Reputation: 3
Cannot find AAD group using Identities ADO API
I am trying to replicate this process of adding reviewers to my ADO PRs and would like to specifically make it work for AAD groups. To my understanding, this endpoint of adding reviewers to a PR requires a separate ID that is not a user's/group's Object ID (I call it an ADO ID). I am trying to use this endpoint to extract the ADO ID by providing an AAD group's Object ID. I have been successful in finding it for some groups but not others and I am not sure why that is. I have also been successful in using it to find users by specifying their email, but for groups it is a bit trickier. I've tried specifying the group's name but get the same results as using the Object ID. I do not have access to this group's identity id, identity descriptor, or subject descriptor. Please advise, thank you.
Upvotes: 0
Views: 1064
Answers (1)
Reputation: 13944
NOTE: Before doing as the following method, make sure your organization has connected to the correct AAD where the group you want to add is in.
Directly search and add the AAD group to the Pull Request the following steps:
- Execute the below API to search and get the details of the AAD group you want to add.
- Request URI:
POST https://dev.azure.com/{organization}/_apis/IdentityPicker/Identities?api-version=5.0-preview.1 - Request body:
{ "query": "{AAD group name}", "identityTypes": ["user", "group"], "operationScopes": ["ims", "source"], "options": { "MinResults": 5, "MaxResults": 40 }, "properties": [ "DisplayName", "IsMru", "ScopeName", "SamAccountName", "Active", "SubjectDescriptor", "Department", "JobTitle", "Mail", "MailNickname", "PhysicalDeliveryOfficeName", "SignInAddress", "Surname", "Guest", "TelephoneNumber", "Manager", "Description" ] } - Response body:
{ "results": [ { "queryToken": "addtovsts", "identities": [ { "entityId": "{entityId}", "entityType": "Group", "originDirectory": "aad", "originId": "{AAD group ID}", "localDirectory": null, "localId": null, "displayName": "{AAD group name}", "scopeName": "{AAD name}", "samAccountName": null, "active": null, "subjectDescriptor": null, "department": null, "jobTitle": null, "mail": "{mail}", "mailNickname": "{mailNickname}", "physicalDeliveryOfficeName": null, "signInAddress": null, "surname": null, "guest": false, "telephoneNumber": null, "description": null, "isMru": false } ], "pagingToken": "" } ] }
- Request URI:
- With the details returned from previous API, execute the below API to add the AAD group to the Pull Request.
- Request URI:
PUT https://dev.azure.com/{organization}/{project}/_apis/git/repositories/{repositoryId}/pullRequests/{pullRequestId}/reviewers?api-version=5.0 - Request body:
{ "entityId": "{entityId}", "entityType": "Group", "active": null, "department": null, "description": null, "displayName": "{AAD group name}", "guest": false, "id": "{AAD group ID}", "isAadIdentity": true, "isContainer": true, "isHosted": true, "isMru": false, "isRequired": false, // 'true' will set the group as the Required Reviewer, 'false' is Optional Reviewer "jobTitle": null, "localDirectory": null, "localId": null, "mail": "{mail}", // if you did not set mail, set the value same as 'mailNickname' "mailNickname": "{mailNickname}", "originDirectory": "aad", "originId": "{AAD group ID}", "physicalDeliveryOfficeName": null, "samAccountName": null, "scopeName": "{AAD name}", "signInAddress": null, "subjectDescriptor": null, "surname": null, "telephoneNumber": null, "vote": 0 }
- Request URI:
Upvotes: 2
Related Questions
- Azure AD group not visible in Devops
- How to fetch group memberships from an AAD group
- Adding an AAD group to Azure DevOps using the rest api
- Newly created azure ad group not available in azure devops (rest api)
- Azure AD does not return groups on claims
- Not able to retrieve hasGroups or groups claims in the Access Token, using the ADAL sample application
- Azure AD OAuth flow returns me “id token”. I need ‘access token’ to be able to get a list of groups
- Getting 401: Unauthorized response when querying groups endpoint of Azure AD Graph API
- Authorization_RequestDenied when trying to get groups from Azure Active Directory using Graph API
- how to get the groupId from group name in AAD graph API