We are trying to setup user provisioning via custom JSON schemas in Onelogin for Druva, to move users to profiles based on department.
The issues we are facing might be down to our Onelogin account not being an enterprise account. However, we found a workaround which did work, basing the mapping off company instead, as per this setup where the company field is used for "department".
While this works it doesn't seem the best option long term.
Any reason this shouldn't work?
{
"schemas": [
"urn:scim:schemas:core:2.0",
"urn:scim:schemas:extension:enterprise:1.0"
],
"userName": "{$user.email}",
"displayName": "{$user.firstname} {$user.lastname}",
"company": "{$user.company}",
"urn:scim:schemas:extension:enterprise:1.0": {
"department": "{$parameters.department}",
}
}
Any other suggestions?
Related
In my application, I have a list of users with their organization email-id. As per the requirement, I want to check user's email-id extension is of a valid Microsoft 365 account. For users who passed this check, I want to enable the SSO feature.
Example: If the user email-id is "user#company-domain.com" then I want to check that "#company-domain.com" is registered in MS 365.
I am not able to find any graph API to resolve this issue.
Any help would be appreciated.
What you should be able to use is the Organizations endpoint eg
https://learn.microsoft.com/en-us/graph/api/organization-get?view=graph-rest-1.0&tabs=http
then use the verified domains node
"verifiedDomains": [
{
"capabilities": "Email, OfficeCommunicationsOnline",
"isDefault": true,
"isInitial": true,
"name": "Contoso.com",
"type": "Managed"
}
This is what you see in the Portal or enumerated in things like Azure AD Connect
This will give you the verified domains for a particular org and your app will need permissions to query it.
So, I have a Power Automate Flow, which creates a Sharepoint Site using the Sharepoint REST API via "Send HTTP Request to Sharepoint" connector. I`ve following body:
{
"request": {
"Title": "#{variables('strSPName')}",
"Url":"#{variables('strSPAddress')}",
"Lcid": 1031,
"ShareByEmailEnabled":true,
"Description":"-",
"WebTemplate":"SITEPAGEPUBLISHING#0",
"SiteDesignId":"-",
"Owner": "#{outputs('Get_my_profile_(V2)')?['body/mail']}"
}
}
So right now I have only me as owner, but I need an additional owner.
I`ve tried to set two owners in an array like this:
"Owner": ["#{outputs('Get_my_profile_(V2)')?['body/mail']}", "email#test.com"]
Unfortunately, I`m getting the following error:
An unexpected 'StartArray' node was found when reading from the JSON reader. A 'PrimitiveValue' node was expected.
Any suggestions?
Thanks in advance.
As far as I am aware you can only set one owner when creating a site via the SPSiteManager endpoint. However, a workaround could be to add the second user to the Owners group directly after creation with a second POST request.
Below is an example
The principal id of the sitegroup should be 3.
Uri
_api/web/SiteGroups(3)/users
Body
{
"__metadata": { "type": "SP.User" },
"LoginName":"i:0#.f|membership|jane#contoso.onmicrosoft.com"
}
I am using the REST API of Azure Data Catalog to register new assets. My users need to be able to add/change tags and description. However, when I register new assets over REST API, add tag buttons and description text field disappear.
I suspect I need to pass a parameter in the json to make the fields editable. In the official documentation I couldn't find anything related.
I have all of the admin rights in all of my users, so I don't think it is an access rights issue.
How can I make the assets editable?
The solution is explained here. By default, the assets that are created by REST API are only editable by their owners. In order to change that behaviour, the following json object should be added to the payload:
{
"roles": [
{
"role": "Contributor",
"members": [
{
"objectId": "00000000-0000-0000-0000-000000000201"
}
]
}
],
//properties start here
//"properties": {
//...
// }
}
if it is still unclear, please check the following sample code.
Hi I want to check the permissions of a user in a specific Azure Devops Project. Is there a possible way to get it? As far as I know project level permission is different than organization level permissions. Thanks.
Already test some several rest apis but still I can't have the project level permission.
There is currently no out-of-the-box rest api to get the user's permission in project.
To achieve this demand, you can use this rest api :
https://dev.azure.com/{org}/_apis/Contribution/HierarchyQuery?api-version=5.0-preview.1
Request body:
{
"contributionIds": ["ms.vss-admin-web.org-admin-permissions-pivot-data-provider"],
"dataProviderContext": {
"properties": {
"subjectDescriptor": "msa.ZjE1ZTk0NmMtOTI4OS03Mjg5LTljMGUtMDIwMTdlYmM2Nzhj",
"sourcePage": {
"url": "https://dev.azure.com/xxx/xxxx/_settings/permissions",
"routeId": "ms.vss-admin-web.project-admin-hub-route",
"routeValues": {
"action": "Execute",
"adminPivot": "permissions",
"controller": "ContributedPage",
"project": "XXX",
"serviceHost": "0933e8b2-f504-4b7e-9e9e-xxxxx (xxx)"
}
}
}
}
}
You can track this rest api by press F12 in browser then select Network .Then looking for the record that response body included returned permission. From this record you can get the rest api and request body.
I tested with postman , with this api ,I can successful get user's permission in project. As shown below:
I want to know if there is a way to retrieve the registered domain(s) for a tenant through REST API for Sharepoint/Office365.
Consider this scenario;
I have a tenant named abc.pqr and url for the "my" site(OneDrive) is abc-my.sharepoint.com.
Now when I create a user for this tenant, the UI panel gives the option to select a domain for this account. Available options are;
1) #abc.pqr
2) #abc.onmicrosoft.com
Now, the problem is, if I have a user of this sort >>> testUser#abc.onmicrosoft.com, how do I findout the registered domain for this tenant? Which in my case is abc.pqr.
Is there a way to find this through REST API?
Sounds like what you want to know is the list of verified domains in your Azure Active Directory tenant. (Azure AD is the directory service behind Office 365 and other Microsoft online services.)
The Azure AD Graph API—AAD's REST API—can provide this for you. In your case, the GET request you would want to make is:
https://graph.windows.net/abc.onmicrosoft.com/tenantDetails
Note: you can use either the tenant ID or any verified domain of the tenant instead of abc.onmicrosoft.com. The tenant ID can be obtained from the tid claim in the access token.
The JSON response will include something like this:
"verifiedDomains": [
{
"capabilities": "None",
"default": true,
"id": "0007ABE0983098",
"initial": false,
"name": "abc.pqr",
"type": "Managed"
},
{
"capabilities": "Email, OfficeCommunicationsOnline",
"default": false,
"id": "0007ABE0983098",
"initial": true,
"name": "abc.onmicrosoft.com",
"type": "Managed"
}
]
(There's a useful Quickstart for the Azure AD Graph API that shows how to start playing around with AAD Graph API, and the GraphExplorer.)
If you're using .NET, there is a full sample at https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet. (More samples for other languages and platforms at https://github.com/AzureADSamples.)