We wish to connect to Azure AD to get AD group information and build a pipeline to flow this information in GCP Big Query
eg:
AD Group Name -- Userid -- user email id
AD_GROUP_INDIA 101 abc#company.com
Is there any direct connector / python library available for the same?
Regards,
Kiran
That would be the MS Graph SDK for Python, currently in preview. Also, you can do REST calls directly to the MS Graph API.
You need to:
Choose what authentication schema or flow to use
Register an Azure AD application
Add and consent Group.Read.All permission.
Authenticate and obtain an access token for scope https://graph.microsoft.com/.default` (Will include all permissions exposed for MS Graph) using Azure Identity client library for Python or MSAL Python
Call one of the MS Graph group operations: client.get('/groups') or client.get('/groups/{id}')
For more information about the MS Graph group supported operations/endpoints take a look at Working with groups in Microsoft Graph.
Related
There are many OAuth 2.0 Client IDs in my GCP project, and I would like to programmatically list them, along with their attributes (name, creation date, type, client ID).
However, the only API method I have been able to find is the one for listing service accounts.
Is there an equivalent to list OAuth 2.0 Client IDs?
Please don't tell me to check them one by one by hand in the cloud console :)
Thanks!
I have not used this API before but here are several links to help you get started. Google calls the OAuth Clients brands as in the brand of product.
gcloud alpha iap oauth-brands list
Programmatically creating OAuth clients for IAP
REST API: ListBrandsRequest
Trying to find a way to add members to google group through google API but any search result always end up in using admin sdk for this. But for using Admin SDK it requires to sign up on Google workspace. Is there any other way to achieve the same without signing up on workspace through simple api call using OAuth.
You are not a Google Workspace user but a Consumer (gmail) user
You do not have access to the Admin SDK (apart from for publicly available methods)
In this case, you can retrieve Google Groups programmatically is via GroupsApp in Google Apps Script.
However, this only allows you to get group / user information, not to create new users.
Unfortunately the latter is a service that is only available for Google Workspace users.
Essentially, I'm wanting to create an Oauth Client as an App so I can get data from Dynamics for multiple customers. Does anyone know if this is possible to do in AppSource or do you know of another way?
I have a service that will be served in a cloud different than Azure so there really isn't anything for me to submit as an App and I really don't want every customer to have to setup their own App that gives my service the privileges/access it needs, but it's looking like I may have to.
It sounds like you'll want to register an app with Azure AD (the OAuth2.0 service/identity provider for work and school accounts), and create a multi-tenant app. Then you can configure this app in the Azure Portal to get permissions to the APIs the app wants tokens to call (in your case Dynamics or the Microsoft Graph).
Once this app is written, you can code up your app using one of the Azure AD Auth Libraries. Here's some sample code for a .NET web API. You can find more code samples on Github and search active directory. Moreover, the Azure Active Directory Developer Landing Page is a great place to look for more resources on doing all of this.
We would like to use the connectors feature to give users access to information from our line of business system inside groups. This seems possible using the webhooks method mentioned, but how do we get our connector in the list of Connectors our users can access?
That is correct, Incoming WebHooks allow you to build your own connectors.
You would be able to submit custom built Connectors to the 'Connector Store' as soon as connectors are out of developer preview.
Until then, you can facilitate connections to Office365 directly from your LOB applications using the 'Connect to Office 365 button'. This way you can abstract out copy-pasting WebHook URLs from your end users.
I want to access Google Compute Engine Instances, then I active Google Compute Engine API, but how to retrieve an API key, between server key and browser key, which one should I create ?
If you're using OAuth to authenticate, there're different kind of credentials that you can use, such as web server applications, installed apps, client-sid apps, etc. You need to find out which one you need.
In the Developers Console, you can create the credentials that you might need. At the provided links you can find more information.
There are multiple methods when it comes to authenticate your project to Google API's, You will find the details in page [1] below. Logging to a Compute Engine instance using the UI will use the third method 'Service Account Key' where you don't have to put any action as by default it will use your Compute Engine default service account.
[1] https://cloud.google.com/docs/authentication/api-keys#creating_an_api_key