I'm trying to fetch users using the search query, specifically users that a given string is their username\firstname\lastname or a prefix of their email. To do so in one query I need an OR operator.
In the API documentation it's missing and maybe not supported:
https://developers.onelogin.com/api-docs/1/users/get-users.
Example:
https://api.us.onelogin.com/api/1/users?firstname=${prefix}*&limit=10 - works
https://api.us.onelogin.com/api/1/users?firstname=${prefix}*|lastname=${prefix}* - fails
On my OneLogin account in users UI there is an option to search with this kind of query, and it successfully search for prefix with OR on multiple fields.
example
Does OR operator supported? Is there another way to do so with one query?
Related
In my app, the user should be able to choose a company, in which his article gets published.
The Azure Active Directory has the Company name for that, which is maintained by our AAD Team. Is there any way to request all values from this field? Like a SELECT DISTINCT in SQL?
AFAIK, currently there is no way to request all distinct values using companyName attribute.
You can use filter parameter by looping through each companyName.
Please note that Distinct is not supported in Microsoft graph API.
You can raise Azure Support ticket or feature request for the same by visiting below link:
Azure Support Options | Microsoft Azure
References:
Is there a way to query distinct user profile attribute values from the Graph API? For example $select=Distinct(jobTitle)? The scenario would be to build a "refinement" experience for a People Search experience. - Microsoft Q&A
Distinct values in Microsoft Graph query - Stack Overflow
We would like Azure Search to be able to restrict search results for certain users by some means – we are considering using the filter (https://learn.microsoft.com/en-us/azure/search/search-filters) option for this.
So far, we understand that the search query and the search results from Azure Search would be public and unencrypted.
Is there a way that the search query can be encrypted so that a user cannot meddle with the filter values and see data he is not authorized to see?
Similarly, for the results, in there a way to prevent an unauthorized person from seeing the results returned from Azure Search?
There's encryption at rest an in transit, but ideally you should implement your own authorization mechanism to handle what users can see. There's no ready to use feature for it.
I am trying to retrieve Google groups using the directory API with partial matches and wildcards.
The API allows me to retrieve a group if I know an alias using
GET https://www.googleapis.com/admin/directory/v1/groups/groupKey
I can retrieve all groups using
GET https://www.googleapis.com/admin/directory/v1/groups?customer=my_customer
There doesn't seem to be a way to search for a subset of the groups, for example returning all groups that start with foo.
Some of our customers have huge numbers of groups so retrieving them all is impractical.
Does anyone know how to order the results of a query to the Azure AD Graph API using the nuget assembly (https://www.nuget.org/packages/Microsoft.Azure.ActiveDirectory.GraphClient/) by "Created Date" (i.e. when the user was created in the directory?
I can't find any documentation about a property which would contain this. Is the result set automatically ordered in this way?
There is a restriction at the moment on the '$orderby' expressions that can be specified for a Graph API query. From the documentation -
The following restrictions apply to $orderby expressions:
Two sort orders are currently supported: DisplayName for User and Group objects, and UserPrincipalName for User objects. The default sort order for users is by UserPrincipalName.
So even if the 'Created Date' was exposed as property on the User I doubt the query will work.
In Azure Search we can create multiple indexes for different search results, and we have two types of api-key. One is for administation and other one is for querying. But with same api-key users can search all indexes.
In my solution I need to design a system so that different users that use the system will get different results by their previleges. I thought this could be solved with dedicated indexes for each role but still users can query other indexes if they want to.
How can I be sure that every user can ONLY be able to search on particular a index.
Out of the box it is not possible to restrict the key usage for a specific index. You would need to do something on your own.
Other possibility would be to create different search service accounts and then creating indexes in them instead of having one account. You can then grant access to your users to appropriate search service account.
UPDATE
Based on your comments, you're actually looking to restrict search results (documents) by user's role i.e. going one level deeper than indexes. To achieve this, what you could do is dynamically append this role criteria to your search query as OData Filter. For example, let's say your index has boolean fields for each role type (Administrator, User etc. etc.) and the user searches for some keyword. Then what you could do is create an OData Filter $filter where you check for these conditions. So your search URL would look something like:
https://<search-service-name>.search.windows.net/indexes/<index-name>/docs?search=<search-string>&$filter=Administrator%20eq%20true
That way Search Service is doing all the filtering and you don't have to do anything in your code.
You can learn more about query options here: https://msdn.microsoft.com/en-us/library/azure/dn798927.aspx.