Skip to main content

Azure AD User Blocking

Enable and Disable User Account using Missing TimeSheets

Requirements:

  • Azure AD
  • Azure AD App registration with Microsoft Graph Permissions:
    • User.ManageIdentities.All
    • User.ReadWrite.All
  • User With adusername = email address
  • user With Timesheet Required
  • Configuration Key "AzureADKeys"
{
"TenantId": "*",
"ClientId": "*",
"ClientSecret": "*"
}
  • Global Query "GetDelinquentUsers"

Block Workflow

Payload from GetDelinquentUsers Global Query:

{
"Data": [
{
"Oid": "7744be77-4370-4936-8d3d-61cb772ba545",
"UserName": "Adam",
"AdUserName":"adam@aduserdomain.org"
}
}

Unblock Workflow

  • Webhook for document Type Skill.Module.BusinessObjects.UnblockUserRequest pointing to Automation
  • Automation:
    • Use Payload from Webhook:
      • event.details.username
    • AzureAdAuthentication using AppId and AppSecret from Azure AD App registration
    • Rest - Patch MS Graph Api:

Payload from WebHook Example:

{
"secret": null,
"event": {
"id": "7744be77-4370-4936-8d3d-61cb772ba545",
...
},
"details": {
"userName": "adam@aduserdomain.org",
"requestUtcDate": "2021-08-03T14:11:37.2064188Z",
...
}
}
}