Skip to content

Concepts: Graph Integration

Jump to bottom
Pratik Bhattacharya edited this page Dec 16, 2021 · 1 revision

Graph Integration

You can integrate with MS Graph to create filters based on Groups (Microsoft 365 or Security Groups). You can turn 'on' or 'off' a feature flag/toggle, based on if a user is present or absent in a Group.

Groups can integrated only for filters of type UserUPN. UserUPN refers to the [User Principal Name](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/howto-troubleshoot-upn-changes of an user in MS Active Directory. The filter works by checking if the UserUPN in the Flight Context is a member of the Group ID configured in the Feature Toggle.

Feature Flag

Operators

You can configure 2 operators - MemberOfSecurityGroup and 'NotMemberOfSecurityGroup` in the filter, based on which the check will be performed.

Value

While setting up the flag you can configure one or more Groups. The Group name and the Group ID needs to be configured in the value. The value should be JSON string serialized of the below format

[
   {"Name":"HERO_GROUP","ObjectId":"HERO_GROUP_OBJECT_ID_GUID"}m
   {"Name":"SUPER_HERO_GROUP","ObjectId":"SUPER_HERO_GROUP_OBJECT_ID_GUID"}
]

In the above example we are setting up 2 Groups (HERP_GROUP and SUPER_HERO_GROUP). If the UPN from the Flight Context belongs to either of the Group, then the flag will be evaluated to true (assuming we have used MemberOfSecurityGroup operator).

Transitive Members

The operator will work even if the user is a transitive member of the Group. Transitive members are those users who are not direct members of the group, but belongs to another group which is part of the parent group.

Caching

To speed up operations Graph API calls do not happen every time the feature flag is evaluated. When a feature flag containing Group condition is evaluated for the first time, the members of the configured Groups are cached in the Service. Subsequent evaluations utilize the cached value. Tenants will have the option to either configure an external Redis cache or ASP.NET Core's in-memory cache to store the data. The caching period can also be configured at a Tenant level, be default we recommend 4 hours of caching.

See Scenario 7 for more an example

Clone this wiki locally