After additional investigation, the one requirement from the enterprise was to examine whether or not explicit customers belonged to teams, and there was no speedy requirement of getting the AD Members saved in our Dataverse setting, particularly because of the truth that we must repeatedly sync between AD and Dataverse.
I supplied the enterprise another. What should you had an utility the place you can specify the identify of the group and it might present you the entire customers that belong to it, and even higher, specify the person and it’ll let you understand all of the group the person belongs to. This gave the impression to be like a no brainer, and from our perspective a straightforward answer particularly since we lastly acquired entry to make use of the Graph API (for Customers and Teams solely).
There are different alternate options to this in fact, however this was going to work for us, particularly since particular person customers didn’t have entry to Graph API, however we had an App Registration with Consumer Id and Secret.
The next part briefly explains methods to arrange permissions to Azure Graph Api. Login to Azure and click on on App Registrations. You will have to arrange the API permissions and the Consumer Certificates, and eventually copy the knowledge in an effort to use it inside your circulation.
When you get into the New App Registration and given it a reputation, click on on the Api Permissions, and choose Microsoft Graph, and select the Utility sort (and never delegated). You will have so as to add two units pf permissions: Group.Learn.All and Person.Learn.All, after which just remember to grant consent, as these permissions require admin consent.
Subsequent, arrange the Consumer Secret. Click on on the Certificates & secrets and techniques, choose the choice so as to add a brand new Consumer Secret. You possibly can set the Consumer secret to run out in 1 12 months, 2 years or to by no means expire. After you have got created the Consumer Secret, copy it into notepad or one other program. You will have this for later. As soon as you allow the App Registration, you will be unable to retrieve the Consumer Secret, so just remember to retailer it for later use.
Now that you’re finished, return to the Overview web page of your app registration. You will have to repeat the Utility (shopper) ID and the Listing (tenant) ID, the identical approach you copied the Consumer Secret earlier than. The next picture reveals the knowledge on the Overview web page.
Since I don’t actually like designing stuff, and like to take predesigned templates, I took that Org Browser Canvas App template that’s out there from the Create App web page.
The app incorporates extra options then what I used to be on the lookout for, so I eliminated it to a minimal in order that it simply incorporates the house display and search display .
On the finish, I had two screens. Let’s rapidly go over these. I named the app AD Search. My house display incorporates the title and emblem, and two buttons: Person Search and Group Search, which each redirect to the Search Display after Setting the parameter motion sort both Customers or Teams.
The View my profile on the backside remains to be in progress. I’ve not but determined what to incorporate there.
When the Search Display hundreds, it clears any earlier search outcomes from the outcomes assortment, so it’s all the time a brand new search by calling the Clear on the ADSearchResults assortment.
The shape shows a search management, and when the search textual content is entered, and the search icon is clicked, it calls Energy Automate flows to retrieve the person matching the e-mail deal with or the teams matching the show identify of the group.
The next screenshots reveals each eventualities.
If we have a look at the supply for the search icon OnSelect operate, it would present us that we’re including the outcomes from the GraphUserSearch circulation or GraphGroupSearch circulation into a brand new assortment referred to as ADUserResults.
The Gallery Gadgets factors to ADUserResults, after which we present the Preliminary, DisplayName and Title of every individual within the outcomes of every gallery merchandise.
Now, let’s have a look at the logic for Energy Automate, however earlier than in case anybody is just not conscious, I wish to introduce Graph Explorer which might help out with configure Graph Api requests. The Graph Explorer could be accessed through: https://developer.microsoft.com/en-us/graph/graph-explorer.
Each flows begin the identical approach, and we are able to mix each of them right into a single circulation, however I break up them for simplifying this text. Our set off for this circulation is Energy Apps, after which we initialize for variables of sort string. These variables are the Search String (containing the worth of the search string from the Canvas App), the Motion Kind (containing the motion from the Canvas App, which could be Customers, Workers, Teams or the kind of search that we are going to be performing), the Question String and the Search Outcomes (containing the placeholder for the outcomes). The picture beneath illustrates this.
The following half is we set the variable Question String. It will include the Graph Api question string that might be referred to as, as proven within the picture beneath.
We will take that very same question string and try it out in Graph Explorer to make it possible for it really works earlier than including it to the circulation. Subsequent, we have to name the Api, utilizing a GET request and passing the Question string that we specified within the URI parameter. We add a contentType header with a price of utility/JSON, as our outcomes might be in JSON format.
We have to present the authentication technique to retrieve the outcomes. As we created an App Registration utilizing a Consumer Secret, we are going to use Energetic Listing OAuth. That is the place we might want to data that I beforehand talked about you must write down.
We’ll present the Listing (Tenant) Id, the Viewers, the Utility (Consumer) Id and the Consumer Secret. The picture beneath illustrates the HTTP request.
Lastly, we have to retailer the leads to the variable we instantiated earlier (referred to as Search Outcomes), after which cross the Response again to the Canvas App utilizing the Response motion (of the Request Connector).
The worth that’s entered within the SearchResults variable is the worth of the physique of the earlier step or:
We enter that worth within the Physique of the response. We additionally must specify the Response Physique JSON Schema, which is able to include the weather that might be returned to the Canvas App. The pattern beneath reveals this textual content.
After we wish to use the identical logic for Querying the Teams, the circulation is comparable however there are just a few choices which might be modified. After the initialization of the variables, we have to first question the Graph Api to get the Id of the group that we’re querying, and solely then can we get the members of the group. This circulation incorporates two calls to the Api. The picture beneath illustrates the calls to the Api.
The answer information has been posted to my github repository:
A You Tube video is out there as nicely:
Particular shoutout to Elaiza Benitez for her episode on Microsoft Graph API authentication on What the Circulate:
How to authenticate as an application with Microsoft Graph API (youtu.be)