Microsoft Graph API Connector

Last modified 06 May 2021 14:35 +02:00

Identity connector for Microsoft Azure services (Office365, Azure AD) based on Graph API.

Functionalityexprimental
Development statuscommunity (maintained by community effort)
Support statussupportable
OriginEvolveum
Support provided byEvolveum
Target systemsOffice365, Azure Active Directory
ProtocolMicrosoft Graph API
Source codehttps://github.com/Evolveum/connector-microsoft-graph-api

Capabilities and Features

Schema

YES

Provisioning

YES

Live Synchronization

YES

Password

YES

Activation

YES

Script execution

No

Versions

TODO

Version Origin Binary Sources Build Date Description

Documentation

Introduction

TODO

Limitations

Currently only users are supported, group management has not been implemented at present due to the Azure Active Directory Graph API not supporting the creation of mail enabled groups currently.

Supported attributes

The connector supports all attributes supported by AD connector, along with the following Exchange ones. Descriptions are taken from Microsoft’s site.

Attribute Description Office365 counterpart Notes

city

city

country

county

department

department

displayName

displayName

facsimileTelephoneNumber

facsimileTelephoneNumber

givenName

givenName

jobTitle

jobTitle

licenses

Licenses are in the format: + [source] ---- SKU:PLAN:PLAN ---- + if you wish to assign only certain plans to a user, if you wish to assign all plans within a SKU to a user simply specify + [source] ---- SKU ---- + SKUs are the subscriptions such as "Microsoft Office 365 Plan A3 for Students" and plans are the individual components "Exchange Online (Plan 2)"The SKU and plan need to be specified in the short format which can be found using the Graph Explorer (http://graphexplorer.cloudapp.net/) the SKU is the skuPartNumber (e.g. ENTERPRISEPACK_STUDENT) and the PLAN is the servicePlanName (e.g. EXCHANGE_S_ENTERPRISE)

mail

mail

mailNickname

mailNickname

mobile

mobile

otherMails

otherMails

forceChangePasswordNextLogin

Boolean to force change of password at next login

forceChangePasswordNextLogin

Only used in managed domains

physicalDeliveryOfficeName

physicalDeliveryOfficeName

postalCode

postalCode

preferredLanguage

preferredLanguage

proxyAddresses

proxyAddresses

state

state

streetAddress

streetAddress

surname

surname

telephoneNumber

telephoneNumber

thumbnailPhoto

thumbnailPhoto

immutableId

immutableId

Mandatory for federated domains + This string is base64 encoded and must match that which is passed as the immutable ID within the federation solution. + Depending on the source of the attribute and the federation solution being used the way the attribute is base 64 encoded varies and within this connector can be configured using the immutableIDEncodeMechanism configuration variable. + Microsoft manipulate the order of the bits a GUID when base 64 encoding hence the various encoding mechanisms. + TODO expand

usageLocation

Mandatory if licenses are to be assigned

NAME

This should match the userPrincipalName within a federated environment

Resource Sample