You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/aws-multi-accounts-tutorial.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,7 @@ If you want to know more details about SaaS app integration with Azure AD, see [
38
38
39
39
**Please note that we do not recommend to use this approach for following reasons:**
40
40
41
-
* You have to use the Graph Explorer approach to patch all the roles to the app. We don’t recommend using the manifest file approach.
41
+
* You have to use the Microsoft Graph Explorer approach to patch all the roles to the app. We don’t recommend using the manifest file approach.
42
42
43
43
* We have seen customers reporting that after adding ~1200 app roles for a single AWS app, any operation on the app started throwing the errors related to size. There is a hard limit of size on the application object.
44
44
@@ -243,7 +243,7 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
243
243
244
244
16. Perform the above step for all the roles in all the accounts and store all of them in format **Role ARN,Trusted entities** in a notepad.
245
245
246
-
17. Open [Azure AD Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) in another window.
246
+
17. Open [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) in another window.
247
247
248
248
a. Sign in to the Graph Explorer site using the Global Admin/Co-admin credentials for your tenant.
249
249
@@ -322,9 +322,9 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
322
322
> [!Note]
323
323
> You can only add new roles after the **msiam_access** for the patch operation. Also, you can add as many roles as you want per your Organization need. Azure AD will send the **value** of these roles as the claim value in SAML response.
324
324
325
-
j. Go back to your Graph Explorer and change the method from **GET** to **PATCH**. Patch the Service Principal object to have desired roles by updating appRoles property similar to the one shown above in the example. Click **Run Query** to execute the patch operation. A success message confirms the creation of the role for your Amazon Web Services application.
325
+
j. Go back to Microsoft Graph Explorer and change the method from **GET** to **PATCH**. Patch the Service Principal object to have desired roles by updating appRoles property similar to the one shown above in the example. Click **Run Query** to execute the patch operation. A success message confirms the creation of the role for your Amazon Web Services application.
326
326
327
-
327
+
328
328
329
329
18. After the Service Principal is patched with more roles, you can assign Users/Groups to the respective roles. This can be done by going to portal and navigating to the Amazon Web Services application. Click on the **Users and Groups** tab on the top.
330
330
@@ -360,7 +360,7 @@ For more information about the Access Panel, see [Introduction to the Access
360
360
361
361
## Additional resources
362
362
363
-
* [How to configure provisioning using MS Graph APIs](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-configure-api)
363
+
* [How to configure provisioning using Microsoft Graph APIs](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-configure-api)
364
364
* [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](tutorial-list.md)
365
365
* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/sharepoint-on-premises-tutorial.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -329,7 +329,7 @@ Users can now sign into SharePoint 2016 using identities from Azure AD, but ther
329
329
330
330
There is no validation on the values you search for, which can lead to misspellings or users accidentally choosing the wrong claim type to assign such as the **SurName** claim. This can prevent users from successfully accessing resources.
331
331
332
-
To assist with this scenario, there is an open-source solution called [AzureCP](https://yvand.github.io/AzureCP/) that provides a custom claims provider for SharePoint 2016. It will use the Azure AD Graph to resolve what users enter and perform validation. Learn more at [AzureCP](https://yvand.github.io/AzureCP/).
332
+
To assist with this scenario, there is an open-source solution called [AzureCP](https://yvand.github.io/AzureCP/) that provides a custom claims provider for SharePoint 2016. It will use the Microsoft Graph API to resolve what users enter and perform validation. Learn more at [AzureCP](https://yvand.github.io/AzureCP/).
333
333
334
334
### Assign the Azure AD Security Group in the Azure portal
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/workday-inbound-tutorial.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -816,7 +816,7 @@ No, the solution does not maintain a cache of user profiles. The Azure AD provis
816
816
817
817
#### Does the solution support assigning on-premises AD groups to the user?
818
818
819
-
This functionality is not supported currently. Recommended workaround is to deploy a PowerShell script that queries the Azure AD Graph API endpoint for audit log data and use that to trigger scenarios such as group assignment. This PowerShell script can be attached to a task scheduler and deployed on the same box running the provisioning agent.
819
+
This functionality is not supported currently. Recommended workaround is to deploy a PowerShell script that queries the Microsoft Graph API endpoint for [audit log data](https://docs.microsoft.com/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-beta) and use that to trigger scenarios such as group assignment. This PowerShell script can be attached to a task scheduler and deployed on the same box running the provisioning agent.
820
820
821
821
#### Which Workday APIs does the solution use to query and update Workday worker profiles?
0 commit comments