From the Azure Active Directory v2.0 authentication libraries we can see lots of samples about how to use libraries to connect Active Directory. It seems all of them should create an application at apps.dev.microsoft.com first. Then use the Application ID and a new password to act the clientID and clientSecret in a client or server middleware application.
This way, one user can use the application to login by oauth 2 or openid through the Azure Active Directory API. Also can get the personal information such as user profile correctly.
But, if I want to get all the users information in a tenant one time, is there an API can do?
But, if I want to get all the users information in a tenant one time,
is there an API can do?
You can use Microsoft Graph API - specifically List Users API.
https://graph.microsoft.com/v1.0/users
For a quick test, try using Microsoft Graph Explorer
Similarly you can list users with Azure AD Graph API as well, but it would be recommended to use Microsoft Graph API.
Read Microsoft Graph or Azure AD Graph and this SO Post (Only case to use Azure AD Graph API would be if you need something very specific that you aren't able to achieve with stable version of the newer Microsoft Graph API.)
Azure AD Graph API to list users (not recommended)
https://graph.windows.net/myorganization/users
Related
I'm trying to script a B2C tenant and need to switch the Local Accounts Identity Provider to be Username based instead of email as per below picture.
MS Graph API returns an empty list for the path GET https://graph.microsoft.com/beta/{tenantid}/identityproviders.
Is it possible to switch this programmatically?
I can migrate to the trustframework policy xml upload method if necessary but it seems like overkill.
The scene you described should be for Azure AD B2C instead of Azure AD B2B.
It has a limitation in Microsoft Graph currently.
When we try to List identityProviders, local account identity Provider won't be listed in the response. See reference here.
The supported types for identityProviders are:
Microsoft
Google
Amazon
LinkedIn
Facebook
GitHub
Twitter
Weibo
QQ
WeChat
So I'm afraid that we can't update the local account identity Provider via Microsoft Graph API.
If you are using user flow, I think the easiest way is to change it in Azure Portal.
If you can use custom policy, modify the configuration in custom policy is necessary.
I am looking for an api to pull all the users using tenant ID or using MS graph API's with an AADv1/AADv2 app.
I have both v1 and v2 apps to access MS graph and also can use o365 tenant ID.
Pick the appropriate SDK for the ms graph depending on your language / platform preference. The readme in the repo will help you get started, as will the intellisense provided by the SDK. You’re going to want to ensure that your app registration has appropriate access to the APIs you’re after.
I have created a WebApi app which can create a user on Azure AD B2C tenant using Graph API.
Now the user has to authenticate on Azure AD B2C as the same way I have used like Graph API. I mean a programmatic approach to sign in instead of Microsoft login page. Is it possible to authenticate against Azure AD B2C using Graph API? If yes can you please suggest me the way to do it.
It is not possible to authenticate an user in azure AD using graph API. Graph API provides methods to various AD related operations on the users, signed on user, groups, directory roles, policies and so on. https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/users-operations
You can programmatically authenticate users against Azure AD using a certain call but MS refuses to officially support the method in libraries, despite it existing for over 4 years.
For node, the denied pull request is here: https://github.com/AzureAD/azure-activedirectory-library-for-nodejs/pull/99?_pjax=%23js-repo-pjax-container
The code repo referenced in the pull is here: https://github.com/testdouble/azure-activedirectory-library-for-nodejs/tree/client_secret_optional
I recently figured out that there are two Graph APIs availble for Azure Active Directory. There is the unified graph.microsoft.com and the AAD specific graph.windows.net:
Azure AD Graph API functionality is also available through Microsoft
Graph, a unified API that also includes APIs from other Microsoft
services like Outlook, OneDrive, OneNote, Planner, and Office Graph,
all accessed through a single endpoint with a single access token.
Source
Is there any reason to use the unifed Graph API when I only need to browse AAD objects? Will the AAD specific graph.windows.net GraphAPI get deprecated?
There has been no announcement of Azure AD Graph API's deprecation and we (and others) use it in production every day.
If you can get what you want through Azure AD Graph API, I'd say use it. If you need something else from the Microsoft Graph API (like emails or contacts), use that one.
I'd like to add an Office365/Graph Calendar integration to an existing Node.js app (hosted on AWS). I've already done a similar integration with Google's Calendar, and it was trivial to get set up. I'm not having nearly as much luck with the Microsoft version of things.
I've found at least 4 different ways to register an app (get a clientId and clientSecret), and I seem to get different errors for each of them, but can't get any to work properly.
I think a large part of my problem is that I've never had to work in the MS ecosystem before, so I don't have a lot of the baseline knowledge that the documentation assumes.
I'm not looking to host anything with Microsoft - do I even need an Azure account?
I'd like to allow any user with an Office365 account to connect it to my app - do I need to learn about Active Directory to do this? Does this part of it require Azure?
I've found instructions for using both https://login.microsoftonline.com/common/oauth2 and https://login.microsoftonline.com/common/oauth2/v2.0 for this, do I need to worry about which version I use depending on how I registered my app?
Microsoft Graph leverage Azure AD to authenticate and authorize users. The doc refers as:
To get your app authorized, you must get the user authenticated first. You do this by redirecting the user to the Azure Active Directory (Azure AD) authorization endpoint, along with your app information, to sign in to their Office 365 account. Once the user is signed in, and consents to the permissions requested by your app (if the user has not done so already), your app will receive an authorization code required to acquire an OAuth access token.
So you need to register an Azure account for configure the Azure AD service. Refer https://graph.microsoft.io/en-us/docs/authorization/app_authorization for more info.
Meanwhile, to implement Microsoft Graph in node.js application, you can refer the following code sample for your information.
Microsoft Graph service app sample using Node.js
An Office 365 API sample app using Node, Express and Ejs
Office 365 Node.js Connect sample using Microsoft Graph
Matt, you can do this without an Azure account if you use the oauth2/v2.0 auth endpoint. When you do that, you can register on apps.dev.microsoft.com using a Microsoft account.
See this tutorial for doing it with the Outlook REST API, which is similar to the Graph (in fact, for Calendar operations the calls and entities are identical).