expires" "fri, 18 aug 2023 11 13 00 gmt","last modified" "fri, 18 aug 2023 10 55 00 gmt","etag" "\\"q5cbyw9tosws\\"","vary" "accept encoding, host","x content type options" "nosniff","x xss protection" "1; mode=block","x ms version" "12 4 delete user removes a user from azure active directory using their unique identifier (id) requires the user's id as a path parameter endpoint url /v1 0/users/{{id}} method delete input argument name type required description path parameters id string required parameters for the delete user action input example {"path parameters" {"id" "abc123"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"date" "wed, 23 aug 2023 14 02 55 gmt","content type" "text/html; charset=utf 8","content length" "999","connection" "keep alive","cache control" "private","content encoding" "gzip","vary" "accept encoding","x content type options" "nosniff","x xss protection" "1; mode=block","x ms version" "12 43 4 1 (v12 42 0 1#162d343f82 230814 2250) signed","strict transport security" "max age=31536000; includesubdomains","x ua compatible" "ie=edge","x frame options" "s get user retrieves detailed properties and relationships of a user in azure active directory using their unique id endpoint url /v1 0/users/{{id}} method get input argument name type required description path parameters id string required parameters for the get user action parameters $select string optional filters properties (columns) input example {"parameters" {"$select" "displayname,givenname,postalcode"},"path parameters" {"id" "87d349ed 44d7 43e1 9a83 5f2406dee5bd"}} output parameter type description status code number http status code of the response reason string response reason phrase response text object output field response text response text businessphones array output field response text businessphones response text displayname string name of the resource response text givenname string name of the resource response text jobtitle string output field response text jobtitle response text mail string output field response text mail response text mobilephone string output field response text mobilephone response text officelocation string output field response text officelocation response text preferredlanguage string output field response text preferredlanguage response text surname string name of the resource response text userprincipalname string name of the resource response text id string unique identifier output example {"status code" 200,"response headers" {"date" "wed, 23 aug 2023 13 20 02 gmt","content type" "text/html; charset=utf 8","content length" "16595","connection" "keep alive","cache control" "public, stale while revalidate=900, max age=900","content encoding" "gzip","expires" "wed, 23 aug 2023 13 26 00 gmt","last modified" "wed, 23 aug 2023 13 08 00 gmt","etag" "\\"whurpqeayniy\\"","vary" "accept encoding, host","x content type options" "nosniff","x xss protection" "1; mode=block","x ms version" "12 4 list user retrieve a comprehensive list of user objects from azure active directory, including names and roles endpoint url /v1 0/users method get input argument name type required description parameters $count string optional retrieves the total count of matching resources parameters $expand string optional retrieves related resources parameters $filter string optional use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter parameters $orderby string optional orders results parameters $search string optional returns results based on search criteria parameters $select string optional filters properties (columns) parameters $top number optional sets the page size of results headers object optional http headers for the request headers consistencylevel string optional this header and $count are required when using $search, or in specific usage of $filter input example {"parameters" {"$count" "true","$expand" "manager($select=id,displayname)","$filter" "startswith(givenname,'j')","$orderby" "displayname desc","$search" "\\"displayname\ janne nyman\\"","$select" "givenname,surname","$top" 2},"headers" {"consistencylevel" "eventual"}} output parameter type description status code number http status code of the response reason string response reason phrase response text array output field response text response text businessphones array output field response text businessphones response text displayname string name of the resource response text givenname string name of the resource response text jobtitle object output field response text jobtitle response text mail object output field response text mail response text mobilephone string output field response text mobilephone response text officelocation object output field response text officelocation response text preferredlanguage string output field response text preferredlanguage response text surname string name of the resource response text userprincipalname string name of the resource response text id string unique identifier output example {"status code" 200,"response headers" {"date" "wed, 23 aug 2023 13 46 59 gmt","content type" "text/html; charset=utf 8","content length" "16609","connection" "keep alive","cache control" "public, stale while revalidate=900, max age=900","content encoding" "gzip","expires" "wed, 23 aug 2023 13 41 00 gmt","last modified" "wed, 23 aug 2023 13 23 00 gmt","etag" "\\"sovjwpdqdurp\\"","vary" "accept encoding, host","x content type options" "nosniff","x xss protection" "1; mode=block","x ms version" "12 4 update user updates a user's account status in azure active directory using their unique id and the 'accountenabled' parameter endpoint url /v1 0/users/{{id}} method patch input argument name type required description path parameters id string required parameters for the update user action aboutme string optional a freeform text entry field for the user to describe themselves accountenabled string optional true if the account is enabled; otherwise, false this property is required when a user is created a global administrator assigned the directory accessasuser all delegated permission can update the accountenabled status of all administrators in the tenant agegroup string optional sets the age group of the user allowed values \ null , minor, notadult and adult refer to the legal age group property definitions for further information birthday string optional the birthday of the user the timestamp type represents date and time information using iso 8601 format and is always in utc time for example, midnight utc on jan 1, 2014 is 2014 01 01t00 00 00z businessphones string optional the telephone numbers for the user note \ although this is a string collection, only one number can be set for this property city string optional the city in which the user is located companyname string optional the company name which the user is associated this property can be useful for describing the company that an external user comes from the maximum length is 64 characters consentprovidedforminor string optional sets whether consent has been obtained for minors allowed values \ null , granted, denied and notrequired refer to the legal age group property definitions for further information country string optional the country/region in which the user is located; for example, us or uk department string optional the name for the department in which the user works displayname string optional the name displayed in the address book for the user this is usually the combination of the user's first name, middle initial and last name this property is required when a user is created and it cannot be cleared during updates employeeid string optional the employee identifier assigned to the user by the organization the maximum length is 16 characters employeetype string optional captures enterprise worker type for example, employee, contractor, consultant, or vendor returned only on $select givenname string optional the given name (first name) of the user employeehiredate string optional the hire date of the user the timestamp type represents date and time information using iso 8601 format and is always in utc time for example, midnight utc on jan 1, 2014 is 2014 01 01t00 00 00z employeeleavedatetime string optional the date and time when the user left or will leave the organization the timestamp type represents date and time information using iso 8601 format and is always in utc time for example, midnight utc on jan 1, 2014 is 2014 01 01t00 00 00z employeeorgdata string optional represents organization data (e g division and costcenter) associated with a user interests string optional a list for the user to describe their interests jobtitle string optional the user's job title mail string optional the smtp address for the user, for example, mailto\ jeff\@contoso onmicrosoft com changes to this property will also update the user's proxyaddresses collection to include the value as a smtp address for azure ad b2c accounts, this property can be updated up to only ten times with unique smtp addresses cannot be updated to null mailnickname string optional the mail alias for the user this property must be specified when a user is created mobilephone string optional the primary cellular telephone number for the user mysite string optional the url for the user's personal site officelocation string optional the office location in the user's place of business input example {"json body" {"aboutme" "example","accountenabled" "false","agegroup" "minor","birthday" "2014 01 01t00 00 00z","businessphones" "9876543210","city" "us","companyname" "swimlane","consentprovidedforminor" "granted","country" "usa","department" "it","displayname" "john","employeeid" "robertfabrikamjo","employeetype" "vendor","givenname" "jon","employeehiredate" "2014 01 01t00 00 00z","employeeleavedatetime" "2014 01 01t00 00 00z","employeeorgdata" "string","interests" "yes","jobtitle" "de","mail" "jeff\@contoso onmicrosoft com","mailnickname" "example","mobilephone" "08963287493","mysite" "us","officelocation" "us","onpremisesextensionattributes" "onpremisessyncenabled","onpremisesimmutableid" "userprincipalname","othermails" "robert\@fabrikam com","passwordpolicies" "disablestrongpassword","passwordprofile" "false","pastprojects" "example","postalcode" "372798","preferredlanguage" "en us","responsibilities" "job","schools" "us","skills" "data engineer","state" "us","streetaddress" "us","surname" "nick","usagelocation" "us","userprincipalname" "example","usertype" "member"},"path parameters" {"id" "abc123"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"date" "fri, 18 aug 2023 11 47 19 gmt","content type" "text/html; charset=utf 8","content length" "1000","connection" "keep alive","cache control" "private","content encoding" "gzip","vary" "accept encoding","x content type options" "nosniff","x xss protection" "1; mode=block","x ms version" "12 43 2 1 (v12 42 0 1#6c4023fb99 230803 0127) signed","strict transport security" "max age=31536000; includesubdomains","x ua compatible" "ie=edge","x frame options" " response headers header description example accept ranges http response header accept ranges bytes access control allow origin http response header access control allow origin cache control directives for caching mechanisms private connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 1000 content security policy http response header content security policy frame ancestors 'self' content type the media type of the resource text/html; charset=utf 8 date the date and time at which the message was originated wed, 23 aug 2023 13 20 02 gmt etag an identifier for a specific version of a resource "whurpqeayniy" expires the date/time after which the response is considered stale wed, 23 aug 2023 13 26 00 gmt last modified the date and time at which the origin server believes the resource was last modified wed, 23 aug 2023 13 23 00 gmt nel http response header nel {"report to" "network errors","max age" 86400 ,"success fraction" 0 001,"failure fraction" 1 0} permissions policy http response header permissions policy accelerometer=(), ambient light sensor=(), battery=(), camera=(), gyroscope=(), magnetometer=(), screen wake lock=() referrer policy http response header referrer policy strict origin when cross origin report to http response header report to {"group" "network errors","max age" 86400 ,"endpoints" \[{"url" " https //eafc nelreports net/api/report?cat=aportal "}]} strict transport security http response header strict transport security max age=31536000; includesubdomains timing allow origin http response header timing allow origin vary http response header vary accept encoding x azure ref http response header x azure ref 20230823t132002z 5u109qe2td3xf64dz2k6r7keq00000000c4000000000ydtx x cache http response header x cache tcp hit x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x ms content source http response header x ms content source diskpersistentcontentcache x ms version http response header x ms version 12 43 4 1 (v12 42 0 1#162d343f82 230814 2250) signed x ua compatible http response header x ua compatible ie=edge x xss protection http response header x xss protection 1; mode=block