将B2B Guest用户添加到组中以进行应用程序访问 [英] Adding B2B Guest users in a group for Application access

问题描述

I want to invite external users to access few applications in my Azure AD tenant. I have used Graph API to sent bulk invite to the users.Now,in order to display the applications in the AD access panel for the users, I need to provide them access to the applications. I think the approach would be creating a group of guest users and assign the group to the applications. 

发送邀请时如何在组中添加来宾用户?
邀请API是否提供任何可选参数以将受邀用户添加到组中?

How can I add the guest users in a group while sending invite?
Does the invitation API provide any optional parameter to add the invited user in a group?

另外，我可以在发送邀请时通过API将应用程序权限分配给来宾用户或来宾用户组吗?

Also, can I assign the application(s) permission to the guest user or a guest user group through API in time of sending invitation?

任何代码示例都将有所帮助.

Any code sample will help.

推荐答案

没有参数可以在邀请时将邀请的用户添加到组中或直接将用户分配到图形或PS中的应用程序.这主要是因为您需要用户对象的ID才能在Azure中执行任何操作 广告

There is no parameter through which you can add the invited user to a group at the time of invitation or to assign the user to an application directly in graph or PS. This is primarily because you need the user object's ID to perform any operation in Azure AD. 

您可以使用响应中的Invitationeduser.id参数，然后通过API进行另一次POST操作，以将其添加到组，分配权限或对用户执行任何管理操作.您需要使用Inviteduser.Id，因为它是 来宾用户在Azure AD中对应的用户对象ID.此处是将用户添加到组的POST调用示例.

You can make use of the inviteduser.id parameter from the response and then do another POST operation through API to add them to a group , assign permissions or perform any management operation on the user. You need to use Inviteduser.Id as that it is the corresponding user object id of the guest user in Azure AD. Here is an example of the POST call to add user to a group. 

POST https://graph.microsoft.com/v1.0/groups/{id}/members/

ref 内容类型:application/json 内容长度:30 { "@ odata.id":"https://graph.microsoft.com/v1.0/directoryObjects/{id}" }

ref Content-type: application/json Content-length: 30 { "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{id}" }

 您还可以通过API创建动态分配组，该组中包含所有来宾或任何其他符合您要求的查询.然后，您可以 使用此组来管理用户对应用程序的访问及其权限.这里 是使用Graph API创建动态组的示例

 You can also create a dynamic assignment group through API which has all the guests in it or any other query that suits your requirements .You can then  use this group to manage the user's access to application and their permissions as well. Here is an example for creating a dynamic group using Graph API

POST https://graph.microsoft.com/beta/groups
{
    "description": "Marketing department folks",
    "displayName": "Marketing department",
    "groupTypes": [
        "Unified",
        "DynamicMembership"
    ],
    "mailEnabled": true,
    "mailNickname": "marketing",
    "securityEnabled": false,
    "membershipRule": 'user.department -eq "Marketing"',
    "membershipRuleProcessingState": "on"
}

希望这会有所帮助.

这篇关于将B2B Guest用户添加到组中以进行应用程序访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！