Skip to content

marekhorecny/connector-microsoft-graph-api

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits
sample
sample
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Connector for Microsoft Graph API

This is midPoint/ConnId connector for Microsoft Graph API. It is meant to manage users in Microsoft cloud applications, such as Azure AD and Office365.

See https://wiki.evolveum.com/display/midPoint/Microsoft+Graph+API+Connector

##Build with Maven

  • download Microsoft Graph API connector source code from github
  • build connector with maven:
mvn clean install -Dmaven.test.skip=true
  • find connector-msgraph-1.0-beta.jar in \target folder

##Installation

  • put connector-msgraph-1.0-beta.jar to {midPoint_home}\icf-connectors\ directory
  • run/restart midPoint

##Config

  • Import of SSL certificates is needed. Download current DigiCert Global Root G2 and DigiCert Global Root CA certificate in .der format and after that you must import it to midPoint keystore.jceks:
keytool -keystore keystore.jceks -storetype jceks -storepass changeit -import -alias nlight -trustcacerts -file {your certificate}.der

##Permissions

This are permissions which you need to add to your Azure Active Directory application for midPoint:

  • Directory.Read.All -> Delegated persmission
  • Directory.REadWrite.All -> Delegated permission
  • Group.Create -> Application permission
  • Group.Read.All -> Delegated permission
  • Group.Read.All -> Aplication permision
  • Group.ReadWrite.All -> Delegated permission
  • Group.ReadWrite.All -> Application permission
  • Group.Selected ->Application permission
  • GroupMember.Read.All -> Delegated permission
  • GroupMember.Read.All -> Application permission
  • GroupMember.ReadWrite.All -> Delegated permission
  • GroupMember.ReadWrite.All -> Application permission
  • PrivilegedAccess.Read.AsureADGroup -> Delegated permission
  • PrivilegedAccess.Read.AsureADGroup -> Application permission
  • PrivilegedAccess.ReadWrite.AsureADGroup -> Delegated permission
  • PrivilegedAccess.ReadWrite.AsureADGroup -> Application permission
  • User.Read -> Delegated permission
  • User.Read.All -> Delegated permission
  • User.Read.All -> Application permission
  • User.ReadWrite.All -> Delegated permission
  • User.ReadWrite.All -> Application permission ###For SharePoint you need also:
  • User.Read.All -> Delegated permission
  • User.ReadWrite.All -> Delegated permission

##Resource Examples

  • AAD-resource.xml - sample resource.
  • AAD Account.xml - sample role to creeate account in Azure Active Directory with user location.
  • AAD Metarole for Office 365 groups.xml - metarole for Office 365 groups.
  • ADD Metarole for Security groups.xml - metarole for Security groups. see /sample folder

About

Connector for Microsoft Graph API

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Java 100.0%