using AAD graph API to create federated user (or provision one, more formally)


Sample code for openid connect protocol and the graph API can be found, today, at https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet.

image

Having configured this webapplication per the instructions, for our rapmlsqa.com tenant, on one screen we see the UI by using which one creates a user in the directory.

image

http://reso-odatapoc.azurewebsites.net/Users/Create

Using the creation tool lets us see what passes on the wire:

image

we are unable, however, to find which parameters one must pass using this API when we want creation of a “federated” user. So far, we have created only “managed” users – who do not have federated status, by definition.

Spying on powershell commandlets gives us a glimpse however, of the semantic rules concerning federated user creation. Though the service uses a different and non-RESTful protocol, we can see the type of information to be passed during “provisioning

image

        image

OK. so it turns out to be simple:

image

add the immutableID to the binding list, and amend the form to expose the immutableid label and field editor:

image

Then we can create and list users created in certified domains:

image

image

This gets us to proving it works… with our IDP:

image

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in AAD. Bookmark the permalink.