Azure Active directory Integration config

I need to make an integration to modify permisions or lock account of users on office365 a try to config an Microsoft Active Directory to have access to Azure Activie Directory but I have not luck.

Do any one know how can this task be done?
what is the correct plugin and config to ges access to Azure of office365 accounts and develop this taks?

Well I do have not to much response from the community, but this is no reason to give up.
I do research a lot (really a lot) and I get a working solution.

There is not an available swimlane plug-in for Azure AD or Office 365 integrations or task, so I did program some tasks on Python. (next steep learn how to program my own plug-ins)

First I needed to know how to connect to Azure AD or Office 365 API.
Ther is Microsoft Authentication Library (MSAL) for Python a python library for Microsoft Identity Platform and Microsoft Graph API.

With this I do create some python scripts to get all users or accounts in Azure AD / Office 365 tenant account, get all account details (id, name, username, mail, accunt enable, etc.), get a specific account details and most important, a python script to update an account fields. After a lot of try, learn, fail and fix I did make connections and API calls works.

Geting this I upload MSAL Python package to swimlane and translate the script to Swimlane Python 3.6 Tasks, a proccess that make me lear even more. After a while every single task works and after a few days a could create my swimlane application for get, update, and disable a office 365 account from swimlane.

So now I can create some email thrigers and workflows to create an off-boarding use case.

If some one need more details or want to know anythig about this work-in-progress develpment, please let me know.

Luis Medina

1 Like

Here are some code about get info of an Office 365 tenant account user:

import json
import requests
import msal

of_username = sw_context.inputs["of_username"]
office_client_id = sw_context.inputs["office_client_id"]
office_client_secret = sw_context.inputs["office_client_secret"]
office_tenant_id = sw_context.inputs["office_tenant_id"]

of_userid = "None"
sw_result = False

# Create a preferably long-lived app instance which maintains a token cache.
app = msal.ConfidentialClientApplication(office_client_id, authority="https://login.microsoftonline.com/"+office_tenant_id, client_credential=office_client_secret)

result = None
result = app.acquire_token_silent([ "https://graph.microsoft.com/.default" ], account=None)

if not result:
    result = app.acquire_token_for_client(scopes=[ "https://graph.microsoft.com/.default" ])

if "access_token" in result:
  graph_data = requests.get("https://graph.microsoft.com/v1.0/users/"+of_username+"?$select=displayName,userPrincipalName,givenName,surname,objectId,accountEnabled,mail,mailNickname,usageLocation,id", headers={'Authorization': 'Bearer ' + result['access_token'], "Content-Type": "application/json"}, ).json()
  sw_outputs = [{'userid': graph_data['id'],
                 'accountEnabled': graph_data['accountEnabled'],
                 'displayName': graph_data['displayName'],
                 'userPrincipalName': graph_data['userPrincipalName'],
                 'givenName': graph_data['givenName'],
                 'surname': graph_data['surname'],
                 'mail': graph_data['mail'],
                 'mailNickname': graph_data['mailNickname'],
                 'usageLocation': graph_data['usageLocation'],
                }]
    
else:
  print(result.get("error"))
  print(result.get("error_description"))
  print(result.get("correlation_id"))

Hey @larmedina, thanks for sharing!

It sounds like you achieved your needs - correct?

If you want I can create a ticket and get an official plugin for Azure AD created. What capabilities do you think are most useful?

Iā€™d imagine get users, groups, enable, disable, and create? Anything else?

Hi @joshswimlane

Yes, I was able to make my off-boarding use case (in development) with MS AD (local), salesforce and Office 365 users (Azure AD).

The ticket could be great, this will make my life easy!
The tasks you mention are great and I think some specific could be usefull like:

  • Azure AD Application permissioning
  • One drive upload files / folders
  • Documents (word) creation, deletion, send and share by one drive links (office 365 integration)

That could be really interesting to see.

Hi, @joshswimlane

Do you have any comment about the ticket of a Azure AD plugin? or know about any progress?