Am I misinterpreting this -- see image?
I go to documentation for managing Azure AD B2C, it tells me to use Azure AD Graph API, not Microsoft Graph API.
Then I click the link to go to Azure AD Graph API, it tells me to use the Microsoft Graph API, not the Azure AD Graph API.
Two questions:
What do I use to manage users in Azure AD B2C? Microsoft Graph API or Azure AD Graph API?
What's the easiest and most painless way to interact with the Graph API I should be using -- based on your answer to question #1? Can I use a tool like Postman? If I'm not mistaken, these are RESTful APIs.
What do I use to manage users in Azure AD B2C? Microsoft Graph API or
Azure AD Graph API?
As the document noted, you must use Azure AD Graph API. Azure AD Graph API can manage users in a B2C tenant (set local accounts, sign in names), but Microsoft Graph API cannot do this for now. Although Microsoft Graph closing the gap with Azure AD Graph, but it still cannot have some capabilities as Azure AD Graph API.
What's the easiest and most painless way to interact with the Graph
API I should be using -- based on your answer to question #1? Can I
use a tool like Postman? If I'm not mistaken, these are RESTful APIs.
Absolutely, you can just use Azure AD Graph API for Azure AD B2C for now.
By the way, if you want to know which API is more fit for Azure AD. It's hard to say. Sometimes it depends on what scenario you're in. There is a sheet of Gaps between Microsoft Graph and Azure AD Graph:
Both two type APIs can be used in Postman.
Fore more details about Microsoft Graph or the Azure AD Graph , you can refer to this Blog.
Related
I'm trying to figure out the best way to replicate an LDAP sync or a tool like Azure AD connect but for multiple Azure AD tenants to a single Azure AD B2C tenant. When a user is created in an Azure AD tenant it needs to sync over to the Azure AD B2C tenant. I need the user to exist in the B2C tenant before that user ever tries to login so I can't just point to the Azure AD tenant as the IDP. This is because not all of the users of the AD tenants will login but we will want to show the admin of that tenant all the users.
I've reached out to Microsoft's Azure architects but haven't gotten much feedback on the best approach. Looking for any examples or documentation on the best way to achieve this.
One way would be to develop a SCIM service that provides an endpoint for Azure AD to connect to.
The SCIM service would then call the Graph API to perform the user CRUD in B2C.
This is because B2C has no native SCIM support.
There is a Microsoft sample for the service that you could use. Described here.
I've registered an application (Any Azure AD directory - Multitenant) in Microsoft Azure AD to be able to work with MS Graph API for creating the groups and teams programmatically. Now I'm able to call the MS Graph API and create the groups. The issue I'm having right now is I have a naming policy like this <Department> - <Group name> in Azure AD and as I call the MS Graph API with the application identity and as I don't have any department for my app, the department part is always empty. I would like to know if there is a way to set department or other attributes for the app in Azure AD?
Thank you in advance!
There is no option to add attribute for the app in azure ad.
We need to move users from an on-premise Active Directory on Windows Server (not Azure Active Directory) to Azure AD B2C. But, we're having difficulty in trying to figure out how to read the user data from the AD using Azure products.
We're thinking about using one of the following Azure products to read from on-premise AD, but it's surprisingly difficult to find if this is possible or not, much less how to do it:
Azure Data Factory
Azure Logic App
Microsoft Power Platform Dataverse (formerly Common Data Service)
Power BI Data Flows
Note: We can't use Azure AD Connect to migrate the users because that tool isn't designed to work with B2C. Reference Microsoft's Azure AD B2C: Frequently asked questions (FAQ).
The Microsoft article Migrate users to Azure AD B2C says that a script needs to be written that uses the Microsoft Graph API to create user accounts in Azure AD B2C. But the article doesn't give advice on how to access the source data, which in our case is AD.
There is no out-of-box Azure product/solution that connects to on-prem AD. Maybe there is a way which requires you create custom connector and custom API for querying AD users. See this post.
The quickest way is using PowerShell cmdlet Get-ADUser to export the AD users and then import them into Azure B2C via Microsoft Graph Create User.
I found lot of threads regarding this but not sure if they are still valid at this point of time i.e. Jun 2019
This link which was updated on Jul 2017 says You must use Azure AD Graph API'to manage users in Azure AD B2C directory
But at the same time this link says As of February 2019, we started the process to deprecate some earlier versions of Azure Active Directory Graph API in favor of the Microsoft Graph API.
I found this link which has road map for AAD Graph and Micorsoft Graph. But still not clear weather we should use Microsoft Graph or Azure AD Graph for B2C tenant. I couldn't find any example how to fetch User attributes using Microsoft Graph
Question
Should I still keep on using 'Azure AD Graph'if I am dealing with B2C tenant?
You must use Azure AD Graph API to manage users in an Azure AD B2C tenant since Microsoft Graph doesn't support a few of the user properties (including the creationType property) that are used by Azure AD B2C.
I am developing an application which uses Azure AD as authentication provider.
Need to implement a two factor authentication for the application.
Is it possible to create our own provider and plugin into azure without using the one available with Azure AD.
As far as I know, the Azure AD doesn't support to use the third-party MFA authentication provider.
However we are also could build multi-factor authentication into custom apps with Azure AD. More detail about this you can refer this document.