
<div dir="ltr">You are spot on. At this point, I am just looking for one way traffic, so as long as I can pull the data from Azure AD into Midpoint that is good enough. CSV approach is doable albeit a clumsy solution and will require some effort exporting and importing the data. <div><br></div><div>- Thanks </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Sep 19, 2022 at 9:04 AM Black, Carey Matthew <<a href="mailto:blackcm@purdue.edu">blackcm@purdue.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-2389638415964184044">


<div lang="EN-US" style="overflow-wrap: break-word;">

<div class="m_-2389638415964184044WordSection1">

<p class="MsoNormal">All,<u></u><u></u></p>

<p class="MsoNormal"><br>

If the data can pulled with the graph API then could you not use that to make a file ( CSV?) to import into MidPoint? ( Maybe as an Azure Manager role set?)<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">Seems like once you push the data into MidPoint that can then drive the access certification process.<u></u><u></u></p>

<p class="MsoNormal"><br>

Though I am not sure how to get the “results” back to Azure. <u></u><u></u></p>

<p class="MsoNormal">That likely would need to be some output file from the certification campaign that and a different graph API script to “correct Azure”.<u></u><u></u></p>

<p class="MsoNormal"><br>

<br>

Can the results of a certification campaign be “exported” in some standard way? ( AKA: can the “Certification decisions report” be written to a file? CSV? )<br>

<br>

<u></u><u></u></p>

<p class="MsoNormal">However, I may be over simplifying things.<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0in 0in">

<p class="MsoNormal"><b>From:</b> midPoint <<a href="mailto:midpoint-bounces@lists.evolveum.com" target="_blank">midpoint-bounces@lists.evolveum.com</a>> <b>

On Behalf Of </b>Marvel Krafts via midPoint<br>

<b>Sent:</b> Monday, September 19, 2022 8:17 AM<br>

<b>To:</b> Matus Macik <<a href="mailto:matus.macik@evolveum.com" target="_blank">matus.macik@evolveum.com</a>><br>

<b>Cc:</b> Marvel Krafts <<a href="mailto:marvel.krafts@gmail.com" target="_blank">marvel.krafts@gmail.com</a>>; midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br>

<b>Subject:</b> Re: [midPoint] Manager from Azure AD<u></u><u></u></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<table border="0" cellspacing="3" cellpadding="0" width="100%" style="width:100%;background:rgb(255,240,160)">

<tbody>

<tr>

<td style="padding:3.75pt">

<p class="MsoNormal"><span style="font-size:10pt;font-family:Verdana,sans-serif;color:black">----

<b>External Email</b>: Use caution with attachments, links, or sharing data ----<u></u><u></u></span></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<div>

<p class="MsoNormal">Thank you for your response. Other than building a new feature what other options are there? Let's say I import all the Azure accounts as users into Midpoint, can I mark the users as manager with the relationship between members and their

 respective managers? <u></u><u></u></p>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">I am trying to understand how Midpoint can be leveraged for access certification with Azure AD being the source of users.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">- Thanks <u></u><u></u></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<div>

<p class="MsoNormal">On Mon, Sep 19, 2022, 2:24 AM Matus Macik <<a href="mailto:matus.macik@evolveum.com" target="_blank">matus.macik@evolveum.com</a>> wrote:<u></u><u></u></p>

</div>

<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">

<div>

<div>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">Hello,<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u> <u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">Currently this attribute is not supported in the connector schema. If you have your own fork with this implemented you can issue a pull request and after reviewing

 the feature we can merge the contribution. Or you can create an improvement Jira, these usually have higher priority when endorsed by a midPoint subscription. <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u> <u></u></span></p>

</div>

<div>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">--<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">Best Regards,<br>

<br>

Matus Macik | Developer and Identity Management Engineer<br>

<a href="mailto:matus.macik@evolveum.com" target="_blank">matus.macik@evolveum.com</a> |

<a href="https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.evolveum.com%2F&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lDDRTc5Nqq8mYiRZAEmQvZRHyqLP3xLTH5hrfvlwjF8%3D&reserved=0" target="_blank">

www.evolveum.com</a><br>

Evolveum<u></u><u></u></span></p>

</div>

</div>

<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">

<hr size="2" width="100%" align="center" id="m_-2389638415964184044m_-8194139432829573933m_5297305874332388337zwchr">

</span></div>

<div>

<p class="MsoNormal"><b><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">From:

</span></b><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br>

<b>To: </b>"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br>

<b>Cc: </b>"Marvel Krafts" <<a href="mailto:marvel.krafts@gmail.com" target="_blank">marvel.krafts@gmail.com</a>><br>

<b>Sent: </b>Sunday, September 18, 2022 3:09:47 AM<br>

<b>Subject: </b>[midPoint] Manager from Azure AD<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u> <u></u></span></p>

</div>

<div>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">Hello,<u></u><u></u></span></p>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">Maybe it's simple but does the Azure Graph connector support pulling the manager for an account? Azure User object does not have "manager" attribute by default but

 it can be pulled few ways when using the Graph API<u></u><u></u></span></p>

</div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u> <u></u></span></p>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">1. Using GET on </span><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%3F%24expand%3Dmanager&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=usKPcAXsiIPyw4Fs569HFfVfttd%2BBgCeC1eKQuJi1rc%3D&reserved=0" target="_blank">https://graph.microsoft.com/v1.0/users/johnsmith@example.com?$expand=manager</a></span><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">2. Using GET on </span><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)"><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%3F%24expand%3DdirectReports&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9wx9nmjlgEthqjuzIU1QQ4cITdmW8zhLzwiSCSXa%2Fpw%3D&reserved=0" target="_blank">https://graph.microsoft.com/v1.0/users/johnsmith@example.com?$expand=directReports</a></span><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)">3. Using GET on

<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%2Fjohnsmith%40example.com%2Fmanager&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WP%2FYmHDpvCVP4VnRiXurH3K19Sk2uDKDw3wynTI8IWI%3D&reserved=0" target="_blank">

https://graph.microsoft.com/v1.0/users/johnsmith@example.com/manager</a></span><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)"><br>

<br>

</span><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)">How can I fetch this?</span><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)"><br>

<br>

</span><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)">Thanks</span><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u><u></u></span></p>

</div>

</div>

<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><br>

_______________________________________________<br>

midPoint mailing list<br>

<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>

<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.evolveum.com%2Fmailman%2Flistinfo%2Fmidpoint&data=05%7C01%7Cblackcm%40purdue.edu%7Ce9713db38a4c478ca50a08da9a38dcac%7C4130bd397c53419cb1e58758d6d63f21%7C0%7C0%7C637991866268285516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EzxfV5jVLaJEftCH2J39uoA5d2cdBoBKfpdHnHPSeWk%3D&reserved=0" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><u></u><u></u></span></p>

</div>

</div>

</div>

</blockquote>

</div>

</div>

</div>

</div>


</div></blockquote></div>