列出我是其成员或访客用户的所有Azure Active Directory [英] List all Azure Active Directories I'm either a member or guest user of
问题描述
在某些情况下,我需要列出我作为成员的所有Azure Active Directory和作为来宾用户受邀的所有Azure Active Directory.我们的应用程序是多租户,其中每个租户都有自己的Azure Active Directory,可以邀请一个用户作为另一个租户来访问该应用,并且应该为用户提供一个UI,以便像在Azure中一样在租户/目录之间进行切换门户网站.
可以使用Azure资源管理器API查询第一部分,以列出我是(解决方案
我是否可以使用访问令牌调用任何API进行查询 我具有访客访问权限的所有Azure Active Directory?
当然可以!
对于您的情况,我还要在实验室中使用从本地联合成功的帐户进行测试. 因此,您似乎无法在第二个租户中使用您的帐户.
您可以 通过Azure REST API使用代码授予流 或隐式流程以获取具有您帐户的委派权限的访问令牌.
我进行了测试并成功:
希望这会有所帮助!
I have a case where I need to list all Azure Active Directories I'm a member of and those I'm invited as a guest user to. Our application is multi-tenant where each tenant have their own Azure Active Directory, and one user can be invited to access the application as another tenant, and should be presented with a UI to switch between tenants/directories like we can do in the Azure Portal.
The first part can be queried using the Azure Resource Manager API for listing tenants which I'm a member of (https://docs.microsoft.com/en-us/rest/api/resources/tenants/list). The response from this API do not include tenants for which I'm only invited as a guest user to though.
Are there any API's that I can call with an access token to query for all Azure Active Directories I have guest access to?
Btw: I'm able to switch between the directories I'm a member of seamlessly using the ng2-adal library, by explicitly setting the tenant in the ADAL configuration object and invoking login() on the ADAL service.
Update: The answer to my question is that guests must complete the invitation process by following the link in the e-mail that they receive from Azure Ad.
Are there any API's that I can call with an access token to query for all Azure Active Directories I have guest access to?
Of course you can!
For your case, I also test in my lab with an account that federated from on-premise and Succeeded. So, You it seems like your account is not working in the second tenant.
You can use code grant flow with Azure REST API or implict flow to get access token with has delegated permissions for your account.
I did a test and succeeded:
Hope this helps!
这篇关于列出我是其成员或访客用户的所有Azure Active Directory的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
