I need to get the Azure Subscriptions to which a Azure AD user is linked to.
I tried using the Microsoft Graph Api, but was not able to figure it out.
A GET call to https://management.azure.com/subscriptions?api-version=2014-04-01 should give you a list of subscription for user that got issue the token. You should be using Azure API not Graph.
Related
Question: Using Microsoft Graph API, is there a way to query if a logged-in user has both the Office365 and Azure subscription?
Details:
My WPF-Core app is using MS Graph to access Azure resources as well as Office365 services (Outlook schedule and OneDrive). My personal Azur Account does not have Office365 subscription. When I login with
an Azure (admin) account to my app the app can perform CRUD operations on Azure AD users.
Likewise, when I login as an MSA account (Outlook, Hotmail, etc.) the app can perform operations such as updating Outlook events, Upload/Download files to the logged-in user's OneDrive etc.
But in both case the converse is not true. For example, if I log-in using Azure AD account and try to have app update Outlook event (or upload a file to my OneDrive), I get the following error: Tenant does not have a SPO license.. So, if a user is logged-in with Azure AD account and try to click on the app's button that display or update user's outlook events I would like to display a message to the user that your Azure account does not have a SPO license. And, display a similar message in the reverse case (i.e. this Office account does not have Azure subscription etc.)
NOTE: The above scenario is not working for display purposes, as well. That is, an Azure AD login is not able to see Outlook events; and an MSA login is not able to see the Azure AD users list.
Firstly, the answer is NO. We cannot determine if the user has Azure subscription.
MS Graph mainly manages the Azure AD resources while Azure subscription mainly manages Azure resources such as Azure App Service, VM, etc.
But we can determine if a user has O365 subscription (or the license under O365 subscription).
Firstly, you could use GET https://graph.microsoft.com/v1.0/me?$select=userPrincipalName,assignedPlans to get the logged-in user's O365 licenses.
We can find the Sharepoint license in the response:
In fact you may find more than one Sharepoint license in the response because the user may have multiple O365 subscriptions.
Besides, if the Azure subscription you mentioned actually refers to AAD subscription, then the method I described above is also suitable for querying AAD subscription.
The above content applies to AAD users.
If the logged-in user is an MSA, when you query GET https://graph.microsoft.com/v1.0/me?$select=userPrincipalName,assignedPlans, it won't return a property named assignedPlans.
How can I fetch all users from my azure active directory ? I need some API for it.
You can use the Graph API list users
GET https://graph.microsoft.com/v1.0/users
Please try with below api:
Get https://vssps.dev.azure.com/{org name}/_apis/graph/users?subjectTypes=aad&api-version=5.1-preview.1
Note: Specify the subjectTypes as aad.
Then it will fetch all users which are members of organization, also located in the AAD tenant that connected with the azure devops organization.
This is the sample response of mine:
I want to get user information, not only from Azure Active Directory, but also from Azure B2C Tenant Users. I was able to reproduce results for AAD users, but I couldn't find enough resource as for how to access to B2C Users (e.g. Gmail.com). I get this error when I swap to my desired clientid/clientsecret (fetched from Azure AD B2C - Application) in this project (https://github.com/microsoftgraph/aspnetcore-connect-sample):
'unsupported_response_type', error_description: 'AADSTS700054: response_type 'id_token' is not enabled for the application.
I couldn't find the recent resources helpful, as a lot of Azure component changed. I would greatly appreciate your kind guidance!
If I understand your question correctly, you want to be able to programatically CRUD B2C Users.
AADB2C has a documentation for same using AADGraph (and not using Microsoft Graph)
Build user CRUD operations by using the Graph API
As of today,you must use the Azure AD Graph API to manage users in an Azure AD B2C directory. This is different from the Microsoft Graph API. The sample you referred to is not appropriate for managing B2C tenant users.
From the Azure Active Directory v2.0 authentication libraries we can see lots of samples about how to use libraries to connect Active Directory. It seems all of them should create an application at apps.dev.microsoft.com first. Then use the Application ID and a new password to act the clientID and clientSecret in a client or server middleware application.
This way, one user can use the application to login by oauth 2 or openid through the Azure Active Directory API. Also can get the personal information such as user profile correctly.
But, if I want to get all the users information in a tenant one time, is there an API can do?
But, if I want to get all the users information in a tenant one time,
is there an API can do?
You can use Microsoft Graph API - specifically List Users API.
https://graph.microsoft.com/v1.0/users
For a quick test, try using Microsoft Graph Explorer
Similarly you can list users with Azure AD Graph API as well, but it would be recommended to use Microsoft Graph API.
Read Microsoft Graph or Azure AD Graph and this SO Post (Only case to use Azure AD Graph API would be if you need something very specific that you aren't able to achieve with stable version of the newer Microsoft Graph API.)
Azure AD Graph API to list users (not recommended)
https://graph.windows.net/myorganization/users
We have lot of references in the web to fetch the all AAD users but i need to fetch all the users from an Azure subscription.
I have created an App in Azure active directory and added that App to the Subscription then used ClinetId and Client secret to create the AuthToken. Used the created auth token to hit the below REST API(an Azure resource management REST API)
https://management.azure.com/subscriptions/{my subscription id}/resourceGroups/{My resource group name}/providers/Microsoft.ApiManagement/service/{my Azure managment API Name}/users?api-version=2018-01-01
But this rest API is retrieving only one User, which is mine.
Here i want to retrieve all the users in a subscription.
Here is the MSDN url i used as reference.
Please can any one help me on this.
It is not because of the free sub.
Does your app have the permission to the Graph API (to read users)? If you try the same user via PS console and you get the same output then its not your code but permissions (Good read on PS https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-powershell-1.0/ff730967(v=technet.10) ).
On the graph api here https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstart
You can find the answer for this question in below thread.
Removing the user from Azure subscription programtically(C#)