Task #2889
closedRead AD groups and Azure roles
100%
Description
list all groups https://docs.microsoft.com/en-us/graph/api/group-list?view=graph-rest-1.0&tabs=java
detail of group https://docs.microsoft.com/en-us/graph/api/group-get?view=graph-rest-1.0&tabs=http
There should be owners and members which we need in IdM.
Azure roles https://docs.microsoft.com/en-us/graph/api/resources/directoryrole?view=graph-rest-1.0
In connector configuration there will be new option if you want to load Azure roles or not. You need higher permission so it makes no sense to turn it on by default
Updated by Roman Kučera over 3 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 20
owners and members, are not loaded into group object as I thought, so we need to load them extra.
Green line now should work.
Added new attributes to schema.
Updated by Roman Kučera over 3 years ago
There is a way to expand basic query to get members but it has some limitation, it only return limited number of record without link to next page, so its useless.
Sticking with workaround from previous post - loading all members and owners by extra query
Updated by Roman Kučera over 3 years ago
- % Done changed from 20 to 90
Implemented loading of AD groups and Azure roles.
If you want to load Azure roles you need to enable it in connector config. Default value is false.
- Load all AD groups
- Load all AD groups and Azure roles
- Get members and owners with AD groups
- Get members with Azure roles
All was tested via synchronization in IdM. Objects in IdM are correctly created.
Getting of one record is implemented to and it should work, but it can be test in IdM version 11.0.1 because of bug which was fixed #981
If you try to load one record on account tab or entities tab you object class ACCOUNT is used every time instead of GROUP.
Updated by Roman Kučera over 3 years ago
Updated by Roman Kučera over 3 years ago
When you try to load Azure roles only the roles which are already assigned to someone are returned.