Fortinet black logo

Azure Active Directory

Azure Active Directory v2.1.0

Copy Link
Copy Doc ID 637baa55-b2a8-11ed-8e6d-fa163e15d75b:510

About the connector

Azure Active Directory is a managed multi-tenant service from Microsoft that offers identity and access capabilities for the cloud using Azure Active Directory REST API services.

This document provides information about the Azure Active Directory connector, which facilitates automated interactions, between Azure Active Directory REST API services and FortiSOAR™ playbooks. Add the Azure Active Directory connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list of users from Azure Active Directory, or disabling the account of a specific user in Azure Active Directory.

Version information

Connector Version: 2.1.0

FortiSOAR™ Version Tested on: 7.3.1-2105

Azure Active Directory Version Tested on: Azure Cloud

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.1.0

Following enhancements have been made to the Azure Active Directory connector in version 2.1.0:

  • Added the following new operations and playbooks:
    • List Groups
    • Get Group Details
    • List SignIns Events
    • Add Member
    • Remove Member
    • List Group Members
  • Following dependency packages were removed:
    • Python's dependency package adal

Getting Access Tokens

You can get authentication tokens to access the security graph APIs using two methods:

Getting Access Tokens using the On behalf of the user – Delegate Permission method

  1. Ensure that the required permissions are granted for the registration of the application.
    For example, for a Microsoft Graph User, following API/Permissions must be granted:
    • User.ReadBasic.All
    • User.Read
    • User.ReadWrite
    • User.ManageIdentities.All
    • Group.ReadWrite.All
    • GroupMember.Read.All
    • GroupMember.ReadWrite.All
    • Group.Read.All
    • User.Read.All
    • User.ReadWrite.All
    • AuditLog.Read.All
    • Directory.Read.All
    • Directory.ReadWrite.All
    • Directory.AccessAsUser.All of type Delegated.
  2. The Redirect URL can be directed to any web application in which you want to receive responses from Azure AD. If you are unsure about what to set as a redirect URL, you can use https://localhost/myapp.
  3. Copy the following URL and replace the TENANT_ID, CLIENT_ID, and REDIRECT_URI with your tenant ID, client ID, and the following redirect URL:
    https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?response_type=code&scope=offline_access https://graph.microsoft.com/.default&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI
  4. Enter the above link with the replaced values and you will be prompted to grant permissions for your Azure Service Management. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE&session_state=SESSION_STATE
  5. Copy the AUTH_CODE (without the "code=" prefix) and paste it in your instance configuration in the Authorization Code parameter.
  6. Enter your client ID in the Client ID parameter field.
  7. Enter your client secret in the Client Secret parameter field.
  8. Enter your tenant ID in the Tenant ID parameter field.
  9. Enter your redirect URL in the Redirect URL parameter field. By default, it is set to https://localhost/myapp.

Getting Access Tokens Without a User - Application Permission method

  • Ensure that the required permissions are granted for the registration of the application.
    For example, for a Microsoft Graph User, following API/Permissions must be granted:
    • User.Read.All
    • User.ReadWrite.All
    • GroupMember.Read.All
    • GroupMember.ReadWrite.All
    • Group.ReadWrite.All
    • Group.Read.All
    • AuditLog.Read.All
    • Directory.Read.All
    • Directory.ReadWrite.All
    • User.ManageIdentities.All of type Application.
  • Enter your client ID in the Client ID parameter field.
  • Enter your client secret in the Client Secret parameter field.
  • Enter your tenant ID in the Tenant ID parameter field.

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-azure-active-directory

Prerequisites to configuring the connector

  • You must have acquired authentication tokens to access the security graph APIs using Delegated or Application Permissions. For more information see the Getting Access Tokens section.
  • Ensure that host login.microsoftonline.com on port 443 is in the allowlist of your Firewall or Proxy servers.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Azure Active Directory connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:

Parameter Description
Get Access Token Select the method using which you will get authentication tokens used to access the security graph APIs. You can choose between On behalf of User – Delegate Permission or Without a User - Application Permission. For more information, see the Getting Access Tokens section.
Server URL The service-based URL to which you will connect and perform the automated operations.
Client ID Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Client Secret Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.
Tenant ID ID of the tenant that you have been provided for your Azure Active Directory instance.
Authorization Code (Only Applicable to On behalf of User – Delegate Permission) The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the On behalf of the user – Delegate Permission method section.
Redirect URL (Only Applicable to On behalf of User – Delegate Permission) The redirect_uri of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match one of the redirect_uri's you have registered in your app registration portal.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onwards:

Function Description Annotation and Category
List Groups Retrieves a list of groups from Azure Active Directory based on the query for filtering groups that you have specified. list_groups
Investigation
Get Group Details Retrieves the details of a particular group from Azure Active Directory based on the group ID that you have specified. get_group_details
Investigation
List SignIns Events Retrieves the list of sign-in events from Azure Active Directory based on the query for filtering users that you have specified. list_sign_ins
Investigation
Remove Member Removes a member from a group based on the group and user ID that you have specified. remove_member
Investigation
Add Member Adds a member to a group based on the group and user ID that you have specified. add_member
Investigation
List Group Members Retrieves a list of members of a particular group from Azure Active Directory based on the query for filtering group members that you have specified. list_group_members
Investigation
List Users Retrieves a list of users from Azure Active Directory based on the query for filtering users you have specified. list_users
Investigation
Get User Details Retrieves specific information for a specific user from Azure Active Directory, based on the Object ID or User Principal Name you have specified. get_user_details
Investigation
Add User Creates a new user in Azure Active Directory, based on the User Principal Name, Display Name, Password, and other input parameters you have specified. add_user
Investigation
Enable User Enables a specific user's account in Azure Active Directory, based on the Object ID or User Principal Name you have specified. enable_user
Containment
Disable User Disables a specific user's account in Azure Active Directory, based on the Object ID or User Principal Name you have specified. disable_user
Containment
Delete User Deletes a specific user's account from Azure Active Directory, based on the Object ID or User Principal Name you have specified. delete_user
Investigation
Reset Password Resets the password for an existing Azure Active Directory user, based on the Object ID or User Principal Name, password, and other input parameters you have specified. reset_password
Containment

operation: List Groups

Input parameters

Parameter Description
Filter Query Specify the filter query based on which you want to retrieve groups. Refer to Azure Filter Query Parameters for information on the filter query syntax.
Select Query Specify the $select query to retrieve groups from Azure Active Directory. The OData's Select query is supported on fields such as id, displayName, etc. Refer to OData system query options for more information.
Number Of Groups To Fetch (Optional) Specify the maximum number of groups that this operation should return from Azure.
Get All Pages Select this option, i.e., set it to true, to fetch all pages containing all available records from Azure.
Skip Token (Optional) Specify a Skiptoken if a previous operation returned a partial result. If the previous response contains a nextLink element, the value of the nextLink element includes a skiptoken parameter that specifies a starting point to use for subsequent calls.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"@odata.count": "",
"value": [
{
"id": "",
"deletedDateTime": "",
"classification": "",
"createdDateTime": "",
"creationOptions": [],
"description": "",
"displayName": "",
"expirationDateTime": "",
"groupTypes": [],
"isAssignableToRole": "",
"mail": "",
"mailEnabled": "",
"mailNickname": "",
"membershipRule": "",
"membershipRuleProcessingState": "",
"onPremisesDomainName": "",
"onPremisesLastSyncDateTime": "",
"onPremisesNetBiosName": "",
"onPremisesSamAccountName": "",
"onPremisesSecurityIdentifier": "",
"onPremisesSyncEnabled": "",
"preferredDataLocation": "",
"preferredLanguage": "",
"proxyAddresses": [],
"renewedDateTime": "",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": "",
"securityIdentifier": "",
"theme": "",
"visibility": "",
"onPremisesProvisioningErrors": []
}
]
}

operation: List Group Members

Input parameters

Parameter Description
Group ID Specify an ID of the group for which you want to list the members.
Filter Query Specify the filter query based on which you want to retrieve group members. Refer to Azure Filter Query Parameters for information on the filter query syntax.
Select Query Specify the $select query to retrieve group members from Azure Active Directory. The OData's Select query is supported on fields such as id, userPrincipalName, displayName, etc.
Number Of Group Members To Fetch (Optional) Specify the maximum number of group members that this operation should return from Azure.
Get All Pages Select this option, i.e., set it to true, to fetch all pages containing all available records from Azure.
Skip Token (Optional) Specify a Skiptoken if a previous operation returned a partial result. If the previous response contains a nextLink element, the value of the nextLink element includes a skiptoken parameter that specifies a starting point to use for subsequent calls.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"@odata.count": "",
"value": [
{
"@odata.type": "",
"id": "",
"businessPhones": [],
"displayName": "",
"givenName": "",
"jobTitle": "",
"mail": "",
"mobilePhone": "",
"officeLocation": "",
"preferredLanguage": "",
"surname": "",
"userPrincipalName": ""
}
]
}

operation: Get Group Details

Input parameters

Parameter Description
Group ID Specify a group ID to fetch the details for that group.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"id": "",
"deletedDateTime": "",
"classification": "",
"createdDateTime": "",
"creationOptions": [],
"description": "",
"displayName": "",
"expirationDateTime": "",
"groupTypes": [],
"isAssignableToRole": "",
"mail": "",
"mailEnabled": "",
"mailNickname": "",
"membershipRule": "",
"membershipRuleProcessingState": "",
"onPremisesDomainName": "",
"onPremisesLastSyncDateTime": "",
"onPremisesNetBiosName": "",
"onPremisesSamAccountName": "",
"onPremisesSecurityIdentifier": "",
"onPremisesSyncEnabled": "",
"preferredDataLocation": "",
"preferredLanguage": "",
"proxyAddresses": [],
"renewedDateTime": "",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": "",
"securityIdentifier": "",
"theme": "",
"visibility": "",
"onPremisesProvisioningErrors": []
}

operation: Remove Member

Input parameters

Parameter Description
Group ID Specify a group ID from which you want to remove the user.
User ID Specify the directory object ID of the user to remove from the group.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Add Member

Input parameters

Parameter Description
Group ID Specify a group ID to which you want to add a user.
User ID Specify the directory object ID of the user to add to the group.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: List SignIns Events

Input parameters

Parameter Description
Filter Query Specify the filter query based on which you want to retrieve sign-in events from Azure Active Directory. The OData's Filter query is supported on the following fields: id, userPrincipalName, displayName, givenName and jobTitle. For example [userPrincipalName eq 'username@example.com'] retrieves a user whose userPrincipalName is username@example.com. Refer to OData system query options for more information.
Number of Events to Fetch (Optional) Specify the maximum number of events that this operation should return from Azure.
Get All Pages Select this option, i.e., set it to true, to fetch all pages containing all available records from Azure.
Skip Token (Optional) Specify a Skiptoken if a previous operation returned a partial result. If the previous response contains a nextLink element, the value of the nextLink element includes a skiptoken parameter that specifies a starting point to use for subsequent calls.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"@odata.nextLink": "",
"value": [
{
"id": "",
"createdDateTime": "",
"userDisplayName": "",
"userPrincipalName": "",
"userId": "",
"appId": "",
"appDisplayName": "",
"ipAddress": "",
"clientAppUsed": "",
"correlationId": "",
"conditionalAccessStatus": "",
"isInteractive": "",
"riskDetail": "",
"riskLevelAggregated": "",
"riskLevelDuringSignIn": "",
"riskState": "",
"riskEventTypes": [],
"riskEventTypes_v2": [],
"resourceDisplayName": "",
"resourceId": "",
"status": {
"errorCode": "",
"failureReason": "",
"additionalDetails": ""
},
"deviceDetail": {
"deviceId": "",
"displayName": "",
"operatingSystem": "",
"browser": "",
"isCompliant": "",
"isManaged": "",
"trustType": ""
},
"location": {
"city": "",
"state": "",
"countryOrRegion": "",
"geoCoordinates": {
"altitude": "",
"latitude": "",
"longitude": ""
}
},
"appliedConditionalAccessPolicies": []
}
]
}

operation: List Users

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Filter Query Specify the filter query based on which you want to retrieve users from Azure Active Directory. The OData's Filter query is supported on the following fields: id, userPrincipalName, displayName, givenName and jobTitle. For example [userPrincipalName eq "username@example.com"] retrieves a user whose userPrincipalName is username@example.com
Select Query Specify the $select query to retrieve user fields from Azure Active Directory. The OData's Select query is supported on fields such as id, userPrincipalName, displayName, etc. Refer to OData system query options for more information.
Search Query Specify the search query to retrieve user details from Azure Active Directory. The OData's Search query is supported on fields such as id, userPrincipalName, displayName, etc. Refer to OData system query options for more information.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"value": [
{
"businessPhones": [],
"displayName": "",
"givenName": "",
"jobTitle": "",
"mail": "",
"mobilePhone": "",
"officeLocation": "",
"preferredLanguage": "",
"surname": "",
"userPrincipalName": "",
"id": ""
}
]
}

operation: Get User Details

Input parameters

Parameter Description
Based On Select the parameter based on which you want to retrieve details of a user from Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID of the user whose details are to be retrieved from Azure Active Directory.
  • User Principal Name: Specify the principal name of the user whose details are to be retrieved from Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"businessPhones": [],
"displayName": "",
"givenName": "",
"jobTitle": "",
"mail": "",
"mobilePhone": "",
"officeLocation": "",
"preferredLanguage": "",
"surname": "",
"userPrincipalName": "",
"id": ""
}

operation: Add User

Input parameters

Parameter Description
Display Name Specify the name that you want to be displayed in the address book for the user that you are creating in Azure Active Directory.
Mail Nick Name Specify the mail alias for the user that you are creating in Azure Active Directory.
User Principal Name Specify the principal name of the user that you are creating in Azure Active Directory.
Password Specify the password of the user that you are creating in Azure Active Directory.
Force Change Password Next Login Select this option, i.e., set it to true, to force the users to change their password when they next log on to Azure Active Directory.
Account Enabled Select this option, i.e., set it to true, to enable this user's account on Azure Active Directory.
Additional Fields (Optional) Specify additional fields to add to the user's account that you are creating in Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"id": "",
"businessPhones": [],
"displayName": "",
"givenName": "",
"jobTitle": "",
"mail": "",
"mobilePhone": "",
"officeLocation": "",
"preferredLanguage": "",
"surname": "",
"userPrincipalName": ""
}

operation: Enable User

Input parameters

Parameter Description
Based On Select the parameter based on which you want to enable a user's account on Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID associated with the user account to be enabled on Azure Active Directory.
  • User Principal Name: Specify the principal name associated with the user account to be enabled on Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Disable User

Input parameters

Parameter Description
Based On Select the parameter based on which you want to disable a user's account on Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID associated with the user account to be disabled on Azure Active Directory.
  • User Principal Name: Specify the principal name associated with the user account to be disabled on Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Delete User

Input parameters

Parameter Description
Based On Select the parameter based on which you want to delete a user's account on Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID associated with the user account to be deleted on Azure Active Directory.
  • User Principal Name: Specify the principal name associated with the user account to be deleted on Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Reset Password

Input parameters

Parameter Description
Based On Select the parameter based on which you want to reset the password of a user's account on Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID associated with the user account whose password is to be reset on Azure Active Directory.
  • User Principal Name: Specify the principal name associated with the user account whose password is to be reset on Azure Active Directory.
Password Specify a temporary password that you want to set for the user on Azure Active Directory.
Force Change Password Next Login Select this option, i.e., set it to true, to force the users to change their password when they next log on to Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

Included playbooks

The Sample - Azure Active Directory - 2.1.0 playbook collection comes bundled with the Azure Active Directory connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Azure Active Directory connector.

  • List Groups
  • Get Group Details
  • List SignIns Events
  • Add Member
  • Remove Member
  • List Group Members
  • Add User
  • Delete User
  • Disable User
  • Enable User
  • Get User Details
  • List Users
  • Reset Password

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Azure Active Directory is a managed multi-tenant service from Microsoft that offers identity and access capabilities for the cloud using Azure Active Directory REST API services.

This document provides information about the Azure Active Directory connector, which facilitates automated interactions, between Azure Active Directory REST API services and FortiSOAR™ playbooks. Add the Azure Active Directory connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list of users from Azure Active Directory, or disabling the account of a specific user in Azure Active Directory.

Version information

Connector Version: 2.1.0

FortiSOAR™ Version Tested on: 7.3.1-2105

Azure Active Directory Version Tested on: Azure Cloud

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.1.0

Following enhancements have been made to the Azure Active Directory connector in version 2.1.0:

Getting Access Tokens

You can get authentication tokens to access the security graph APIs using two methods:

Getting Access Tokens using the On behalf of the user – Delegate Permission method

  1. Ensure that the required permissions are granted for the registration of the application.
    For example, for a Microsoft Graph User, following API/Permissions must be granted:
    • User.ReadBasic.All
    • User.Read
    • User.ReadWrite
    • User.ManageIdentities.All
    • Group.ReadWrite.All
    • GroupMember.Read.All
    • GroupMember.ReadWrite.All
    • Group.Read.All
    • User.Read.All
    • User.ReadWrite.All
    • AuditLog.Read.All
    • Directory.Read.All
    • Directory.ReadWrite.All
    • Directory.AccessAsUser.All of type Delegated.
  2. The Redirect URL can be directed to any web application in which you want to receive responses from Azure AD. If you are unsure about what to set as a redirect URL, you can use https://localhost/myapp.
  3. Copy the following URL and replace the TENANT_ID, CLIENT_ID, and REDIRECT_URI with your tenant ID, client ID, and the following redirect URL:
    https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?response_type=code&scope=offline_access https://graph.microsoft.com/.default&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI
  4. Enter the above link with the replaced values and you will be prompted to grant permissions for your Azure Service Management. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE&session_state=SESSION_STATE
  5. Copy the AUTH_CODE (without the "code=" prefix) and paste it in your instance configuration in the Authorization Code parameter.
  6. Enter your client ID in the Client ID parameter field.
  7. Enter your client secret in the Client Secret parameter field.
  8. Enter your tenant ID in the Tenant ID parameter field.
  9. Enter your redirect URL in the Redirect URL parameter field. By default, it is set to https://localhost/myapp.

Getting Access Tokens Without a User - Application Permission method

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-azure-active-directory

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Azure Active Directory connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:

Parameter Description
Get Access Token Select the method using which you will get authentication tokens used to access the security graph APIs. You can choose between On behalf of User – Delegate Permission or Without a User - Application Permission. For more information, see the Getting Access Tokens section.
Server URL The service-based URL to which you will connect and perform the automated operations.
Client ID Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Client Secret Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.
Tenant ID ID of the tenant that you have been provided for your Azure Active Directory instance.
Authorization Code (Only Applicable to On behalf of User – Delegate Permission) The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the On behalf of the user – Delegate Permission method section.
Redirect URL (Only Applicable to On behalf of User – Delegate Permission) The redirect_uri of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match one of the redirect_uri's you have registered in your app registration portal.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onwards:

Function Description Annotation and Category
List Groups Retrieves a list of groups from Azure Active Directory based on the query for filtering groups that you have specified. list_groups
Investigation
Get Group Details Retrieves the details of a particular group from Azure Active Directory based on the group ID that you have specified. get_group_details
Investigation
List SignIns Events Retrieves the list of sign-in events from Azure Active Directory based on the query for filtering users that you have specified. list_sign_ins
Investigation
Remove Member Removes a member from a group based on the group and user ID that you have specified. remove_member
Investigation
Add Member Adds a member to a group based on the group and user ID that you have specified. add_member
Investigation
List Group Members Retrieves a list of members of a particular group from Azure Active Directory based on the query for filtering group members that you have specified. list_group_members
Investigation
List Users Retrieves a list of users from Azure Active Directory based on the query for filtering users you have specified. list_users
Investigation
Get User Details Retrieves specific information for a specific user from Azure Active Directory, based on the Object ID or User Principal Name you have specified. get_user_details
Investigation
Add User Creates a new user in Azure Active Directory, based on the User Principal Name, Display Name, Password, and other input parameters you have specified. add_user
Investigation
Enable User Enables a specific user's account in Azure Active Directory, based on the Object ID or User Principal Name you have specified. enable_user
Containment
Disable User Disables a specific user's account in Azure Active Directory, based on the Object ID or User Principal Name you have specified. disable_user
Containment
Delete User Deletes a specific user's account from Azure Active Directory, based on the Object ID or User Principal Name you have specified. delete_user
Investigation
Reset Password Resets the password for an existing Azure Active Directory user, based on the Object ID or User Principal Name, password, and other input parameters you have specified. reset_password
Containment

operation: List Groups

Input parameters

Parameter Description
Filter Query Specify the filter query based on which you want to retrieve groups. Refer to Azure Filter Query Parameters for information on the filter query syntax.
Select Query Specify the $select query to retrieve groups from Azure Active Directory. The OData's Select query is supported on fields such as id, displayName, etc. Refer to OData system query options for more information.
Number Of Groups To Fetch (Optional) Specify the maximum number of groups that this operation should return from Azure.
Get All Pages Select this option, i.e., set it to true, to fetch all pages containing all available records from Azure.
Skip Token (Optional) Specify a Skiptoken if a previous operation returned a partial result. If the previous response contains a nextLink element, the value of the nextLink element includes a skiptoken parameter that specifies a starting point to use for subsequent calls.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"@odata.count": "",
"value": [
{
"id": "",
"deletedDateTime": "",
"classification": "",
"createdDateTime": "",
"creationOptions": [],
"description": "",
"displayName": "",
"expirationDateTime": "",
"groupTypes": [],
"isAssignableToRole": "",
"mail": "",
"mailEnabled": "",
"mailNickname": "",
"membershipRule": "",
"membershipRuleProcessingState": "",
"onPremisesDomainName": "",
"onPremisesLastSyncDateTime": "",
"onPremisesNetBiosName": "",
"onPremisesSamAccountName": "",
"onPremisesSecurityIdentifier": "",
"onPremisesSyncEnabled": "",
"preferredDataLocation": "",
"preferredLanguage": "",
"proxyAddresses": [],
"renewedDateTime": "",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": "",
"securityIdentifier": "",
"theme": "",
"visibility": "",
"onPremisesProvisioningErrors": []
}
]
}

operation: List Group Members

Input parameters

Parameter Description
Group ID Specify an ID of the group for which you want to list the members.
Filter Query Specify the filter query based on which you want to retrieve group members. Refer to Azure Filter Query Parameters for information on the filter query syntax.
Select Query Specify the $select query to retrieve group members from Azure Active Directory. The OData's Select query is supported on fields such as id, userPrincipalName, displayName, etc.
Number Of Group Members To Fetch (Optional) Specify the maximum number of group members that this operation should return from Azure.
Get All Pages Select this option, i.e., set it to true, to fetch all pages containing all available records from Azure.
Skip Token (Optional) Specify a Skiptoken if a previous operation returned a partial result. If the previous response contains a nextLink element, the value of the nextLink element includes a skiptoken parameter that specifies a starting point to use for subsequent calls.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"@odata.count": "",
"value": [
{
"@odata.type": "",
"id": "",
"businessPhones": [],
"displayName": "",
"givenName": "",
"jobTitle": "",
"mail": "",
"mobilePhone": "",
"officeLocation": "",
"preferredLanguage": "",
"surname": "",
"userPrincipalName": ""
}
]
}

operation: Get Group Details

Input parameters

Parameter Description
Group ID Specify a group ID to fetch the details for that group.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"id": "",
"deletedDateTime": "",
"classification": "",
"createdDateTime": "",
"creationOptions": [],
"description": "",
"displayName": "",
"expirationDateTime": "",
"groupTypes": [],
"isAssignableToRole": "",
"mail": "",
"mailEnabled": "",
"mailNickname": "",
"membershipRule": "",
"membershipRuleProcessingState": "",
"onPremisesDomainName": "",
"onPremisesLastSyncDateTime": "",
"onPremisesNetBiosName": "",
"onPremisesSamAccountName": "",
"onPremisesSecurityIdentifier": "",
"onPremisesSyncEnabled": "",
"preferredDataLocation": "",
"preferredLanguage": "",
"proxyAddresses": [],
"renewedDateTime": "",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": "",
"securityIdentifier": "",
"theme": "",
"visibility": "",
"onPremisesProvisioningErrors": []
}

operation: Remove Member

Input parameters

Parameter Description
Group ID Specify a group ID from which you want to remove the user.
User ID Specify the directory object ID of the user to remove from the group.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Add Member

Input parameters

Parameter Description
Group ID Specify a group ID to which you want to add a user.
User ID Specify the directory object ID of the user to add to the group.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: List SignIns Events

Input parameters

Parameter Description
Filter Query Specify the filter query based on which you want to retrieve sign-in events from Azure Active Directory. The OData's Filter query is supported on the following fields: id, userPrincipalName, displayName, givenName and jobTitle. For example [userPrincipalName eq 'username@example.com'] retrieves a user whose userPrincipalName is username@example.com. Refer to OData system query options for more information.
Number of Events to Fetch (Optional) Specify the maximum number of events that this operation should return from Azure.
Get All Pages Select this option, i.e., set it to true, to fetch all pages containing all available records from Azure.
Skip Token (Optional) Specify a Skiptoken if a previous operation returned a partial result. If the previous response contains a nextLink element, the value of the nextLink element includes a skiptoken parameter that specifies a starting point to use for subsequent calls.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"@odata.nextLink": "",
"value": [
{
"id": "",
"createdDateTime": "",
"userDisplayName": "",
"userPrincipalName": "",
"userId": "",
"appId": "",
"appDisplayName": "",
"ipAddress": "",
"clientAppUsed": "",
"correlationId": "",
"conditionalAccessStatus": "",
"isInteractive": "",
"riskDetail": "",
"riskLevelAggregated": "",
"riskLevelDuringSignIn": "",
"riskState": "",
"riskEventTypes": [],
"riskEventTypes_v2": [],
"resourceDisplayName": "",
"resourceId": "",
"status": {
"errorCode": "",
"failureReason": "",
"additionalDetails": ""
},
"deviceDetail": {
"deviceId": "",
"displayName": "",
"operatingSystem": "",
"browser": "",
"isCompliant": "",
"isManaged": "",
"trustType": ""
},
"location": {
"city": "",
"state": "",
"countryOrRegion": "",
"geoCoordinates": {
"altitude": "",
"latitude": "",
"longitude": ""
}
},
"appliedConditionalAccessPolicies": []
}
]
}

operation: List Users

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Filter Query Specify the filter query based on which you want to retrieve users from Azure Active Directory. The OData's Filter query is supported on the following fields: id, userPrincipalName, displayName, givenName and jobTitle. For example [userPrincipalName eq "username@example.com"] retrieves a user whose userPrincipalName is username@example.com
Select Query Specify the $select query to retrieve user fields from Azure Active Directory. The OData's Select query is supported on fields such as id, userPrincipalName, displayName, etc. Refer to OData system query options for more information.
Search Query Specify the search query to retrieve user details from Azure Active Directory. The OData's Search query is supported on fields such as id, userPrincipalName, displayName, etc. Refer to OData system query options for more information.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"value": [
{
"businessPhones": [],
"displayName": "",
"givenName": "",
"jobTitle": "",
"mail": "",
"mobilePhone": "",
"officeLocation": "",
"preferredLanguage": "",
"surname": "",
"userPrincipalName": "",
"id": ""
}
]
}

operation: Get User Details

Input parameters

Parameter Description
Based On Select the parameter based on which you want to retrieve details of a user from Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID of the user whose details are to be retrieved from Azure Active Directory.
  • User Principal Name: Specify the principal name of the user whose details are to be retrieved from Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"businessPhones": [],
"displayName": "",
"givenName": "",
"jobTitle": "",
"mail": "",
"mobilePhone": "",
"officeLocation": "",
"preferredLanguage": "",
"surname": "",
"userPrincipalName": "",
"id": ""
}

operation: Add User

Input parameters

Parameter Description
Display Name Specify the name that you want to be displayed in the address book for the user that you are creating in Azure Active Directory.
Mail Nick Name Specify the mail alias for the user that you are creating in Azure Active Directory.
User Principal Name Specify the principal name of the user that you are creating in Azure Active Directory.
Password Specify the password of the user that you are creating in Azure Active Directory.
Force Change Password Next Login Select this option, i.e., set it to true, to force the users to change their password when they next log on to Azure Active Directory.
Account Enabled Select this option, i.e., set it to true, to enable this user's account on Azure Active Directory.
Additional Fields (Optional) Specify additional fields to add to the user's account that you are creating in Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"@odata.context": "",
"id": "",
"businessPhones": [],
"displayName": "",
"givenName": "",
"jobTitle": "",
"mail": "",
"mobilePhone": "",
"officeLocation": "",
"preferredLanguage": "",
"surname": "",
"userPrincipalName": ""
}

operation: Enable User

Input parameters

Parameter Description
Based On Select the parameter based on which you want to enable a user's account on Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID associated with the user account to be enabled on Azure Active Directory.
  • User Principal Name: Specify the principal name associated with the user account to be enabled on Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Disable User

Input parameters

Parameter Description
Based On Select the parameter based on which you want to disable a user's account on Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID associated with the user account to be disabled on Azure Active Directory.
  • User Principal Name: Specify the principal name associated with the user account to be disabled on Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Delete User

Input parameters

Parameter Description
Based On Select the parameter based on which you want to delete a user's account on Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID associated with the user account to be deleted on Azure Active Directory.
  • User Principal Name: Specify the principal name associated with the user account to be deleted on Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Reset Password

Input parameters

Parameter Description
Based On Select the parameter based on which you want to reset the password of a user's account on Azure Active Directory. You can choose from the following options:
  • Object ID: Specify the object ID associated with the user account whose password is to be reset on Azure Active Directory.
  • User Principal Name: Specify the principal name associated with the user account whose password is to be reset on Azure Active Directory.
Password Specify a temporary password that you want to set for the user on Azure Active Directory.
Force Change Password Next Login Select this option, i.e., set it to true, to force the users to change their password when they next log on to Azure Active Directory.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

Included playbooks

The Sample - Azure Active Directory - 2.1.0 playbook collection comes bundled with the Azure Active Directory connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Azure Active Directory connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next