InsightConnect Marketplace

Azure AD Admin

Back to Marketplace

Azure AD Admin

v1.3.0

Administrative tasks in Azure AD

Tags: Microsoft, Azure, Active Directory, Administration


Actions
  • Add User to Group
  • Create User and Notify
  • Disable User Account
  • Enable User Account
  • Force User to Change Password
  • Get Group by Name
  • Get User Info
  • Remove User from Group

Azure AD Admin

About

Azure AD Admin will perform administrative tasks in Azure AD. It uses the User endpoint in the Microsoft Graph API.

NOTE: The application this plugin connects to needs the following permissions:

  • Directory.AccessAsUser.All
  • Directory.ReadWrite.All
  • User.ReadWrite.All

The application will need to be added to the Global Administrator role. This can be done in Roles and administrators in Azure Active directory via the Azure Portal.

Actions

Create User and Notify

This action is used to create a user with a randomly generated password and send out an email with the password.

Input

Name Type Default Required Description Enum
account_enabled boolean True False true if the account is enabled; otherwise, false None
display_name string None True The name to display in the address book for the user e.g. displayName-value None
mail_nickname string None False The mail alias for the user e.g. mailNickname-value None
notify_email_body string None False Body of the email to be sent out. Use $password to place the generated password None
notify_from string None True User from which email notifcation will be sent None
notify_recipient string None True Email address of the account to be notified of user creation None
user_principal_name string None True The user principal name e.g. someuser@contoso.com None

Output

Name Type Required Description
success boolean True Did the step succeed

Example output:

{
  "success": true
}

Disable User Account

This action is used to disable a user account. This action will not disable an administrative account.

Input

Name Type Default Required Description Enum
user_id string None True User ID to disable e.g. bob@hotmail.com None

Output

Name Type Required Description
success boolean True Was operation successful

Example output:

{
  "success": true
}

Enable User Account

This action is used to enable a user account.

Input

Name Type Default Required Description Enum
user_id string None True User ID to enable e.g. bob@hotmail.com None

Output

Name Type Required Description
success boolean True Was operation successful

Example output:

{
  "success": true
}

Force User to Change Password

This action forces a user to change their password on their next successful login.

Input

Name Type Default Required Description Enum
user_id string None True User ID None

Output

Name Type Required Description
success boolean True Was operation successful

Example output:

{
  "success": true
}

Get User Info

This action is used to get user information.

Input

Name Type Default Required Description Enum
user_id string None True User ID e.g. bob@hotmail.com None

Output

Name Type Required Description
user_information object True Information about a user

Example output:

{
  "user_information": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
    "businessPhones": [],
    "displayName": "Joey McAdams",
    "givenName": "Joey",
    "jobTitle": "Sr. Software Engineer",
    "mail": "",
    "mobilePhone": "",
    "officeLocation": "",
    "preferredLanguage": "",
    "surname": "McAdams",
    "userPrincipalName": "bob@hotmail.com",
    "id": "08290005-23ba-46b4-a377-b381d651a2fb",
    "accountEnabled": true
  }
}

Get Group by Name

This action is used to get a group by it's name.

Input

Name Type Default Required Description Enum
name string None True Name None

Output

Name Type Required Description
group object False Group

Example output:

{
  "group": {
    "id": "bb4d41d4-eb13-4a33-99b5-7d7290df22e9",
    "deletedDateTime": null,
    "classification": null,
    "createdDateTime": "2019-09-20T12:15:21Z",
    "creationOptions": [],
    "description": "Azure AD Test Group",
    "displayName": "Azure AD Test Group",
    "groupTypes": [
      "Unified"
    ],
    "isAssignableToRole": false,
    "mail": "AzureADTestGroup@komanddev.onmicrosoft.com",
    "mailEnabled": true,
    "mailNickname": "AzureADTestGroup",
    "onPremisesLastSyncDateTime": null,
    "onPremisesSecurityIdentifier": null,
    "onPremisesSyncEnabled": null,
    "preferredDataLocation": null,
    "proxyAddresses": [
      "SPO:SPO_618d645a-541b-4349-a7c0-3bb73eedd701@SPO_5c824599-dc8c-4d31-96fb-3b886d4f8f10",
      "SMTP:AzureADTestGroup@komanddev.onmicrosoft.com"
    ],
    "renewedDateTime": "2019-09-20T12:15:21Z",
    "resourceBehaviorOptions": [],
    "resourceProvisioningOptions": [],
    "securityEnabled": true,
    "visibility": "Public",
    "onPremisesProvisioningErrors": []
  }
}

Add User to Group

This action is used to add a user to a group.

Input

Name Type Default Required Description Enum
group_name string None True Group Name e.g. My Azure Group None
user_id string None True User ID e.g. bob@hotmail.com None

Output

Name Type Required Description
success boolean False Was operation successful

Example output:

{
  "success": true
}

Remove User from Group

This action is used to remove a user from a group.

Input

Name Type Default Required Description Enum
group_name string None True Group Name e.g. My Azure Group None
user_id string None True User ID e.g. bob@hotmail.com None

Output

Name Type Required Description
success boolean False Was operation successful

Example output:

{
  "success": true
}

Triggers

This plugin does not contain any triggers.

Connection

The connection configuration accepts the following parameters:

Name Type Default Required Description Enum
app_id string None True The ID of the registered app that obtained the refresh token None
app_secret credential_secret_key None True The secret of the registered app that obtained the refresh token None
tenant_id string None True The ID of the directory that identifies the tenant None

Troubleshooting

This plugin does not contain any troubleshooting information.

Workflows

Examples:

  • Disable a user
  • Enable a user
  • Get user information

Versions

  • 1.0.0 - Initial plugin
  • 1.1.0 - New action Force User to Change Password
  • 1.2.0 - New actions Get Group by Name, Add User to Group, and Remove User from Group
  • 1.3.0 - New action Create User

References

Custom Output Types

user_information

Name Type Required Description
@odata.context string False @odata.context
accountEnabled boolean False Account enabled
businessPhones []string False Business phones
displayName string False Display name
givenName string False Given Name
id string False ID
jobTitle string False Job title
mail string False Mail
mobilePhone string False Mobile phone
officeLocation string False Office Location
preferredLanguage string False Preferred language
surname string False Surname
userPrincipalName string False User Principal Name

group

Name Type Required Description
createdDateTime string False Created date time
description string False Description
displayName string False Display name
groupTypes []string False Group types
id string False ID
isAssignableToRole boolean False Is assignable to role
mail string False Mail
mailEnabled boolean False Mail enabled
mailNickname string False Mail nickname
proxyAddresses []string False Proxy addresses
renewedDateTime string False Renewed date time
securityEnabled boolean False Security enabled
visibility string False Visibility
plugin_spec_version: v2
name: azure_ad_admin
title: Azure AD Admin
description: Administrative tasks in Azure AD
version: 1.3.0
vendor: rapid7
status: ["supported"]
tags:
  - Microsoft
  - Azure
  - Active Directory
  - Administration
types:
  user_information:
    accountEnabled:
      title: "Account Enabled"
      type: boolean
      description: "Account enabled"
      required: false
    displayName:
      title: "Display Name"
      type: string
      description: "Display name"
      required: false
    mobilePhone:
      title: "Mobile Phone"
      type: string
      description: "Mobile phone"
      required: false
    preferredLanguage:
      title: "Preferred Language"
      type: string
      description: "Preferred language"
      required: false
    jobTitle:
      title: "Job Title"
      type: string
      description: "Job title"
      required: false
    userPrincipalName:
      title: "User Principal Name"
      type: string
      description: "User principal name"
      required: false
    "@odata.context":
      title: "@odata.Context"
      type: string
      description: "@odata.context"
      required: false
    officeLocation:
      title: "Office Location"
      type: string
      description: "Office location"
      required: false
    businessPhones:
      title: "Business Phones"
      type: "[]string"
      description: "Business phones"
      required: false
    mail:
      title: "Mail"
      type: string
      description: "Mail"
      required: false
    surname:
      title: "Surname"
      type: string
      description: "Surname"
      required: false
    givenName:
      title: "Given Name"
      type: string
      description: "Given Name"
      required: false
    id:
      title: "ID"
      type: string
      description: "ID"
      required: false

  group:
    mailNickname:
      title: "Mail Nickname"
      type: string
      description: "Mail nickname"
      required: false
    groupTypes:
      title: "Group Types"
      type: "[]string"
      description: "Group types"
      required: false
    displayName:
      title: "Display Name"
      type: string
      description: "Display name"
      required: false
    description:
      title: "Description"
      type: string
      description: "Description"
      required: false
    createdDateTime:
      title: "Created Date Time"
      type: string
      description: "Created date time"
      required: false
    securityEnabled:
      title: "Security Enabled"
      type: boolean
      description: "Security enabled"
      required: false
    renewedDateTime:
      title: "Renewed Date Time"
      type: string
      description: "Renewed date time"
      required: false
    proxyAddresses:
      title: "Proxy Addresses"
      type: "[]string"
      description: "Proxy addresses"
      required: false
    visibility:
      title: "Visibility"
      type: string
      description: "Visibility"
      required: false
    mail:
      title: "Mail"
      type: string
      description: "Mail"
      required: false
    isAssignableToRole:
      title: "Is Assignable to Role"
      type: boolean
      description: "Is assignable to role"
      required: false
    id:
      title: "ID"
      type: string
      description: "ID"
      required: false
    mailEnabled:
      title: "Mail Enabled"
      type: boolean
      description: "Mail enabled"
      required: false

connection:
  tenant_id:
    title: Tenant ID
    description: The ID of the directory that identifies the tenant
    type: string
    required: true
  application_id:
    title: App ID
    description: The ID of the registered application that obtained the refresh token
    type: string
    required: true
  application_secret:
    title: App Secret
    description: The secret of the registered application that obtained the refresh token
    type: credential_secret_key
    required: true


actions:
  disable_user_account:
    title: Disable User Account
    description: Disable a user account. This action will not disable an administrative account
    input:
      user_id:
        title: User ID
        type: string
        description: User ID to disable e.g. bob@hotmail.com
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: true
  enable_user_account:
    title: Enable User Account
    description: Enable a user account
    input:
      user_id:
        title: User ID
        type: string
        description: User ID to enable e.g. bob@hotmail.com
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: true
  get_user_info:
    title: Get User Info
    description: Get user information
    input:
      user_id:
        title: User ID
        type: string
        description: User ID e.g. bob@hotmail.com
        required: true
    output:
      user_information:
        title: User Information
        description: Information about a user
        type: user_information
        required: true
  create_user:
    title: Create User and Notify
    description: Create a user with a randomly generated password and send out an email with the password
    input:
      display_name:
        title: Display Name
        description: The name to display in the address book for the user e.g. displayName-value
        type: string
        required: true
      mail_nickname:
        title: Mail Nickname
        description: The mail alias for the user e.g. mailNickname-value
        required: false
        type: string
      user_principal_name:
        title: User Principal Name
        description: The user principal name e.g. someuser@contoso.com
        required: true
        type: string
      account_enabled:
        title: Account Enabled
        description: True if the account is enabled; otherwise, false
        type: boolean
        default: true
        required: false
      notify_email_body:
        required: false
        title: Notify Email Body
        type: string
        description: Body of the email to be sent out. Use $password to place the generated password
      notify_recipient:
        required: true
        title: Recipient of creation email
        type: string
        description: Email address of the account to be notified of user creation
      notify_from:
          required: true
          title: Notify from
          description: User from which email notifcation will be sent
          type: string
    output:
      success:
        title: Success
        type: boolean
        required: true
        description: Did the step succeed
  force_user_to_change_password:
    title: Force User to Change Password
    description: Forces a user to change their password on their next successful login
    input:
      user_id:
        title: User ID
        type: string
        description: User ID
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: true
  get_group_by_name:
    title: Get Group by Name
    description: Get a group by it's name
    input:
      name:
        title: Name
        description: Name
        type: string
        required: true
    output:
        group:
          title: Group
          description: Group
          type: group
          required: false
  add_user_to_group:
    title: Add User to Group
    description: Add a user to a group
    input:
      user_id:
        title: User ID
        description: User ID e.g. bob@hotmail.com
        type: string
        required: true
      group_name:
        title: Group Name
        description: Group Name e.g. My Azure Group
        type: string
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: false
  remove_user_from_group:
    title: Remove User from Group
    description: Remove a user from a group
    input:
      user_id:
        title: User ID
        description: User ID e.g. bob@hotmail.com
        type: string
        required: true
      group_name:
        title: Group Name
        description: Group Name e.g. My Azure Group
        type: string
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: false
Other plugins
BMC Remedy ITSM
Rapid7   |   v1.7.0
Plugin
Get
String Operations
Rapid7   |   v1.2.0
Plugin
Get
Microsoft Teams
Rapid7   |   v1.2.2
Plugin
Get
HTML
Rapid7   |   v1.2.0
Plugin
Get
Active Directory LDAP
Rapid7   |   v3.2.6
Plugin
Get