Jump to content

Keep contents of an Org Group in line with the contents of an Azure Group


Recommended Posts

We use the active directory Azure import facility quite often we perceive it has a limitation in that can only add users to a group. If the user is removed from the active directory group it does not remove them from the service manager organisational group on the next run. Are we missing something or is this only a one-way import? Are there ways to keep the members of an Azure active directory group in line with the members of a service manager group?

I was also hoping there was a 'query group' option in the Cloud automation. If there was that, I could directly query an AD group to se if a member is in it and then not need to sync it in to service manager at all. But there is no such option. 

image.png.032f9072610a6c17200ec73a30cb469f.png

Thanks in advance

Link to comment
Share on other sites

Hi @Steve G, we have tried this and it has not worked.

We have this AD group in O365 Azure:

image.png.b5bde6d336374e43cfa6c8419f02fdc2.png

image.png.6257c2c3945e98e57220fe5188a30b3a.png

I have entered the GroupID into the Cloud Automation using the new GroupsCheckMembership feature and the Azure Active Directory connector (which works for an add/remove user in another flow/group):

image.thumb.png.850e6bda55da2acad9166318f0d04f59.png

The Member ID I am using is the email address of our user which is both the customerID in Hornbill and the UPN (user principle name) in Azure.

image.thumb.png.4dd174e1c8dee095d6b94d418cfd6ce2.png

I think you are going to tell me that I need to use the ObjectID of the user and the email address is not correct...?

Could I please request the Wiki is updated to make the features and this detail clearer?

Azure Automation iBridge - Hornbill 

Link to comment
Share on other sites

Hi @Berto2002,

It is indeed the Object ID, as per the documentation in the workflow operation:

 image.png

The wiki URL you have provided is for Azure Automation, which is a different product on the Azure platform. The wiki page is actually: https://wiki.hornbill.com/index.php?title=Microsoft

To get the User Object ID, you can use either of the following operations:

  • Microsoft/Azure/Users/Get User by Email - this will search for users by emil address
  • Microsoft/Azure/Users/Get User - this will return the user by their UPN

Cheers,

Steve

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...