Skip to content

ExclamationLabs/connector-microsoft-graph

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
configuration.structure.yml
configuration.structure.yml
 
 
gradle.lockfile
gradle.lockfile
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 

Repository files navigation

Microsoft Graph Connector

Open source Identity Management connector for Microsoft Graph

Leverages the Connector Base Framework

Developed and tested in Midpoint, but also could be utilized in any ConnId framework.

Introductory Notes

  • This software is Copyright 2020 Exclamation Labs. Licensed under the Apache License, Version 2.0.

  • Limitations:

    • Connector does not support creating, updating, or deleting licenses due to API/Microsoft restrictions.
    • Licenses can be assigned and removed from a User; Groups can be assigned and removed from a User; BUT at this time, Licenses CANNOT be assigned and removed from a Group. This is a special condition as governed by Graph called Group-Based Licensing (https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-groups-resolve-problems) It might be possible to add this support in the future with the properly configured Azure Tenant test environment ... but if outside of this connector Groups are created that do have license(s) assigned, you will be able to see which license id's were assigned in a read-only manner.

  • API/SDK only supports pagination via token(cookie). Midpoint is unidirectional with pagination values and doesn't consume the paged result cookie and feed it into subsequent requests.

  • API may not be able update/delete users and groups that originated outside of the connector.
    This could require adding permissions in Azure or MS Graph to give the client credentials used applicable to this connector more privileges.

  • Graph also has concepts of nested Groups/transitive members, and a user being an Owner of a group as opposed to a member. As of this time, this isn't supported - but could be potentially added in the future.

  • For whatever reason, the API allows groups with the same name to be created. Beware as this could introduce confusion in IAM.

Further Info

Getting started

This is an IAM connector for Microsoft Graph API, used to connect to Microsoft Cloud Services.

This connector leverages the Microsoft Graph SDK available at Microsoft Graph SDK

NOTE: This connector is a full replacement for Evolveum's Microsoft Azure (Graph API) Connector. This connector will no longer work, because MS Azure AD Graph API has reached end-of-life, currently deprecated and is to be retired June 30. 2023.

Configuration properties

  • See src/test/resources/__bcon__development__exclamation_labs__microsoft_graph.properties for an example

  • security.authenticator.oauth2ClientCredentials.tokenUrl - Set this to unused or any other string. The SDK is aware of its own token url location

  • security.authenticator.oauth2ClientCredentials.scope - Normally set to https://graph.microsoft.com/.default

  • security.authenticator.oauth2ClientCredentials.clientId - Set to the Application ID of your application belonging to your Azure AD tenant.

  • security.authenticator.oauth2ClientCredentials.clientSecret - Set to Client Secret value generated for your application belonging to your Azure AD tenant.

  • custom.tenantId - Set to the Tenant Id of your Microsoft Azure AD Tenant

  • results.pagination - Should be false since pagination as not supported as discussed above.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages