MS Graph
The MS Graph connector enables data synchronization between Azure and RAC/M Identity. To do this, the connector uses the MS Graph API.
Note
This connector exposes many objects available in the Microsoft Graph API. The MS Graph API is constantly evolving and not all objects are exposed, if you need access to an object or functionality in the MS Graph API, please contact OKIOK via your JIRA support portal to describe your needs and which part of the MS Graph API you need access to.
Configuration
The following parameters are required:
| Configuration | Description |
|---|---|
| Application ID | The application ID displayed through the Azure AD portal in the registered application panel. |
| Application Secret Key | The secret key generated for your application. This key can be generated through the Azure AD portal in the Keys panel. |
Other parameters can also be specified for the MS Graph connector:
| Configuration | Description |
|---|---|
| MS Graph API Endpoint | The MS Graph API Endpoint. If none specified, defaults to https://graph.microsoft.com |
| MS Graph API Version | The MS Graph API Version. If none specified, defaults to 1.0 |
| Access Token Endpoint | The OAUTH 2.0 Token Endpoint. If none specified, defaults to https://login.microsoftonline.com/{appId}/oauth2/token |
| User Filter | User Request Filter. Will be used in the $filter attribute. Refer to the MS GraphAPI documentation for proper usage. |
| Group Filter | Group Request Filter. Will be used in the $filter attribute. Refer to the MS GraphAPI documentation for proper usage. |
| Connection Timeout in seconds | Connection Timeout in seconds. Will be used as the Connection, Read, and Write timeout. |
| Photo Save Folder | Folder where the photos of the users will be saved. Each user photo data will be in a file named with the user ID. |
| Result Page Size | Result page size in items when executing a GET request. If none specified, defaults to 999 |
| Included Members Types | A comma-separated list of the types to include. Example: #microsoft.graph.orgContact,#microsoft.graph.user |
| Excluded Members Types | A comma-separated list of the types to exclude. Example: #microsoft.graph.device,#microsoft.graph.servicePrincipal |
| Included Owners Types | A comma-separated list of the types to include. Example: #microsoft.graph.orgContact,#microsoft.graph.user |
| Excluded Owners Types | A comma-separated list of the types to exclude. Example: #microsoft.graph.device,#microsoft.graph.servicePrincipal |
| Included User Sponsors Types | A comma-separated list of the types to include. Example: #microsoft.graph.orgContact,#microsoft.graph.user |
| Excluded User Sponsors Types | A comma-separated list of the types to exclude. Example: #microsoft.graph.device,#microsoft.graph.servicePrincipal |
Supported object classes
| ObjectClass | Description | Supported operations |
|---|---|---|
| __ACCOUNT__ | Azure AD user account. API | Search Creation Update Delete |
| __GROUP__ | Azure AD group. API | Search |
| License | Azure AD commercial subscriptions that an organization has acquired. API | Search |
| License Plan (Service plan) | Contains information about a service plan associated with a subscribed SKU. The servicePlans property of the subscribedSku entity is a collection of servicePlanInfo. API | Search |
| License Assignment | Represents licenses (and plans) assigned to a user API | Search Update |
| joinedTeams | Represents the teams in Microsoft Teams that a user is a direct member of. API | Search |
| members | Allows efficiently listing and updating members of Azure AD groups API | Search Update |
| owners | Represents the owner user(s) of a group. API | Search |
| userSponsors | Represents the user(s) and group(s) that are responsible the guest ore of an account. API | Search |
| manageDevices | Represents properties and relationship of the managedDevices. API | Search |
Azure configuration requirements
Sign in to the Azure portal using an account with an Entra ID administrator role.
Search for __App registrations __ and select your application.
Select API permissions ans select Microsoft Graph
Select the following permissions and grant Admin Consent for each. After this step, the Admin consent required column should indicate Yes next to each permission, and the Status column should display Granted for [your tenant].
Permission Type Description AccessReview.Read.All Application Read all access reviews AdministrativeUnit.Read.All Application Read all administrative units APIConnectors.Read.All Application Read API connectors for authentication flows Application.Read.All Application Read all applications Directory.Read.All Application Read directory data Domain.Read.All Application Read domains Group.Read.All Application Read all groups GroupMember.Read.All Application Read all group memberships Member.Read.Hidden Application Read all hidden memberships Organization.Read.All Application Read organization information PrivilegedAccess.Read.AzureAD Application Read privileged access to Azure AD roles PrivilegedAccess.Read.AzureADGroup Application Read privileged access to Azure AD groups PrivilegedAccess.Read.AzureResource Application Read privileged access to Azure resources User.Read Delegated Sign in and read user profile