Azure Active Directory:通过Graph API从库向用户分配应用程序

本文介绍了Azure Active Directory:通过Graph API从库向用户分配应用程序的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我需要自动执行从图库(即Trello)添加应用程序，对其进行配置(即密码单点登录)并为其分配用户的过程.

I'd need to automate the process of adding an application from the gallery (i.e. Trello), configuring it (i.e. password single sign on) and assign users to it.

这可以通过Graph API完成吗?

Can this be done via Graph API?

推荐答案

是.您可以通过在与Trello应用程序相对应的目录中创建servicePrincipal来自动将Trello添加到Azure AD目录.默认的SSO设置是密码SSO.您还可以使用图形API分配用户(和组).但是，分配的用户将需要配置他们将与应用程序一起手动使用的密码.

Yes.You can automate adding Trello to an Azure AD directory by creating a servicePrincipal in the directory corresponding to the Trello application. The default SSO setting is password SSO. You can also assign users (and groups) using graph API. However the assigned users will need to configure the password that they will use with the application manually.

将Trello添加到目录(创建servicePrincipal):

Add Trello to the directory (create a servicePrincipal):

appId是Trello应用程序的应用程序ID.所有租户的值均为a4937c28-17cc-469b-b082-1d6124a402f3.

HTTP POST https://graph.windows.net/7fe877e6-a150-4992-bbfef517e304dfa0/servicePrincipals?api-version=1.5Authorization : Bearer eyJ0eXO--snip--zvgContent-Type : application/jsonContent-Length : 58{ "appId": "a4937c28-17cc-469b-b082-1d6124a402f3"}Query successfully executed.

odata.metadata : https://graph.windows.net/7fe877e6-a150-4992-bbfe-f517e304dfa0/$metadata#directoryObjects/Microsoft.DirectorySer vices.ServicePrincipal/@Elementodata.type : Microsoft.DirectoryServices.ServicePrincipalobjectType : ServicePrincipalobjectId : 93c60e8e-74f9-4add-9ae2-dd9bc0d6edcddeletionTimestamp :accountEnabled : TrueappDisplayName : TrelloappId : a4937c28-17cc-469b-b082-1d6124a402f3appOwnerTenantId : 47df5bb7-e6bc-4256-afb0-dd8c8e3c1ce8appRoleAssignmentRequired : FalseappRoles : {@{allowedMemberTypes=System.Object[]; description=msiam_access; displayName=msiam_access; id=fc60bc23-43df-4a60-baaa-f0b8694e0259; isEnabled=True; value=}}displayName : TrelloerrorUrl :homepage : https://127.0.0.1:444/applications/default.aspx?metadata=trello|ISV9.3|primary|zkeyCredentials : {}logoutUrl :oauth2Permissions : {}passwordCredentials : {}preferredTokenSigningKeyThumbprint :publisherName : Active Directory Application RegistryreplyUrls : {https://127.0.0.1:444/applications/default.aspx}samlMetadataUrl :servicePrincipalNames : {a4937c28-17cc-469b-b082-1d6124a402f3, http://adapplicationregistry.onmicrosoft.com/trello/primary}tags : {}

将主体(用户或组)分配给Trello:

Assign principal (user or group) to Trello:

resourceId是在上一个命令中的租户中创建的Trello servicePrincipal的objectId.
id是Trello应用程序的默认角色ID.所有租户的值均为fc60bc23-43df-4a60-baaa-f0b8694e0259.
principalId是分配给应用程序的主体(用户或组)的objectId.

HTTP POST https://graph.windows.net/7fe877e6-a150-4992-bbfe-f517e304dfa0/users/de4b092e-1dd4-4d40-b74d-a2d7096c9495/appRoleAssignments?api-version=1.5Authorization : Bearer eyJ0eXAiOi--snip--JKVBfk_QContent-Type : application/jsonContent-Length : 176{ "id": "fc60bc23-43df-4a60-baaa-f0b8694e0259", "principalId": "de4b092e-1dd4-4d40-b74d-a2d7096c9495", "resourceId": "93c60e8e-74f9-4add-9ae2-dd9bc0d6edcd"}Query successfully executed.odata.metadata : https://graph.windows.net/7fe877e6-a150-4992-bbfe-f517e304dfa0/$metadata#directoryObjects/Microsoft.DirectoryServices.AppRoleA ssignment/@Elementodata.type : Microsoft.DirectoryServices.AppRoleAssignmentobjectType : AppRoleAssignmentobjectId : LglL3tQdQE23TaLXCWyUlVPgf9W8rhZBi1YqpnYOyMgdeletionTimestamp :creationTimestamp : 2015-01-29T05:52:12.4851494Zid : fc60bc23-43df-4a60-baaa-f0b8694e0259principalDisplayName :principalId : de4b092e-1dd4-4d40-b74d-a2d7096c9495principalType : UserresourceDisplayName : TrelloresourceId : 93c60e8e-74f9-4add-9ae2-dd9bc0d6edcd

分配的用户将在其访问面板(myapp.microsoft.com)中看到该应用程序.他们将需要手动更新凭据.

The assigned user will see the app in their access panel (myapp.microsoft.com). They will need to update the credentials manually.

这篇关于Azure Active Directory:通过Graph API从库向用户分配应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！