Is there anywhere an OAuth/oidc identity provider (cloud or on-premises) that supports sth. like company groups? I want to group the users in company groups. Every company group should have an company administrator user. The company administrator user should only see the users of his company.
Yes, I've tried miniOrange (Cloud/On-Premise based) who support this Super admin feature and it has worked very well for me. there may be some other Identity Providers in the market like OneLogin, KeyCloak etc. who support this usecase.
In this use case, designating administrators can help you manage your Company Groups and only certain types of administrators can add / remove other admins, post updates, and edit your Company Groups.
Related
I want to manage group membership for a single group in an automated way. My AD administrator has created an app & service principal, but is hesitant to give it GroupMember.ReadWrite.All permission. This permission seems to give ability to manage membership for all groups.
Is there a way to limit permissions or scope to manage membership to a single AD security group?
I think currently this is not possible because, Most of the Graph permissions are tenant-wide, without a way to restrict them in scope.
such as the app access policies we have in Exchange Online: Application access policies
Hope this is Helpful.
Anyone please help on how to get all the Office-365 roles and users for example who has got which roles (Azure, O365, SharePoint, etc other workloads …) Using MS Graph endpoint.
Unable able to find MSGraph endpoint to get the roles assigned to a user or a group of users.
Appreciate your help in advance.
You can use List members to retrieve a list of the users that are assigned to the directory role. Similarly, List directoryRoles can be used to get a list of the directory roles that are activated in the tenant.
Please refer to Administrator roles for Microsoft 365 services to determine the roles for which API content is available.
I'm developing app using MS Graph Education API and able to create school and add user in this school. But I can't find this created school in dashboard.
Shouldn't it visible in that dashboard?
The Education API creates the schools as AAD administrative units. The Intune for Education portal was designed to work with School Data Sync, which creates the same types of objects as the Education API, but also creates a security group for the school. To get your school to show up in the Intune for Education portal, just create a security group as well for that school.
(Edit: Adding comment reply here since comment formatting on SO is just terrible)
You can tag the group with your school's ID. Here are the properties that SDS sets on the school security groups it creates. In this case, it's tagging a SG to be associated with the school whose "externalId" is "10001".
"extension_fe2174665583431c953114ff7268b7b3_Education_ObjectType": "SchoolSG",
"extension_fe2174665583431c953114ff7268b7b3_Education_AnchorId": "SchoolSG_10001",
"extension_fe2174665583431c953114ff7268b7b3_Education_SyncSource_SchoolId": "10001"
https://blogs.office.com/2017/04/06/whats-new-in-office-365-groups-for-april-2017/
Hidden membership—If you want group membership to be confidential (for example, if the members are students), you can hide the Office 365 group members from users who aren’t members of the group.
https://technet.microsoft.com/en-us/library/mt219359(v=exchg.160).aspx
New-UnifiedGroup -HiddenGroupMembershipEnabled
Using this exchange online powershell to create O365 group with hidden membership?
Will graph API support it?
Thanks!
This is supported in Microsoft Graph, but the documentation is in the process of being updated for this capability.
To create a group with hidden membership, POST /groups and set "visibility" to "HiddenMembership". Owners and admins can add/remove/list members, but no one else can.
To enable an app (daemon app - no signed-in users) to read the members of a hidden membership group, you need to grant the app the Member.Read.Hidden permission as documented here.
Hope this helps,
When you create an bitbucket account you can choose between individual account and 5 user team. I am not getting the difference since when you create an individual account you can create a Team as well and manage it. Could anyone explain to me the difference between individual account and team account
Plan details aside, there are indeed few differences between a normal and a team account. Under the hood, a team account is just a normal account record with a flag set.
The main difference is that team accounts can be administered by other users. One can also create and fork repos into a team account. Regular accounts do not have that ability.
The fact that a team account is based on the standard model also means that you can login with it and use it to pull/push with.
Reference : Erik van Zijst
The team account feature has been removed, as of today's team-faq on bitbucket site.