Microsoft Graph Identity & Access
Use the Microsoft Graph Identity and Access integration to manage roles and members.
#
Configure MicrosoftGraphIdentityandAccess on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for MicrosoftGraphIdentityandAccess.
Click Add instance to create and configure a new integration instance.
Parameter Required Application ID True Trust any certificate (not secure) False Use system proxy settings False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
msgraph-identity-auth-startRun this command to start the authorization process and follow the instructions in the command results.
#
msgraph-identity-auth-completeRun this command to complete the authorization process. Should be used after running the msgraph-identity-auth-start command.
#
msgraph-identity-auth-resetRun this command if for some reason you need to rerun the authentication process.
#
msgraph-identity-auth-testTests connectivity to Microsoft.
#
msgraph-identity-directory-roles-listLists the roles in the directory.
#
Base Commandmsgraph-identity-directory-roles-list
#
InputArgument Name | Description | Required |
---|---|---|
limit | Maximum number of results to fetch. Default is 10. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
MSGraphIdentity.Role.deletedDateTime | Date | The time when a role was deleted. Displays only if a role was deleted. |
MSGraphIdentity.Role.description | String | The description of the directory role. |
MSGraphIdentity.Role.displayName | String | The display name of the directory role. |
MSGraphIdentity.Role.id | String | The unique identifier of the directory role. |
MSGraphIdentity.Role.roleTemplateId | String | The ID of the directory role template on which the role is based. |
#
Command Example!msgraph-identity-directory-roles-list limit=1
#
Context Example#
Human Readable Output#
Directory roles:
id displayName description roleTemplateId id Application Administrator Can create and manage all aspects of app registrations and enterprise apps. role-template-id
#
msgraph-identity-directory-role-activateActivates a role by its template ID.
#
Base Commandmsgraph-identity-directory-role-activate
#
InputArgument Name | Description | Required |
---|---|---|
role_template_id | ID of the role template to activate. Can be retrieved using the msgraph-identity-directory-roles-list command. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
MSGraphIdentity.Role.deletedDateTime | Date | The time when the role was deleted. Displays only if the role was deleted. |
MSGraphIdentity.Role.description | String | The description of the directory role. |
MSGraphIdentity.Role.displayName | String | The display name of the directory role. |
MSGraphIdentity.Role.id | String | The unique identifier of the directory role. |
MSGraphIdentity.Role.roleTemplateId | String | The ID of the directory role template on which this role is based. |
#
Command Example!msgraph-identity-directory-role-activate role_template_id=role-template-id
#
Context Example#
Human Readable Output#
Role has been activated
id roleTemplateId displayName description deletedDateTime id role-template-id Application Administrator Can create and manage all aspects of app registrations and enterprise apps.
#
msgraph-identity-directory-role-members-listGets all members in a role ID.
#
Base Commandmsgraph-identity-directory-role-members-list
#
InputArgument Name | Description | Required |
---|---|---|
role_id | The ID of the application for which to get its role members list. Can be retrieved using the msgraph-identity-directory-roles-list command. | Required |
limit | The maximum number of members to fetch. Default is 10. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
MSGraphIdentity.RoleMember.user_id | String | The unique identifier of the user in the role. |
MSGraphIdentity.RoleMember.role_id | String | The unique identifier of the role specified in the input. |
#
Command Example!msgraph-identity-directory-role-members-list role_id=:role:
#
Context Example#
Human Readable Output#
Role ':role:' members:
role_id user_id :role: 70585180-517a-43ea-9403-2d80b97ab19d,
5d9ed8e5-be5c-4aaf-86f8-c133c5cd19de,
"id",
a7cedb37-c4e5-4cfb-a327-7bafb34a1f49
#
msgraph-identity-directory-role-member-addAdds a user to a role.
#
Base Commandmsgraph-identity-directory-role-member-add
#
InputArgument Name | Description | Required |
---|---|---|
role_id | The ID of the role to add the user to. Can be retrieved using the msgraph-identity-directory-roles-list command. | Required |
user_id | The ID of the user to add to the role. Can be retrieved using the msgraph-identity-directory-role-members-list command. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!msgraph-identity-directory-role-member-add role_id=:role: user_id=:id:
#
Human Readable OutputUser ID ๐ has been added to role :role:
#
msgraph-identity-directory-role-member-removeRemoves a user from a role.
#
Base Commandmsgraph-identity-directory-role-member-remove
#
InputArgument Name | Description | Required |
---|---|---|
role_id | ID of the role from which to remove the user. Can be retrieved using the msgraph-identity-directory-roles-list command. | Required |
user_id | ID of the user to remove from the role. Can be retrieved using the msgraph-identity-directory-role-members-list command. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!msgraph-identity-directory-role-member-remove role_id=:role: user_id=:id:
#
Human Readable OutputUser ID ๐ has been removed from role :role: