Task #2887
closedSupport for Guest user type
100%
Description
Creating guest access via invitation https://docs.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0&tabs=java
support all CRUD operation. Only create shut be diffrent.
type of user is in attribute userType with values "Member" or "Guest"
Updated by Roman Kučera over 3 years ago
- % Done changed from 0 to 10
I am able to create user.
Issue with search operation occurred. Guest account has UPN in format somemeail_domain.com#EXT#@bcvcz.onmicrosoft.com but if I use this value in graph api sdk the value is cropped and only the part before first # is used.
For search there is workaround to search via filter parameter at it works.
Other issue is with update operation a similar will occur with delete to.
Graph api SDK has UPN as method parameter but for some reason it cropping the value so again the update/delete will fail because it can't find the user.
One possible workaround is to make one extra call and get user UUID and use this instead.
Updated by Roman Kučera over 3 years ago
- % Done changed from 10 to 20
Previous issue with guest UPN can be solved by encoding the UPN. In the end the sdk is building request URL. So if we encode the UPN then the encoded value will get to the request correctly and it works.
This solution is working for search operation so it should work for other as well.
Updated by Roman Kučera over 3 years ago
- % Done changed from 20 to 80
- Create
- Create with licence (operation will fail, but user is created. User is not created in cloud immediately so assigning fail. retry provisioning is solving this)
- Update
- Assign licence later
- Remove licence
- Delete User
- Identifier in IdM is UPN which need to be in format somemeail_domain.com#EXT#@bcvcz.onmicrosoft.com
- Attribute mail must be send, because value from this attributes is used to sending the invite
- Guest is created only with email and display name other attributes are not used. Can be updated later e.g firstname, lastname
- Creating invitation need to have filled URL to which user will be redirected after accepting - make it configurable in connector or in mapping?
- Sending mail with invitation is always on. Make it configurable in connector?
Updated by Roman Kučera over 3 years ago
Updated by Roman Kučera over 3 years ago
- % Done changed from 80 to 90
Implementation of "Thing to improve"
https://github.com/bcvsolutions/ms-graph-api-connector/commit/b119eb16104016a9b28e8bfd7310b7c0de4e4e12
Updated by Roman Kučera over 3 years ago
Connector will perform update right after create operation. The reason for it is that creating via invitation supports only displayName and email.
This way we are able to set additional attributes directly.
One limitation of this solution is. That in most cases it will probably fail.
But it will end in provisioning queue in IdM and when the operation is retried it will correctly perform update.
Other option would be to implement some queue or delay in connector, but I am not sure that, it would be better solution, because create operation would take more time.