Skip to content

MS Graph

The MS Graph connector enables data synchronization between Entra ID and RAC/M Identity. To do this, the connector uses the MS Graph API.

Note

This connector exposes many objects available in the Microsoft Graph API. The MS Graph API is constantly evolving and not all objects are exposed, if you need access to an object or functionality in the MS Graph API, please contact OKIOK via your JIRA support portal to describe your needs and which part of the MS Graph API you need access to.

Configuration

The following parameters are required:

ConfigurationDescription
Application IDThe application ID displayed through the Entra ID portal in the registered application panel.
Application Secret KeyThe secret key generated for your application. This key can be generated through the Entra ID portal in the Keys panel.

Other parameters can also be specified for the MS Graph connector:

ConfigurationDescription
MS Graph API EndpointThe MS Graph API Endpoint. If none specified, defaults to https://graph.microsoft.com
MS Graph API VersionThe MS Graph API Version. If none specified, defaults to 1.0
Access Token EndpointThe OAUTH 2.0 Token Endpoint. If none specified, defaults to https://login.microsoftonline.com/{appId}/oauth2/token
User FilterUser Request Filter. Will be used in the $filter attribute. Refer to the MS GraphAPI documentation for proper usage.
Group FilterGroup Request Filter. Will be used in the $filter attribute. Refer to the MS GraphAPI documentation for proper usage.
Connection Timeout in secondsConnection Timeout in seconds. Will be used as the Connection, Read, and Write timeout.
Photo Save FolderFolder where the photos of the users will be saved. Each user photo data will be in a file named with the user ID.
Result Page SizeResult page size in items when executing a GET request. If none specified, defaults to 999
Included Members TypesA comma-separated list of the types to include. Example: #microsoft.graph.orgContact,#microsoft.graph.user
Excluded Members TypesA comma-separated list of the types to exclude. Example: #microsoft.graph.device,#microsoft.graph.servicePrincipal
Included Owners TypesA comma-separated list of the types to include. Example: #microsoft.graph.orgContact,#microsoft.graph.user
Excluded Owners TypesA comma-separated list of the types to exclude. Example: #microsoft.graph.device,#microsoft.graph.servicePrincipal
Included User Sponsors TypesA comma-separated list of the types to include. Example: #microsoft.graph.orgContact,#microsoft.graph.user
Excluded User Sponsors TypesA comma-separated list of the types to exclude. Example: #microsoft.graph.device,#microsoft.graph.servicePrincipal

Supported object classes

ObjectClassDescriptionSupported operations
__ACCOUNT__Entra ID user account. APISearch
Creation
Update
Delete
__GROUP__Entra ID group. APISearch
LicenseEntra ID commercial subscriptions that an organization has acquired. APISearch
License Plan (Service plan)Contains information about a service plan associated with a subscribed SKU. The servicePlans property of the subscribedSku entity is a collection of servicePlanInfo. APISearch
License AssignmentRepresents licenses (and plans) assigned to a user APISearch
Update
joinedTeamsRepresents the teams in Microsoft Teams that a user is a direct member of. APISearch
membersAllows efficiently listing and updating members of Entra ID groups APISearch
Update
ownersRepresents the owner user(s) of a group. APISearch
userSponsorsRepresents the user(s) and group(s) that are responsible the guest ore of an account. APISearch
manageDevicesRepresents properties and relationship of the managedDevices. APISearch

Entra ID configuration requirements

  1. Sign in to the Azure portal using an account with an Entra ID administrator role.
  2. Search for __App registrations __ and select your application.
  3. Select API permissions ans select Microsoft Graph
  4. Select the following permissions and grant Admin Consent for each. After this step, the Admin consent required column should indicate Yes next to each permission, and the Status column should display Granted for [your tenant].
PermissionTypeDescription
AccessReview.Read.AllApplicationRead all access reviews
AdministrativeUnit.Read.AllApplicationRead all administrative units
APIConnectors.Read.AllApplicationRead API connectors for authentication flows
Application.Read.AllApplicationRead all applications
AuditLog.Read.AllApplicationRead all audit log data
Directory.Read.AllApplicationRead directory data
Domain.Read.AllApplicationRead domains
Group.Read.AllApplicationRead all groups
GroupMember.Read.AllApplicationRead all group memberships
Member.Read.HiddenApplicationRead all hidden memberships
Organization.Read.AllApplicationRead organization information
PrivilegedAccess.Read.AzureADApplicationRead privileged access to Entra ID roles
PrivilegedAccess.Read.AzureADGroupApplicationRead privileged access to Entra ID groups
PrivilegedAccess.Read.AzureResourceApplicationRead privileged access to Entra ID resources
User.ReadDelegatedSign in and read user profile