堆栈内存溢出
  简体   繁体   English

通过Azure AD中的API创建用户

[英]Create User via API in Azure AD

 原文  2018-08-09 21:44:42       api/ azure/ token

问题描述

GOAL : Create users in Azure Active Directory using our Global Admin account from an API. 目标 :使用我们的Global Admin帐户通过API在Azure Active Directory中创建用户。

PROBLEM : Every single way I try, I get "unauthorized". 问题 :我尝试的每一种方法都会得到“未授权”。

WHAT I'VE TRIED: 我尝试过的内容:

  • I've been focusing mostly on this: https://graph.microsoft.com/v1.0/invitations 我一直专注于此: https : //graph.microsoft.com/v1.0/invitations
  • I've tried as outlined here 我已经尝试过这里概述
  • the "Authorization Bearer {token}" is problematic -- I can't seem to properly retrieve tokens, using any of the built URLs recommended (ie, combining ClientID & TenantID in the URL.) “授权载体{token}”是有问题的-我似乎无法使用推荐的任何内置URL(即,在URL中结合ClientID和TenantID)来正确检索令牌。
  • I've tried the relevant portions of this , including creating the app, setting permissions on the app, trying both Web API and Native. 我试过的相关部分 ,包括创建应用程序,在应用程序设置权限,试图两台Web API和Native。 I'm able to get a code back, but using it always comes back with Unauthorized. 我可以找回代码,但是使用它总是带有未授权的代码。
    • As an aside, I am using Nintex to run this web service, as it is part of my workflow. 顺便说一句,我正在使用Nintex运行此Web服务,因为它是我工作流程的一部分。 Typically, web services don't give me issues. 通常,Web服务不会给我带来问题。 So, this sucks. 因此,这很糟糕。

I'm missing something, here. 我在这里想念东西。 Any thoughts or direction? 有什么想法或方向吗?

UPDATE: Removed the word "method" - bad choice of phrasing. 更新:删除了“方法”一词-错误的措词选择。

2 个解决方案

解决方案1
 0  2018-08-10 01:11:42

If you want to use Microsoft Graph explorer to create user as the global admin, you could use POST https://graph.microsoft.com/v1.0/users , and the required permission is: 如果要使用Microsoft Graph Explorer将用户创建为全局管理员,则可以使用POST https://graph.microsoft.com/v1.0/users ,并且所需的权限为:

Permissions 权限

在此处输入图片说明

For the details, you could read Create user . 有关详细信息,您可以阅读创建用户

解决方案2
 0  2018-08-13 06:09:16

Global admin runs as a user by default. 默认情况下,全局管理员以用户身份运行。 To grant access to Active Directory, you need to elevate permissions in the portal . 要授予对Active Directory的访问权限,您需要在门户中提升权限

I'm not convinced you have the permissions to create the user, and that's why I think you're getting the error. 我不相信您拥有创建用户的权限,因此我认为您遇到了错误。

Also, try and avoid using Global Admin. 另外,请尝试避免使用Global Admin。 Create a Service Principal and provide more granular permissions. 创建服务主体并提供更细化的权限。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过 Azure AD 使用客户端凭据保护 API - Securing API with client credentials via Azure AD 通过Azure API Management Rest服务创建用户 - Create a user via the Azure API management Rest service 无法通过Facebook API创建广告或广告素材 - Cannot create an ad or ad creative via the facebook API Azure Ad Graph API,获取用户信息和用户设备信息 - Azure Ad Graph API, Get User information and User Device Infromation 通过AD Oauth的Azure Service Management API访问失败 - Azure Service Management API access via AD Oauth fails 如何使用图形 api 更新 azure 广告中的用户密码 - How to update the password of user in azure ad using graph api "Azure 广告图 API" - Azure ad graph api 无法通过 Azure DevOps 的 API 创建用户 - Unable to create user through API of Azure DevOps Gitlab:通过API创建新用户 - 404 - Gitlab: create new user via API - 404 使用Powershell通过API在RabbitMQ中创建用户 - Using Powershell to create user in RabbitMQ via API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM