cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

(Graph APIs - PHP WebApp) Need help and guidance

Vishal Gandhi
Copper Contributor

‎Apr 25 2017 08:22 AM

‎Apr 25 2017 08:22 AM

(Graph APIs - PHP WebApp) Need help and guidance

Hi,

We would like to user Graph API to create users in Office 365.  We have on-premise AD.  And our Office 365 (Azure) syncs with on-premise AD.  We want our users to visit our signup web application which creates account in on-premise AD.  We would like to create their Office 365 account as well in the back-end and its great if they can log in as soon as the account is created. 

 

I've tried following, but we are seeing two issues so far: User is not able to log in through our SSO login page and directory sync creates another account for the user in Office 365 (Azure).  Can some one please help me figuring out if we doing something wrong or we missed something.  Really appreciate any help and guidance.

 

1.  A function which extracts objectGUID from AD user object.

$filter = "(userPrincipalName=$email)";
                        $attributes_list = array("objectguid");
                        $search_result = ldap_search($connect_result, $ldap_basedn, $filter, $attributes_list);
                        $info1 = ldap_get_entries($connect_result, $search_result);
                        if($info1["count"] > 0) {
                                                $guid = "";
                                                if(isset($info1[0]["objectguid"][0])) {
                                                                $binary_guid = $info1[0]["objectguid"][0];
                                                                $unpacked = unpack('Va/v2b/n2c/Nd', $binary_guid);
                                                                $guid = sprintf('%08X-%04X-%04X-%04X-%04X%08X', $unpacked['a'], $unpacked['b1'], $unpacked['b2'], $unpacked['c1'], $unpacked['c2'], $unpacked['d']);
                                                                $flag_guid = true;
                                                }
                        }

 

2.  create Office 365 user by encoding this GUID with bace64

$data_to_encode = array(
                'accountEnabled' => true,
                'onPremisesImmutableId' => base64_encode($guid),
                'givenName' => $first_name,
                'surname' => $last_name,
                'displayName' => $display_name,
                'mailNickname' => $alias,
                'userPrincipalName' => $upn,
                //'mail' => $upn,
                'usageLocation' => 'US',
                //'proxyAddresses' => array(
                //      'SMTP:'.$upn,
                //      'smtp:'.$alias.'@fdu.edu'
                //),
                'passwordProfile' => array(
                    'forceChangePasswordNextSignIn' => 'false',
                    'password' => $passwd
                )
            );

 

3. Assign licenses

$data_to_encode = array(
                'addLicenses' => array(
                    array(
                        'disabledPlans' => array(),
                        'skuId' => 'skuid-1-for-license'
                    ),
                    array(
                        'disabledPlans' => array(),
                        'skuId' => 'skuid-2-for-license'
                    )
                ),
                'removeLicenses' => array()
            );

 

992 Views
0 Likes
2 Replies
Reply
2 Replies
paulschaeflein

‎May 01 2017 03:08 PM - edited ‎May 01 2017 03:09 PM

‎May 01 2017 03:08 PM - edited ‎May 01 2017 03:09 PM

Re: (Graph APIs - PHP WebApp) Need help and guidance

Based on the requirements you listed, AAD Pass-through Auth would probably be a better solution.

 

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-thr...

 

https://blogs.technet.microsoft.com/enterprisemobility/2017/04/27/new-enhancements-to-the-azure-ad-p...

0 Likes
Reply
Vishal Gandhi

‎May 03 2017 01:42 PM

‎May 03 2017 01:42 PM

Re: (Graph APIs - PHP WebApp) Need help and guidance

Thank you so much for looking into my question and your suggestion.  I reviewed the links you provided and it is really interesting and much easier way of doing whay we did.  Unfortunately, our infrastructure and directory sync has already been set up and our team members are not ready to make any changes at this moment.  I think I have to work with this infrasturcture for now and need to figure out how to create users with the user of Graph API so that they sync with our on-premise directory with no duplicates.

 

Thank you agian for providing me an alternative way of doing the same task.

0 Likes
Reply