How to connect Azure AD with PowerApps forms - azure

I am creating a Leave Request form on PowerApps and i want to connect it with Azure AD of my organization.
The scenario is:
1. User fills up the form of Leave Request
2. The "Employee Name" and "Department" fields should be called by itself in the text box. I want to call these identities from Azure AD.
How can i perform this?

As far as I know, it is not available to connect to Azure AD to get the data in the PowerApps.
However it is able to get the user information using the User().FullName function to get the current username. If you also want it support to retrieve the department of current user, you may submit the feedback from here.

There is a system called Microsoft Flows where you can interface between Azure AD and your PowerApps application. I've been using it and albeit the fact that it's new and a little buggy, it's a possible solution for your problem.

Related

How can I detect the user sign up event from Azure API Management?

I've been using Azure API Management recently, and I would like to know if there is a way to detect the sign up process performed from the included Developer Portal.
Basically I need to be able to get the user unique id, to be able to map data stored in a database.
Is configuring Delegation the only way to capture this event?
Try to enable the Resource Logs, it includes the userId.
Reference - https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor#resource-logs

Do I need to configure azureAD for powerapps?

I am new to powerapps, and I need to create an app with AzureAD authentication. But I am confused by this authentication. Do I understand correctly that I don't have to implement user sign-up and login screens, because every user which will be added to AzureAD would be able to login to microsoft account and will have an access to my powerapp?
So, I don't have to write any code for user signup/login/forgot password?
But in the Internet I saw that some people use AzureAD.getUser() and Office365.User. When do I need it?
PowerApps is building enterprise apps for your organization staffs. This app has to be developed, published and shared to AD users, and users can sign-in using Active directory single sign-on.
You can invite/share with AD individuals, security group or O365 group. But not Distribution groups. You can share the app to all users by sharing with “Everyone”.
Even PowerApps can be shared with external users (guests) but they must be guest users of an Azure Active Directory tenant.
How to share a PowerApp?
Yes, no signup or login other than Microsoft AD login/challenge screen.
Those snippets will be used to get current logged in user details.
Everything #ArunVinoth said and to add a little more info about:
But in the Internet I saw that some people use AzureAD.getUser() and Office365.User. When do I need it?:
These are PowerApps connectors (API wrappers) that allow you to surface AD/O365 data within the app for your users.
Example:
You may have a way for users to lookup contact information for people within the org.
You would add the Office365Users connector to your application
Then execute the .SearchUser method from that connector to display contact info based on user input.
These connectors are not for authenticating to the app, but rather providing lookup capabilities for your users. Or automating these lookups for your app logic.

Azure Applications; How to create a separate authorization page for out of network users

I've been tasked with figuring out a way to make a certain set of Azure users authenticate to a Web Application by accepting/denying a warning message that should be presented before the users are directed to the application itself. The users that should not go through this process are in-network users.. they should be able to input the URL and be presented with a sign-in page and from there they will have access into the application. This has already been configured via Azure AD but the previous issue for out of network users is what i'm having issues with.
My current thoughts on this is to create an a simple authorization page created by an azure function that out of network users will be directed to because the IP addresses will be placed in a conditional access rule to do so. From the simple page the user will be directed to the application or logged out if they choose cancel.
This is just a thought but definitely open to suggestions. Thoughts?
For those who may have been interested in an answer for this question I have figured it out. In order to do this I had to create a "Terms Of Use" within Azure Active Directory. This Terms of use consisted of a pdf file containing the information my user needed to view before accept/deny could be clicked. On the "Terms Of Use" was created I then created a custom conditional access policy which included users needing to accept the "Terms Of Use" before being able to access our Portal or Applications. Hope this helps

Microsoft GraphAPI: How do I retrieve the assigned groups of an azure user?

As you can see my question above, I was wondering if it is possible to retrieve the assigned groups of an Azure Active Directory (AAD) based user via Microsoft GraphAPI.
My situation is, that I have an ASP.NET MVC project with Microsoft Azure enabled. My goal is, that an Azure user can login on my website with it's Azure account.
The idea is, that an azure user is an admin or an user (depending on the azure groups) and depending of this role group, the user can view more or less of my webpage.
For example:
When Peter logs in with his azure account on my webpage, he should only be able to see:
Add new Document
Edit Document
Remove Document
because he is only assigned as "User" in Azure Active Directory.
But when Sabrina logs in with her azure account on my webpage, then she should be able to do the same as Peter, but she also can see:
Manage Products
Add new customer
etc.
because she is been assigned as an admin in Azure Active Directory.
My problem is, that I did not find out how I retrieve the assigned group of an user with Microsoft GraphAPI. The part, which user can see or not after I got the roles is not a big deal.
I already tried this API call:
https://graph.microsoft.com/v1.0/me/
But it seems, that the response of this call does not include the actual assigned group of that user.
Do you think it is possible to retrieve the assigned group of an azure user? Is this even possible? Or do I have to do something else to retrieve these information?
I hope you understand my point and I am also looking forward for any response. Thanks in advance!
Add /memberOf to the URL to receive the groups a user is member of.
https://graph.microsoft.com/v1.0/me/memberOf
Here's a link to the specific graph api - https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups
Take a look at this sample application on Github. It does something very similar with a task tracker application, where different users are able to perform different actions based on the group they belong to -
https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims/blob/master/README.md
Also, in cases where a user is a member of too many groups, you get back an overage indicator and have to make a separate call to get all groups. Read about “hasgroups” and “groups:src1” claims here - https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-id-and-access-tokens
According to your system architecture, if some user has too many joined groups, the API https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups will return too many groups.
But if the groups with permissions in your system are not too much, you can use this API: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_checkmembergroups to check if the current user is the member of specified groups.
It is not good idea to use this API: https://graph.microsoft.com/v1.0/me/memberOf. Because it returns only the groups that the user is a direct member of, but security group can be member of security group.

Continuous sync of photos from AD to AAD using AAD Connect tool

Need to continuously sync(not just once) photos of users into AD environment, and then into Azure AD. According to the article below, this attribute is only synced one time on initial sync. These photos are updated by our Security group when someone gets a new badge and then we update the photo in AD. Can they sync these ongoing, on a continuous basis, using the AD Connect tool? If so, do we have a document that can assist my customer with this type of configuration/need?
https://support.microsoft.com/en-us/help/3062745/user-photos-aren-t-synced-from-the-on-premises-environment-to-exchange
As stated in the article, for now, the only method I see available for you to use, is the Set-UserPhoto cmdlet.
Br,

Resources