Reputation: 61433
How can I use MS Graph to list Azure AD instances for a given LiveID account?
I have a customer who is using a liveID account to manage 20+ different Azure AD directories.
How can I get a list of all the Azure AD instances associated with this account?
I tried using this graph explorer to figure out which query was correct, however every time I tried to consent to a Directory Read consent, the tool didn't accept it. (it would run, but the checkbox would be cleared upon inspection )
My goal is to determine at runtime, which instances have had "administrative consent" to access applications stored in my tenant. Then I will prompt the administrator to consent for those apps.
I'm tagging as MSAL and ADAL, I can't get either to work with a MSFT Account that is an admin for Azure AD
Testing
I am using this MSFT sample and posted this debug code in on any controller that is currently using ActiveDirectoryClient. This code works for any AzureAD account.
var pagedCollectionTenants = await client.TenantDetails.ExecuteAsync();
do
{
var tenants = pagedCollectionTenants.CurrentPage.ToList();
foreach (var tenant in tenants)
{
System.Diagnostics.Debug.WriteLine(tenant.DisplayName + " id " + tenant.ObjectId + " " +
tenant.Street + " " +
tenant.City + " " +
tenant.State + " " +
tenant.PostalCode + " " + tenant.PreferredLanguage + " " + tenant.TelephoneNumber);
System.Diagnostics.Debug.WriteLine(" ** Assigned Plans **");
foreach (var plan in tenant.AssignedPlans)
{
System.Diagnostics.Debug.WriteLine( " " + plan.AssignedTimestamp + " " + plan.ServicePlanId + " " + plan.Service + " " + plan.CapabilityStatus);
}
System.Diagnostics.Debug.WriteLine(" ** Provisioned Plans **");
foreach (var provisionedPlans in tenant.ProvisionedPlans)
{
System.Diagnostics.Debug.WriteLine(" " + provisionedPlans.CapabilityStatus + " " + provisionedPlans.ProvisioningStatus + " " + provisionedPlans.Service);
}
System.Diagnostics.Debug.WriteLine(" ** Verified Domains **");
foreach (var domain in tenant.VerifiedDomains)
{
System.Diagnostics.Debug.WriteLine(" " + domain.Type + " " + domain.Name + " " + domain.Initial + " " + domain.Id + " " + domain.Capabilities + " " + domain.@default);
}
}
pagedCollectionTenants = pagedCollectionTenants.GetNextPageAsync().Result;
} while (pagedCollectionTenants != null);
The results for a MSFT Account is the following:
Upvotes: 2
Views: 542
Answers (1)
Reputation: 27528
How can I get a list of all the Azure AD instances associated with this account?
I am not sure whether Microsoft Graph api expose the api call to get a list of all the Azure AD instances associated with this account . But i noticed in azure new portal , i could choose Multiple Windows Azure Active Directories by clicking my user name on top right part of portal . Use Fiddler you could find api call which portal use to get multiple Windows Azure Active Directories information :
https://ms.portal.azure.com/AzureHubs/api/tenants/List
Then you could add Windows Azure Service Management API in required permissions in your app :
Then using authorization code flow , you need to get access token for Windows Azure Service Management API by setting resource :https://management.core.windows.net/ .
After you get the access token , you could try below api calls to get all the Azure Active Directories :
POST https://ms.portal.azure.com/AzureHubs/api/tenants/List
Authorization: Bearer xxxxx
The result :
If your account is a microsft account and want to authenticate with app , you could add the account as external user in AAD .
Upvotes: 2
Related Questions
- Querying Azure AD using Graph API
- Microsoft Graph API: Getting the users who are assigned to a licence
- Microsoft Graph - Azure AD Information
- Azure ad graph api
- List azure ad using msgraph-sdk-java
- Graph API to get all AAD Properties
- Azure AD authentication failing when using ms live accounts other than my AAD acount
- Microsoft graph live status monitoring
- Microsoft Graph API from service
- AAD graph API - add Microsoft accounts