我正在尝试使用Microsoft Graph API获取Azure AD中特定企业应用程序的用户详细信息.
I'm attempting to get user details for a particular enterprise application in Azure AD, using the Microsoft Graph API.
我能够使用以下方法成功检索应用程序的用户:
I'm able to successfully retrieve users of the application using:
graph.microsoft/v1.0/servicePrincipals/{objectId}/appRoleAssignedTo但是,用户详细信息被遗漏了;例如联系方式,电子邮件.对于分配给用户的每个角色,它也具有重复的条目.
However, the users details are left out; such as, contact details, email. It also has a duplicate entry for each role assigned to a user.
如果我查询,我就能获得这些用户的详细信息
I'm able to get these user details if I query:
graph.microsoft/v1.0/users但是,这会检索组织中的所有用户,但是我无法成功过滤给定应用程序的查询中的列表.
However, this retrieves all users in the organization, and I've not been successful with filtering the list in the query for a given application.
使用$ expand运算符似乎也未实现.
Using the $expand operator does not seem implemented either.
看起来,这将是应用程序的常见用例;我的用户是谁,他们的角色和详细信息是什么?使用Graph API的最佳方法是什么?
Seems like this would be a common use case for an application; Who are my users and what are their roles and details? How would one best approach this with the Graph API?
推荐答案单独
您可以获取 appRoles .
graph.microsoft/v1.0/serviceprincipals/07fce81e-8069-4ccb-9775-63f96d1f4e53并检查appRoles属性.
and check the appRoles property.
您可以使用以下查询获取用户详细信息.
And you can get the user details using the below query.
graph.microsoft/v1.0/users/4ef105cc-508b-41c4-a5d2-7d41f2244c4c然后您可以使用以下查询获取组的详细信息.
And you can get the group details using the below query.
graph.microsoft/v1.0/groups/0023c709-3556-4296-a6ab-6df2a0a1113c在您的情况下,您需要拨打与您指定的电话相同的电话
In your case you need to call the same call that you specified
graph.microsoft/v1.0/servicePrincipals/07fce81e-8069-4ccb-9775-63f96d1f4e53/appRoleAssignedTo这将返回所有分配给应用程序角色的用户和组,您可以从这些应用角色分配对象,如下所示,该对象不过是分配了该角色的用户的用户ID,在组中是提供组详细信息的组的组ID.
This will return all the users and groups assigned app roles and you can pull the principal id from these app role assignment objects as shown below which are nothing but the userid of the user that the role was assigned to and in the groups case its the group id of the group which gives the group details.
您可以按主体类型区分用户和组,并根据其可以调用上述http调用(用户或组)并获取这些详细信息.
You can differentiate user and group by principaltype and according to that you can call the above http calls(User or group) and get those details.
重复的代码需要在我们这一端进行编码,以免发生.
The duplicate ones need to be coded on our end to avoid it.
我的示例JSON数据:-
My Example JSON Data:-
For getting users and groups assigned app roles GET graph.microsoft/v1.0/servicePrincipals/07fce81e-8069-4ccb-9775-63f96d1f4e53/appRoleAssignedTo { "@odata.context": "graph.microsoft/v1.0/$metadata#servicePrincipals('07fce81e-8069-4ccb-9775-63f96d1f4e53')/appRoleAssignedTo", "value": [ { "id": "zAXxTotQxEGl0n1B8iRMTPwz3O48iw9Oq3aFtqfYVjA", "deletedDateTime": null, "appRoleId": "00000000-0000-0000-0000-000000000000", "createdDateTime": "2020-06-01T19:21:01.4268687Z", "principalDisplayName": "Nishant Singh", "principalId": "4ef105cc-508b-41c4-a5d2-7d41f2244c4c", "principalType": "User", "resourceDisplayName": "testspaquestion", "resourceId": "07fce81e-8069-4ccb-9775-63f96d1f4e53" }, { "id": "Y3tbwNOvDkqKK9yLxJ5wp2-uBAbApk9LoMs6AN_7iSs", "deletedDateTime": null, "appRoleId": "00000000-0000-0000-0000-000000000000", "createdDateTime": "2020-06-01T18:47:47.2702435Z", "principalDisplayName": "Sruthi J", "principalId": "c05b7b63-afd3-4a0e-8a2b-dc8bc49e70a7", "principalType": "User", "resourceDisplayName": "testspaquestion", "resourceId": "07fce81e-8069-4ccb-9775-63f96d1f4e53" }, { "id": "CccjAFY1lkKmq23yoKERPBqNLldhOdBAm0lJzewK0Nk", "deletedDateTime": null, "appRoleId": "00000000-0000-0000-0000-000000000000", "createdDateTime": "2020-07-23T17:34:53.9538274Z", "principalDisplayName": "Bgroup", "principalId": "0023c709-3556-4296-a6ab-6df2a0a1113c", "principalType": "Group", "resourceDisplayName": "testspaquestion", "resourceId": "07fce81e-8069-4ccb-9775-63f96d1f4e53" } ] }查询完上述内容后,提取每个记录的主体ID,并根据主体类型相应地调用用户端点或组端点.
After querying the above, pull the principalid of each record and accordingly call user endpoint or group endpoint according to principaltype.
Get graph.microsoft/v1.0/users/4ef105cc-508b-41c4-a5d2-7d41f2244c4c //principalId如果您有任何疑问,请告诉我.
Let me know if you have any queries.
更多推荐
使用Microsoft Graph API检索Azure AD应用程序的用户详细信息和角色
发布评论