首页 文章

Azure AD与外部帐户和Microsoft Graph API

提问于
浏览
0

我们将Microsoft Azure Active Directory设置为我们的移动应用程序的SSO解决方案,但希望通过服务器端Microsoft Graph API管理用户的帐户创建 .

对于域的内部用户,这非常有效,因为我们使用Graph API作为管理员用户来创建帐户 .

但是,在尝试创建外部帐户时(例如joe.bloggs@gmail.com),这会失败 .

我们正在使用API调用:

POST https://graph.microsoft.com/v1.0/users

身体:

{
  "accountEnabled": true,
  "mailNickname": "joe.bloggs",
  "displayName": "Joe Bloggs",
  "givenName": "Joe",
  "surname": "Bloggs",
  "userPrincipalName": "joe.bloggs@gmail.com",
  "passwordProfile" : {
    "forceChangePasswordNextSignIn": false,
    "password": "somepassword"
  }
}

响应:

{
    "error": {
        "code": "Request_BadRequest",
        "message": "Property userPrincipalName is invalid.",
        "innerError": {
            "request-id": "619450ec-e703-4a12-86e3-8f53c20d55fc",
            "date": "2018-01-17T16:30:37"
        },
        "details": [
            {
                "target": "userPrincipalName",
                "code": "InvalidValue"
            }
        ]
    }
}

它说“userPrincipalName”无效,但在查看文档后我不确定API是否支持外部帐户?

注意:我意识到您可以使用“/ beta / invitations”调用,但这不会创建帐户 .

azure azure-active-directory microsoft-graph azure-ad-graph-api

1 回答

  • 1

    我假设您使用Azure AD B2B并希望将新的访客用户添加到您的目录中 .

    One thing I want to make clear is that you can invite guest users to your Directory , but you cannot create guest users directly in your Directory.

    因此,您可以使用this Microsoft Graph API邀请访客用户:

    Request

    POST https://graph.microsoft.com/beta/invitations
Content-type: application/json
Content-length: 551

{
  "invitedUserEmailAddress": "yyy@test.com",
  "inviteRedirectUrl": "https://myapp.com"
}

    Response

    HTTP/1.1 201 OK
Content-type: application/json
Content-length: 551

{
  "id": "7b92124c-9fa9-406f-8b8e-225df8376ba9",
  "inviteRedeemUrl": "https://invitations.microsoft.com/redeem/?tenant=04dcc6ab-388a-4559-b527-fbec656300ea&user=7b92124c-9fa9-406f-8b8e-225df8376ba9&ticket=VV9dmiExBsfRIVNFjb9ITj9VXAd07Ypv4gTg%2f8PiuJs%3d&lc=1033&ver=2.0",
  "invitedUserDisplayName": "yyy",
  "invitedUserEmailAddress": "yyy@test.com",
  "sendInvitationMessage": false,
  "invitedUserMessageInfo": {
     "messageLanguage": null,
     "ccRecipients": [
          {
             "emailAddress": {
                 "name": null,
                 "address": null
              }
          }
     ],
     "customizedMessageBody": null
  },
  "inviteRedirectUrl": "https://myapp.com/",
  "status": "Completed",
  "invitedUser":  [ {  "id": "243b1de4-ad9f-421c-a933-d55305fb165d" } ]
}

    另外,如果您想邀请没有邀请的访客用户,请参阅this document .

    希望这可以帮助!

    回复于

相关问题