I am writing a SaaS application to monitor set of azure services. One of them is Azure AAD Domain services but I couldn't find any REST api .
Is there any API available for the same?
I don't think that there is any Graph API for the AD DS.
But what is it you are trying to monitor? If you wish to monitor what is happening in the Azure AD then there is a Graph for that as well as Graph tools for reporting.
Else it is possible to talk to the Azure AD DS through LDAP. But then again it all depends on what sort of information you are trying to get.
Related
This is more of an 'Is this possible' question. A developer on the team suggested using Azure AD for user management, but one of the requirements is that the app admin be able to add/manage user access through the application without having to go to the Azure Portal.
So the question is, is the Graph API (or some other mechanism) full featured enough to replace the portal (at least for basic user set up and management) and allow all actions to be done from the application UI?
Thanks.
Simple answer to your question is Yes. Graph API can be used to manage users and their access to applications instead of using Azure Portal. In fact, Azure Portal itself makes use of Graph API to perform these operations.
You may also need to use Azure REST API if you're planning on managing Azure resources as well through this custom application especially Authorization APIs if you want to manage access to Azure resources (Azure Role-based access control) through your application.
I have two separate web applications, one built with .NET Framework and the other built with .NET Core. Both web applications make up one solution which we ship to our customers. The solution itself is a SaaS subscription-based solution, where users would be able to sign-up with using either a Microsoft/Office 365, GSuite, or organizational account (basic username/password). We would like to restrict sign-up to organizational/business accounts only.
As I understood, Azure B2B is mainly useful when you have something internal and you would like to give external users some limited access to it. Given that I have a multi-tenant SaaS solution, I believe that Azure B2C makes more sense.
Furthermore, in our solution, we would also want the ability for external users to access Tabular Models in Azure Analysis Services and SSRS.
Is access to only organizational accounts, something that can be configured through Azure AD B2C?
Can access be granted to external users to Azure Analysis Services or other Azure tools when using Azure B2C?
You have two options
Option 1, Using Azure AD External identities solution - recommended
You can use newly released self service sign up solution in Azure AD external identities . You can very well restrict sign up to other Azure AD accounts only. However for sign up using other federation systems - you need to try on. I think as of today only Google and Facebook are supported apart from Azure AD.
Option 2, use Azure AD B2C and use app only authentication.
Azure AD B2C consumer accounts are by default not supported by Azure services or Office. But you can use app based authentication to provide these services. Your client app will call your backend api using Azure AD B2C token. Your backend app can perform all auth validations and then call the backend Azure or any other service using app only authentication mode.
is it possible to manage apps and services from Azure AD B2C via APIs (REST etc.) for individual users?
The authorised AD applications should be managed later in a self-developed dashboard via APIs.)
Best regards
Using the rest API, you can manage All the App services and also Azure resources.
for example updating the Api service
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/hostingEnvironments/{name}?api-version=2019-08-01
API for App service Please refer to this document it may help
I want to create directory in azure ad using api, does any such api is supported by azure? If yes then please share the api.
As far as I am aware of, there is no API for creating Azure AD tenants.
The documentation never mentions any: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant
In Azure portal, i wanted to create multiple useraccounts and then track those useraccounts for the data usage in Azure API management service. I can able to create the useraccounts but inorder to know how much data is used by those users for particular API, how can i get that metrics?
API Management has 2 portals and 2 types of users. The Azure Portal is used for API Managers (think users who publish APIs, operations, manage policy, etc.). The Developer Portal is used by developers who are using (think customers) of your API. In order to use an API the user/customer has to register with the Developer Portal and get a Subscription to a given API and the associated key. So you have to authenticate them.
The Developer Portal supports different authentication mechanisms including Azure AD. So if you plan to use Azure AD for your authentication for both portals you will need to configure it accordingly. https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad
fwiw - by default the Developer portal provides a form based authentication for developers
Metric wise once a developer is registered you will be able to report on their activity through API Management.