Views:

Overview

In this article we will demonstrate how to update Azure Active Directory from a North52 Formula using the Microsoft Graph API. 

North52 BPA Solution

The North52 BPA solution works like this:

  • We create an App Registration in Azure Active Directory with access to Active Directory Read and Write on all Users
  • A North52 formula will then retrieve a Token that will allow us to act as that App Registration
  • Using that Token, we will call the Microsoft Graph API and issue the instruction to update the User

Setup Azure App Registration

  • Log into https://portal.azure.com and select to Azure Active Directory from the menu on the left
  • Open App registrations and select New registration
  • Give your App a name, e.g N52 Update AD Users App and click Register
  • Your App will be created, the next step is to configure it:
    • Open up API Permissions, click on Add a permission and select Microsoft Graph from the list presented
    • You will be then asked if you want to provide Delegated permissions or Application Permissions to the App. In this case we are using Application Permissions.
    • In the list that is presented, expand the User node and tick the box for User.ReadWrite.All and click Add permissions
    • You will be shown the following screen:
    • When you click on Grant admin consent for <orgname> the status of the API permission will be marked as Granted
  • Open the Certificates & Secrets section and click the New client secret button
  • Give the key a name, select an expiry for the key and click Add. This will generate the key for you.
  • The key will only be visible this one time in the App Registration, so make sure to copy it into Notepad
  • Click on the Overview for the App Registration and copy the Application (client) ID and the Directory (tenant) ID into Notepad too
  • With these 3 pieces of data you will be able to authenticate to the App and retrieve a Token to act on behalf of it.

Setup Formula

Note we are using the Command Console Formula type in this example to show how you can test the update to Azure AD without a trigger from a record, you could of create a Save - Perform Action formula on the User entity to trigger the update.

  • Navigate to Settings > N52 Formula 
  • Create a new formula, setting the following values in the Formula Guide:
    • Source Entity set to N52 Command
    • Set Formula Type to Command Console
    • Select the Classic editor
    • Click Create 
  • Copy and paste the following formula into the Classic editor 
    SmartFlow(
    
      SetVar('tenant_id', ''),
      SetVar('client_id', ''),
      SetVar('client_secret', ''),
      SetVar('grant_type', 'client_credentials'),
      
      SetVar('token',
        AzureADGettoken(GetVar('tenant_id'), 
          SetRequestParams(
            'resource', 'https://graph.microsoft.com',
            'client_id', GetVar('client_id'),
            'client_secret', GetVar('client_secret'),
            'grant_type', 'client_credentials')
        )
      ),
      
      SetVar('jsoninput', CreateJObject( 
        CreateJProperty('jobTitle', 'Lead Developer')
        )
      ),
    
      CallRestAPI( 
        SetRequestBaseURL('https://graph.microsoft.com/'),
        SetRequestResource('v1.0/' + GetVar('tenant_id') + '/users/testuser@crmdemo.onmicrosoft.com'),
        SetRequestDetails('PATCH'),
        SetRequestHeaders('Authorization', 'Bearer ' + GetVar('token')),
        SetRequestParams('RawContentApplicationJson',GetVar('jsoninput')),
        SetRequestAuthenticationNone(),
        SetRequestFiles(), 
        SetRequestExpected('Completed'),  
        SetRequestActionPass(GetVar('responsecontent')),
        SetRequestActionFail(
          ThrowError(GetVar('responsecontent'))
        )
      )               
    )
    
  • Fill in the values for tenant_id, client_id and client_secret in the formula from the earlier created App Registration
  • Click Save
  • You are now ready to test the formula:

Testing

In the SetRequestResource() enter the email address of the user you want to update. Set the jobTitle to whatever value you want. In the above example I am setting job title for testuser@crmdemo.onmicrosoft.com to be Lead Developer.

  • Click on the lightning bolt icon to open the formula tester pane, then on the Execute button to trigger the formula
  • When you open the user in Azure you will see that the Job Title has been updated: