使用 Microsoft Graph 创建用户
Dar*_*n S 3 c# azure-active-directory microsoft-graph-api
如何使用 Microsoft graph 创建用户?因为我在保存过程中遇到了权限失败的问题。
我确实有几个问题。
在图中调用创建用户 API 将在哪里创建用户?是在 Azure AD 还是其他地方?
我尝试通过传递 json 和必需的标头来调用创建用户 api,下面是我得到的错误
- 具体需要在哪里设置权限,我已经在应用注册入口添加了权限
但是当执行API时却显示我没有足够的权限。
仅供参考,我已使用与此处测试 API 相同的电子邮件 ID 注册了该应用程序https://developer.microsoft.com/en-us/graph/graph-explorer#
如果我不是管理员,我到底需要在哪里设置或请求它?
为了通过 Microsoft Graph创建用户,您需要请求Directory.ReadWrite.All或Directory.AccessAsUser.All权限。
Important: Directory.ReadWrite.All and Directory.AccessAsUser.All both require Admin Consent before you can use them. If you're using Graph Explorer then the URI you need to provide your tenant Admin will be generated for you. If you're doing this in your own application, you'll need to construct an Admin Consent URI yourself. You can find more details on this at v2 Endpoint & Admin Consent.
Once you have the proper permissions configured (and consented), you'll want to POST the following JSON body/payload to https://graph.microsoft.com/v1.0/users:
{
"accountEnabled": true,
"displayName": "displayName-value",
"mailNickname": "mailNickname-value",
"userPrincipalName": "upn-value@tenant-name.onmicrosoft.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "password-value"
}
}
This will create a user with a temporary password. The user will be asked to set a new password as after as they authenticate for the first time.