[midPoint] Manager from Azure AD

Mon Sep 19 15:28:17 CEST 2022

You are spot on. At this point, I am just looking for one way traffic, so
as long as I can pull the data from Azure AD into Midpoint that is good
enough. CSV approach is doable albeit a clumsy solution and will require
some effort exporting and importing the data.

- Thanks

On Mon, Sep 19, 2022 at 9:04 AM Black, Carey Matthew <blackcm at purdue.edu>
wrote:

> All,
>
>
> If the data can pulled with the graph API then could you not use that to
> make a file ( CSV?) to import into MidPoint? ( Maybe as an Azure Manager
> role set?)
>
>
>
> Seems like once you push the data into MidPoint that can then drive the
> access certification process.
>
>
> Though I am not sure how to get the “results” back to Azure.
>
> That likely would need to be some output file from the certification
> campaign that and a different graph API script to “correct Azure”.
>
>
>
> Can the results of a certification campaign be “exported” in some standard
> way? ( AKA: can the “Certification decisions report” be written to a file?
> CSV? )
>
> However, I may be over simplifying things.
>
>
>
> *From:* midPoint <midpoint-bounces at lists.evolveum.com> * On Behalf Of *Marvel
> Krafts via midPoint
> *Sent:* Monday, September 19, 2022 8:17 AM
> *To:* Matus Macik <matus.macik at evolveum.com>
> *Cc:* Marvel Krafts <marvel.krafts at gmail.com>; midPoint General
> Discussion <midpoint at lists.evolveum.com>
> *Subject:* Re: [midPoint] Manager from Azure AD
>
>
>
> ---- *External Email*: Use caution with attachments, links, or sharing
> data ----
>
>
>
> Thank you for your response. Other than building a new feature what other
> options are there? Let's say I import all the Azure accounts as users into
> Midpoint, can I mark the users as manager with the relationship between
> members and their respective managers?
>
>
>
> I am trying to understand how Midpoint can be leveraged for access
> certification with Azure AD being the source of users.
>
>
>
> - Thanks
>
>
>
> On Mon, Sep 19, 2022, 2:24 AM Matus Macik <matus.macik at evolveum.com>
> wrote:
>
> Hello,
>
>
>
> Currently this attribute is not supported in the connector schema. If you
> have your own fork with this implemented you can issue a pull request and
> after reviewing the feature we can merge the contribution. Or you can
> create an improvement Jira, these usually have higher priority when
> endorsed by a midPoint subscription.
>
>
>
> --
>
> Best Regards,
>
> Matus Macik | Developer and Identity Management Engineer
> matus.macik at evolveum.com | www.evolveum.com
> <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.evolveum.com%2F&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lDDRTc5Nqq8mYiRZAEmQvZRHyqLP3xLTH5hrfvlwjF8%3D&reserved=0>
> Evolveum
> ------------------------------
>
> *From: *"midPoint General Discussion" <midpoint at lists.evolveum.com>
> *To: *"midPoint General Discussion" <midpoint at lists.evolveum.com>
> *Cc: *"Marvel Krafts" <marvel.krafts at gmail.com>
> *Sent: *Sunday, September 18, 2022 3:09:47 AM
> *Subject: *[midPoint] Manager from Azure AD
>
>
>
> Hello,
>
> Maybe it's simple but does the Azure Graph connector support pulling the
> manager for an account? Azure User object does not have "manager" attribute
> by default but it can be pulled few ways when using the Graph API
>
>
>
> 1. Using GET on
> https://graph.microsoft.com/v1.0/users/johnsmith@example.com?$expand=manager
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%3F%24expand%3Dmanager&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=usKPcAXsiIPyw4Fs569HFfVfttd%2BBgCeC1eKQuJi1rc%3D&reserved=0>
>
> 2. Using GET on
> https://graph.microsoft.com/v1.0/users/johnsmith@example.com?$expand=directReports
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%3F%24expand%3DdirectReports&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9wx9nmjlgEthqjuzIU1QQ4cITdmW8zhLzwiSCSXa%2Fpw%3D&reserved=0>
>
> 3. Using GET on
> https://graph.microsoft.com/v1.0/users/johnsmith@example.com/manager
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%2Fmanager&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WP%2FYmHDpvCVP4VnRiXurH3K19Sk2uDKDw3wynTI8IWI%3D&reserved=0>
>
>
>
> How can I fetch this?
>
>
>
> Thanks
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.evolveum.com%2Fmailman%2Flistinfo%2Fmidpoint&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EzxfV5jVLaJEftCH2J39uoA5d2cdBoBKfpdHnHPSeWk%3D&reserved=0>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220919/703d2fba/attachment.htm>