I am wondering if there is a way to add already existing users in an AAD tenant to a different tenant programmatically? I can only see the powershell cmdlet for adding(creating) a new user in the same tenant. Basically this is the workflow that i want to automate:
On the Azure portal. i go to the tenant and then click on Add user
When i click on Add User it asks me to provide Type of User where i choose User in another Microsoft Azure AD directory.
Is there a way to programatically do this using some code in powershell or C# or some other microsoft stack?
Basically i want to achieve automation for steps mentioned in this link: https://azure.microsoft.com/en-us/documentation/articles/active-directory-create-users-external/
No, this is not directly supported. One way to add "O365 Management APIs" application and then use office.com admin portal to import users from a csv file. But this only works if the users on the same tenant.
Related
I need to programmatically create an app in Azure AD and programmatically assign it permissions for Graph APIs. Somehow I am unable to find any good info on this. Please let me know if there is any good example of this.
I am able to create a basic app but not sure how to assign permissions to it.
I have a few basic queries:
Can we create an app and assign permissions at the same time? Or we need to first create app and then assign permissions?
How can I get a repository of all the possible permissions? Is there any way I can get a readable form of permissions and also its GUID representation?
Any C# example of this would be much appreciated.
PFB answer to your queries :
Can we create an app and assign permissions at the same time? Or we need to first create app and then assign permissions?
--> Yes you can create an app and assign permissions are the same time.
How can I get a repository of all the possible permissions? Is there any way I can get a readable form of permissions and also its GUID representation?
--> Here is the link for all the possible permissions :https://learn.microsoft.com/en-us/graph/permissions-reference
You can use Microsoft Graph explorer to execute queries and get the GUID representation.
Here is the link : https://developer.microsoft.com/en-us/graph/graph-explorer
You must first register an application in the Azure portal (or you must have an application first), and then grant the application permission or delegate permission to call MS graph api to create other applications, here is a detailed explanation Description.
Next, you can create other applications based on this application using C# code + MS graph api, and grant permissions to other applications (this is a separate operation, of course, you can also create an application and assign permissions at the same time).
At first you have to register your application in the Azure Active Directory.
Go to Azure Portal and navigate to the Azure AD -> App Registrations and create a new App.
In the Apps administration view, go to API-Permissions and click on "Add a permission". Now you can see all the available permissions you can grant to you application.
For some permissions (indicated by an orange warning sign) you have to grant admin consent afterwards.
After you have done those steps and you configured the redirect URLs (also in the Azure portal), you can access the data you have permissions from your application.
Note: You will also have to implement an authorization flow to make use of Microsoft Graph. You can find additional information here Microsoft Graph Authentication
I have an azure web application which is accessible by all the users of our organization.
In a .Net what are the possible ways to restrict access to certain set of users of a web application. MFA is already there, but still I need to restrict it to a specific group of users.
Please let me know how can I proceed further on this using Graph API in C#.
Based on the tags it sounds like you are using Azure AD authentication.
In that case you can go to Azure Active Directory -> Enterprise applications.
Find your application in the list and open it.
Then you can go to Properties tab and set User assignment required? to Yes.
Then open the Users and groups tab and assign the users you want to be able to access the app.
I ‘m working with Active Directory B2C and Storage account in azure.
Is there a way to grant for each connected user, an ownership of a dedicated container only, in order to perform action such as read, write, delete and list files?
I need some help to achieve this requirement using a c# sdk preferably.
Thank you in advanced
You need to add the user in your B2C AAD to your current ADD as the guest.
For example, the email of my B2C user is bowman#testbowmanb2c.onmicrosoft.com.
I add it to the current ADD:
Then please go to the storage account in your current AAD. Choose this:
And for the operation of data, the user need this role:
Please notice that, even we can use powershell to add RBAC roles, we still need to use portal to add guest user.
I am trying to have users create an account on my site, then have someone on my team add the appropriate claims for that user after they have created an account. How can I do this? I tried doing it via an SQL command here, but never got it working. Is there a built in way to add a claim to another user account?
I want to copy the permissions of a user and to another user. I know i can do it by creating a group with required permissions and adding the users will do it. But i dont want to create a group. Is there a way to copy the permissions of a user to another user directly?
NLV
You need to write code that will;
Check if the current site inherits permissions or sets its own
From the site that sets permissions (self or ancestor, depending on 1) go over the RoleAssignments collections
For each role assignment check if your source user is specified
If so, create a role assignment for the target user
This code must run under administrative privileges (RunWithElevatedPrivilegese will suffice if written as web part)
There is no way to copy permissions between users through SharePoint itself, you will have to write a script to do it for you.
There is no OOTB way to clone SharePoint user permissions. You should either use 3rd party tools such as ShareGate, Axceler ControlPont, Boost Solutions's Permission manager or Use this PowerShell script way: Copy Permissions from One User to Another in SharePoint using PowerShell
Copy Permissions from One User to Another in SharePoint using PowerShell