Oomnitza's Microsoft integration allows organizations to load the list of users from Microsoft Identity Service to then manage them inside Oomnitza's SaaS module. Microsoft Identity Service is used across most of the Microsoft products, including Office 365, Windows 10 and Azure.
You can find more details about the used API and Microsoft Identity at https://docs.microsoft.com/en-us/graph/overview?view=graph-rest-1.0 and details on Microsoft 365 licensing can be found at https://docs.microsoft.com/en-us/microsoft-365/commerce/licenses/subscriptions-and-licenses?view=o365-worldwide
Following integrations are available with Microsoft:
Microsoft 365 uses OAuth2 based authentication via Microsoft's Identity Management Platform. Details on how to create a Microsoft Identity Management OAuth2 App can be found here.
Once your OAuth2 app is created you must add your credentials to the vault in Oomnitza. For further information see Adding Microsoft credentials to the vault in Oomnitza.
Microsoft User load allows you to connect to the Microsoft graph API and load the list of users from there into the people module as well as into the SaaS module. The Microsoft user load provides a minimal list of fields to simply connect the users into the SaaS module. For a full list of user attributes you might want to check out the Microsoft Azure AD user load which basically connects to the same API underneath but has many additional fields. When setting up the user load for Microsoft, the required scope within the credential is User.Read.All .
The following fields can be mapped from Microsoft using Oomnitza's User Interface. For more information on creating Extended Connector Mappings, please see our article on Mapping Extended Connectors.
- User ID - the user id in MSFT 365 represented by a 36 character hex key
- Email - the user's email, which may only be provided if you are using any Exchange deployment
- Username in MSFT 365 - usually something that ends with @<companyname>,onmicrosoft.com
- Username short (before the @ sign) - same as above without the domain behind the @ sign
- Connector Sync Time - the current time to capture when the data was last synched
- Given Name
- Display Name
- Mobile Phone
- Office Location
SaaS User Role Block
This workflow block allows you to read a user's role, represented by the assigned Product SKUs from within Microsoft. We are accessing this from the licenseDetails api, see https://docs.microsoft.com/en-us/graph/api/user-list-licensedetails?view=graph-rest-1.0&tabs=http for more details.
You can use this block within a SaaS User workflow and you can find more details on setting up SaaS User workflows at https://oomnitza.zendesk.com/hc/en-us/articles/360053185893 . Please note that Microsoft does not provide a last login date and as such you can only get the Last Login date from SSO which for Microsoft is not very reliable.
API block (Presets)
The following Microsoft API block Presets are available:
Microsoft Delete User
Using this preset you can delete a user account within Microsoft Identity Service from within a SaaS User workflow. For details on user deletion within Microsoft, see https://docs.microsoft.com/en-us/graph/api/user-delete?view=graph-rest-1.0&tabs=http . Other than selecting the proper authentication, no other changes are required to use this preset.
Microsoft Disable User
This preset allows you to disable a user in Microsoft from a workflow on SaaS User by calling the update web service and setting the field accountEnabled to false. See more details at https://docs.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http .