[midPoint] Manager from Azure AD

Mon Sep 19 15:04:08 CEST 2022

All,

If the data can pulled with the graph API then could you not use that to make a file ( CSV?) to import into MidPoint? ( Maybe as an Azure Manager role set?)

Seems like once you push the data into MidPoint that can then drive the access certification process.

Though I am not sure how to get the "results" back to Azure.
That likely would need to be some output file from the certification campaign that and a different graph API script to "correct Azure".

Can the results of a certification campaign be "exported" in some standard way? ( AKA: can the "Certification decisions report" be written to a file? CSV? )

However, I may be over simplifying things.

From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Marvel Krafts via midPoint
Sent: Monday, September 19, 2022 8:17 AM
To: Matus Macik <matus.macik at evolveum.com>
Cc: Marvel Krafts <marvel.krafts at gmail.com>; midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Manager from Azure AD

---- External Email: Use caution with attachments, links, or sharing data ----

Thank you for your response. Other than building a new feature what other options are there? Let's say I import all the Azure accounts as users into Midpoint, can I mark the users as manager with the relationship between members and their respective managers?

I am trying to understand how Midpoint can be leveraged for access certification with Azure AD being the source of users.

- Thanks

On Mon, Sep 19, 2022, 2:24 AM Matus Macik <matus.macik at evolveum.com<mailto:matus.macik at evolveum.com>> wrote:
Hello,

Currently this attribute is not supported in the connector schema. If you have your own fork with this implemented you can issue a pull request and after reviewing the feature we can merge the contribution. Or you can create an improvement Jira, these usually have higher priority when endorsed by a midPoint subscription.

--
Best Regards,

Matus Macik | Developer and Identity Management Engineer
matus.macik at evolveum.com<mailto:matus.macik at evolveum.com> | www.evolveum.com<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.evolveum.com%2F&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lDDRTc5Nqq8mYiRZAEmQvZRHyqLP3xLTH5hrfvlwjF8%3D&reserved=0>
Evolveum
________________________________
From: "midPoint General Discussion" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
To: "midPoint General Discussion" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Cc: "Marvel Krafts" <marvel.krafts at gmail.com<mailto:marvel.krafts at gmail.com>>
Sent: Sunday, September 18, 2022 3:09:47 AM
Subject: [midPoint] Manager from Azure AD

Hello,
Maybe it's simple but does the Azure Graph connector support pulling the manager for an account? Azure User object does not have "manager" attribute by default but it can be pulled few ways when using the Graph API

1. Using GET on https://graph.microsoft.com/v1.0/users/johnsmith@example.com?$expand=manager<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%3F%24expand%3Dmanager&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=usKPcAXsiIPyw4Fs569HFfVfttd%2BBgCeC1eKQuJi1rc%3D&reserved=0>
2. Using GET on https://graph.microsoft.com/v1.0/users/johnsmith@example.com?$expand=directReports<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%3F%24expand%3DdirectReports&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9wx9nmjlgEthqjuzIU1QQ4cITdmW8zhLzwiSCSXa%2Fpw%3D&reserved=0>
3. Using GET on https://graph.microsoft.com/v1.0/users/johnsmith@example.com/manager<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%2Fmanager&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WP%2FYmHDpvCVP4VnRiXurH3K19Sk2uDKDw3wynTI8IWI%3D&reserved=0>

How can I fetch this?

Thanks

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.evolveum.com%2Fmailman%2Flistinfo%2Fmidpoint&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EzxfV5jVLaJEftCH2J39uoA5d2cdBoBKfpdHnHPSeWk%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220919/19d5cf90/attachment-0001.htm>