
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:Helvetica;

        panose-1:2 11 6 4 2 2 2 2 2 4;}

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Verdana;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

span.EmailStyle18

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal">All,<o:p></o:p></p>

<p class="MsoNormal"><br>

If the data can pulled with the graph API then could you not use that to make a file ( CSV?) to import into MidPoint? ( Maybe as an Azure Manager role set?)<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">Seems like once you push the data into MidPoint that can then drive the access certification process.<o:p></o:p></p>

<p class="MsoNormal"><br>

Though I am not sure how to get the “results” back to Azure. <o:p></o:p></p>

<p class="MsoNormal">That likely would need to be some output file from the certification campaign that and a different graph API script to “correct Azure”.<o:p></o:p></p>

<p class="MsoNormal"><br>

<br>

Can the results of a certification campaign be “exported” in some standard way? ( AKA: can the “Certification decisions report” be written to a file? CSV? )<br>

<br>

<o:p></o:p></p>

<p class="MsoNormal">However, I may be over simplifying things.<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b>From:</b> midPoint <midpoint-bounces@lists.evolveum.com> <b>

On Behalf Of </b>Marvel Krafts via midPoint<br>

<b>Sent:</b> Monday, September 19, 2022 8:17 AM<br>

<b>To:</b> Matus Macik <matus.macik@evolveum.com><br>

<b>Cc:</b> Marvel Krafts <marvel.krafts@gmail.com>; midPoint General Discussion <midpoint@lists.evolveum.com><br>

<b>Subject:</b> Re: [midPoint] Manager from Azure AD<o:p></o:p></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" width="100%" style="width:100.0%;background:#FFF0A0">

<tbody>

<tr>

<td style="padding:3.75pt 3.75pt 3.75pt 3.75pt">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">----

<b>External Email</b>: Use caution with attachments, links, or sharing data ----<o:p></o:p></span></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div>

<p class="MsoNormal">Thank you for your response. Other than building a new feature what other options are there? Let's say I import all the Azure accounts as users into Midpoint, can I mark the users as manager with the relationship between members and their

 respective managers? <o:p></o:p></p>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

<div>

<p class="MsoNormal">I am trying to understand how Midpoint can be leveraged for access certification with Azure AD being the source of users.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

<div>

<p class="MsoNormal">- Thanks <o:p></o:p></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div>

<p class="MsoNormal">On Mon, Sep 19, 2022, 2:24 AM Matus Macik <<a href="mailto:matus.macik@evolveum.com" target="_blank">matus.macik@evolveum.com</a>> wrote:<o:p></o:p></p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">

<div>

<div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Hello,<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Currently this attribute is not supported in the connector schema. If you have your own fork with this implemented you can issue a pull request and after reviewing

 the feature we can merge the contribution. Or you can create an improvement Jira, these usually have higher priority when endorsed by a midPoint subscription. <o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">--<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Best Regards,<br>

<br>

Matus Macik | Developer and Identity Management Engineer<br>

<a href="mailto:matus.macik@evolveum.com" target="_blank">matus.macik@evolveum.com</a> |

<a href="https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.evolveum.com%2F&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lDDRTc5Nqq8mYiRZAEmQvZRHyqLP3xLTH5hrfvlwjF8%3D&reserved=0" target="_blank">

www.evolveum.com</a><br>

Evolveum<o:p></o:p></span></p>

</div>

</div>

<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">

<hr size="2" width="100%" align="center" id="m_-8194139432829573933m_5297305874332388337zwchr">

</span></div>

<div>

<p class="MsoNormal"><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">From:

</span></b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br>

<b>To: </b>"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br>

<b>Cc: </b>"Marvel Krafts" <<a href="mailto:marvel.krafts@gmail.com" target="_blank">marvel.krafts@gmail.com</a>><br>

<b>Sent: </b>Sunday, September 18, 2022 3:09:47 AM<br>

<b>Subject: </b>[midPoint] Manager from Azure AD<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Hello,<o:p></o:p></span></p>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Maybe it's simple but does the Azure Graph connector support pulling the manager for an account? Azure User object does not have "manager" attribute by default but

 it can be pulled few ways when using the Graph API<o:p></o:p></span></p>

</div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">1. Using GET on </span><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#212121"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%3F%24expand%3Dmanager&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=usKPcAXsiIPyw4Fs569HFfVfttd%2BBgCeC1eKQuJi1rc%3D&reserved=0" target="_blank">https://graph.microsoft.com/v1.0/users/johnsmith@example.com?$expand=manager</a></span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">2. Using GET on </span><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#212121"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%3F%24expand%3DdirectReports&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9wx9nmjlgEthqjuzIU1QQ4cITdmW8zhLzwiSCSXa%2Fpw%3D&reserved=0" target="_blank">https://graph.microsoft.com/v1.0/users/johnsmith@example.com?$expand=directReports</a></span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#212121">3. Using GET on

<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%2Fmanager&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WP%2FYmHDpvCVP4VnRiXurH3K19Sk2uDKDw3wynTI8IWI%3D&reserved=0" target="_blank">

https://graph.microsoft.com/v1.0/users/johnsmith@example.com/manager</a></span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#212121"><br>

<br>

</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#212121">How can I fetch this?</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#212121"><br>

<br>

</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#212121">Thanks</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><br>

_______________________________________________<br>

midPoint mailing list<br>

<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>

<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.evolveum.com%2Fmailman%2Flistinfo%2Fmidpoint&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EzxfV5jVLaJEftCH2J39uoA5d2cdBoBKfpdHnHPSeWk%3D&reserved=0" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></span></p>

</div>

</div>

</div>

</blockquote>

</div>

</div>

</div>

</body>

</html>