Here is the problem:
I have a tenant with 50,000 users Every day I need to pull that user list to see what has changed. Example: Which users were added or removed, and what are their mySite URL is.
I can get some general information calling /users but, I need each user's mySite. The only way I have found to retrieve that is to call /users/userId?$select=mySite.
This implies I must make 50k calls and I then encounter throttling issues.
Is there a way through Microsoft Graph (or some other mechanism) to pull the user data, including mySite efficiently?
Related
I'm building a SPA site in React (using redux).
To my site, any user can connect through Google or Facebook.
Each user who logs in to the site receives a personal user_id.
For each user, the system needs to keep a history of documents created by this same user (like the recent docs in Word).
I need to create functionality that whenever the user is logged in he will be able to see a history of the five documents he has created/updated.
In addition, the latest documents will load even after disconnecting and reconnecting to the system.
To load the history into the system I am thinking of using a dedicated index in ElasticSearch.
My question is which way would be suitable the most to use when the user is already logged in and creates several documents one after the other -
Should I need to save everything within the index in ES or is there a smart way to save and update the information locally without producing a lot of calls to DB?
I want that in the end there will be only 2 DB calls that are made in total - one call to load the information on login and one call to update the information when the user logs out. Any other create and update docs will save locally on the client side until leaving the site.
I'm trying to build functionality into my app for 'admins' to assign users from their AD group to certain groups that are further assigned to app-specific roles. Basically a simple management component.
Adding the user with the oid to a group is easy, the problem I'm facing is finding the actual user.
Currently, the only option I'm seeing is making multiple api requests to v1.0/users (999 items max) and grouping them all in memory and then provide a simple search function to narrow it down.
I have also used the v1.0/me/people endpoint to search for users but this does not reveal all users from the AD group, just relevant users they deal with, so not too useful.
Is there any other api endpoint I could tap into to do a search ONLY on members of the same active directory?
Using the startsWith filter on multiple properties is probably the closest we can get to user search in MS Graph at the moment:
https://graph.microsoft.com/v1.0/users?$filter=startswith(displayName,'sarah') or startswith(givenName,'sarah') or startswith(surname,'sarah') or startswith(mail,'sarah') or startswith(userPrincipalName,'sarah')
Ended up switching to the old AD Graph API and implementing a query on the endpoint as follows:
https://graph.windows.net/{ tenant ID }/users?api-version=1.6&$select=mail,displayName,objectId,givenName,surname&$filter=startswith(givenName,'SEARCH TERM') or startswith(surname,'SEARCH TERM')
If a function receives 1 single param, it will search for that parameter in both givenName and surname but you could configure this to search accross any other supported fields.
You could also completely ditch the $select= completely to get the whole data. I didn't want the clutter though and those keys are enough for me.
Instead of going with startswith You may get better experience using search keyword:
https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http#example-6-use-search-to-get-users-with-display-names-that-contain-the-letters-wa-including-a-count-of-returned-objects
I am trying to figure out the most efficient way of interacting with Azure AD via Graph API when creating new users.
The problem is, i am importing a set of users from upload file. But before creating them in AD, i first get all the users from AD and the check if the username is already taken, if not i create the user.
What i am trying to understand, is it better to get all the users from AD at once or is it better to validate each user individually and make multiple calls to AD during the validation process?
Is there any resource i can refer to to get more insight on the issue?
If the amount of users you want to check is not large , you'd better check them with individual request rather than retrieving the entire user list from AAD .
You can use Microsoft Graph API get user operation:
https://graph.microsoft.com/v1.0/users/YourUPN
If user is not exist , it returns a 404 (not found). You can refer to document for getting access tokens to call Microsoft Graph . Code samples here are also for your reference .
For the past two days, I finally was able to understand how to extract data from Facebook's Graph API.
How to use Graph API to get user's total friend count [JavaScript]
Awesome, right? Now, for the next part.
I want to be able to store this data so that it can be publicly displayed on a user's profile within the application I am developing.
Here is the flow that I am thinking:
User goes to create an account on my application
User is asked via OAuth to pull in their Facebook data such as their profile picture, friend count, etc.
Their data is stored and synced to be always up-to-date [this is what I am trying to figure out]
The data stored is publicly displayed on their profile (such as their friend count)
I never went back to this - but from my understanding now versus what I knew back when I posted this; all one would need to do is store the data in a database so it can be spit back out- and it would just be associated to the user.
I have an application deployed on GAE. It allows users to register for an account, and I use the google user id as the primary key to link to their account.
I have a registration link that should be visible if either the user has not been authenticated by google and/or they do not have an account on my site.
What I am trying to figure out is what is the best way to figure out if the user has an account on my site as they go from page to page. I have an authentication filter that is triggered on every page, and the filter looks at their google id (if they are logged in), goes off and determines if the user has an account on my site, and sets a request parameter, that I use in the jsp to determine whether or not to show the registration link.
It seems wasteful to do that every time, so I refactored it and had the authentication filter store the Key object tied to their user account on my site in a Session. If the key attribute is not null, I take that to mean that the user is registered on my site.
Does that seem logical, or are there better approaches? The complexity to me comes from the fact that the user may be logged in with google, but that doesn't necessarily mean they have an account on my site.
My question
When it comes to storing authentication data, you have two options :
Store the data in session
Store the data on client side, in a cookie typically
Storing the data in session is a perfectly valid mechanism, and that's actually the most common.
However, managing a session is costly (you need to store it). In App Engine's case the sessions are stored in the Datastore, with probably some caching. So it's still a call to the datastore.
That should be totally acceptable, however if it turns out managing a session really decreases you app's performance, you can always store the data in an encrypted cookie. That way the information is provided by the browser every time it sends an HTTP request. Note that it means you must get encryption right and that HTTP requests will be slightly bigger (the size of the encrypted data).
So in the end it's a tradeoff. I would recommend sticking to sessions unless you experience performance issues. The advantage of sessions (compared to your fist approach) is that if you ever want to store additional data, you will have less code to add.