Microsoft Graph Identity & Access
Use the Microsoft Graph Identity and Access integration to manage roles and members.
Configure MicrosoftGraphIdentityandAccess on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for MicrosoftGraphIdentityandAccess.
Click Add instance to create and configure a new integration instance.
Parameter Required Application ID True Azure AD endpoint False Trust any certificate (not secure) False Use system proxy settings False Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
msgraph-identity-auth-start#
Run this command to start the authorization process and follow the instructions in the command results.
msgraph-identity-auth-complete#
Run this command to complete the authorization process. Should be used after running the msgraph-identity-auth-start command.
msgraph-identity-auth-reset#
Run this command if for some reason you need to rerun the authentication process.
msgraph-identity-auth-test#
Tests connectivity to Microsoft.
msgraph-identity-directory-roles-list#
Lists the roles in the directory.
Base Command#
msgraph-identity-directory-roles-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | Maximum number of results to fetch. Default is 10. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| MSGraphIdentity.Role.deletedDateTime | Date | The time when a role was deleted. Displays only if a role was deleted. |
| MSGraphIdentity.Role.description | String | The description of the directory role. |
| MSGraphIdentity.Role.displayName | String | The display name of the directory role. |
| MSGraphIdentity.Role.id | String | The unique identifier of the directory role. |
| MSGraphIdentity.Role.roleTemplateId | String | The ID of the directory role template on which the role is based. |
Command Example#
!msgraph-identity-directory-roles-list limit=1
Context Example#
Human Readable Output#
Directory roles:#
id displayName description roleTemplateId id Application Administrator Can create and manage all aspects of app registrations and enterprise apps. role-template-id
msgraph-identity-directory-role-activate#
Activates a role by its template ID.
Base Command#
msgraph-identity-directory-role-activate
Input#
| Argument Name | Description | Required |
|---|---|---|
| role_template_id | ID of the role template to activate. Can be retrieved using the msgraph-identity-directory-roles-list command. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| MSGraphIdentity.Role.deletedDateTime | Date | The time when the role was deleted. Displays only if the role was deleted. |
| MSGraphIdentity.Role.description | String | The description of the directory role. |
| MSGraphIdentity.Role.displayName | String | The display name of the directory role. |
| MSGraphIdentity.Role.id | String | The unique identifier of the directory role. |
| MSGraphIdentity.Role.roleTemplateId | String | The ID of the directory role template on which this role is based. |
Command Example#
!msgraph-identity-directory-role-activate role_template_id=role-template-id
Context Example#
Human Readable Output#
Role has been activated#
id roleTemplateId displayName description deletedDateTime id role-template-id Application Administrator Can create and manage all aspects of app registrations and enterprise apps.
msgraph-identity-directory-role-members-list#
Gets all members in a role ID.
Base Command#
msgraph-identity-directory-role-members-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| role_id | The ID of the application for which to get its role members list. Can be retrieved using the msgraph-identity-directory-roles-list command. | Required |
| limit | The maximum number of members to fetch. Default is 10. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| MSGraphIdentity.RoleMember.user_id | String | The unique identifier of the user in the role. |
| MSGraphIdentity.RoleMember.role_id | String | The unique identifier of the role specified in the input. |
Command Example#
!msgraph-identity-directory-role-members-list role_id=:role:
Context Example#
Human Readable Output#
Role ':role:' members:#
role_id user_id :role: 70585180-517a-43ea-9403-2d80b97ab19d,
5d9ed8e5-be5c-4aaf-86f8-c133c5cd19de,
"id",
a7cedb37-c4e5-4cfb-a327-7bafb34a1f49
msgraph-identity-directory-role-member-add#
Adds a user to a role.
Base Command#
msgraph-identity-directory-role-member-add
Input#
| Argument Name | Description | Required |
|---|---|---|
| role_id | The ID of the role to add the user to. Can be retrieved using the msgraph-identity-directory-roles-list command. | Required |
| user_id | The ID of the user to add to the role. Can be retrieved using the msgraph-identity-directory-role-members-list command. | Required |
Context Output#
There is no context output for this command.
Command Example#
!msgraph-identity-directory-role-member-add role_id=:role: user_id=:id:
Human Readable Output#
User ID ๐ has been added to role :role:
msgraph-identity-directory-role-member-remove#
Removes a user from a role.
Base Command#
msgraph-identity-directory-role-member-remove
Input#
| Argument Name | Description | Required |
|---|---|---|
| role_id | ID of the role from which to remove the user. Can be retrieved using the msgraph-identity-directory-roles-list command. | Required |
| user_id | ID of the user to remove from the role. Can be retrieved using the msgraph-identity-directory-role-members-list command. | Required |
Context Output#
There is no context output for this command.
Command Example#
!msgraph-identity-directory-role-member-remove role_id=:role: user_id=:id:
Human Readable Output#
User ID ๐ has been removed from role :role: