Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2025! Join us in Orlando join us for 3 days of immersive learning: REGISTER TODAY

Qlik Sense SaaS: How to verify group information returned by Azure AD Graph API

No ratings
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Damien_V
Support

Qlik Sense SaaS: How to verify group information returned by Azure AD Graph API

Last Update:

Aug 15, 2022 3:29:15 AM

Updated By:

Damien_V

Created date:

Aug 15, 2022 2:22:33 AM

This article explains how to call the Graph API manually to verify group information.

This is based on how Qlik Sense SaaS code is fetching groups from Azure AD.

Qlik Sense for Windows straightly reads the groups from the ID token and if the number is too big, Azure AD will just include a link to the graph API in the ID token, which Qlik Sense for Windows will just ignore.

Environments:

Qlik Cloud  

 

Resolution

FIrst of all, generate a token based on the steps in the below article.

Qlik Sense: How to request an OIDC token manually and check if correct attributes are included (Powe...

 

Once the tokens generated, take the access_token (NOT the id_token) and use it to retrieve information from the Azure AD Graph API:

 

$access_token='eyJ0eXAiOi...CjAeMzpab_5QE2c5QZm0bA'

$hdrs = @{}
$hdrs.Add("Authorization","Bearer "+$access_token)
$url = 'https://graph.microsoft.com/v1.0/me/memberof'

$response = Invoke-WebRequest -Uri $url -Method Get -Headers $hdrs
echo $response.Content​

 

 

Example of response:

 

{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#directoryObjects","value":[{"@odata.type":"#microsoft.graph.directoryRole","id":"605fd212-5945-4270-a4d5-e1e6ca65fbc7","deletedDateTime":null,"description":nu
ll,"displayName":null,"roleTemplateId":null},{"@odata.type":"#microsoft.graph.group","id":"43d6963e-a75f-46d7-87e4-99b95bb74877","deletedDateTime":null,"classification":null,"createdDateTime":"2018-08-31T14:24:21Z","crea
tionOptions":[],"description":"Qlik","displayName":"TestGroup","expirationDateTime":null,"groupTypes":[],"isAssignableToRole":null,"mail":null,"mailEnabled":false,"mailNickname":"cf40a8f3-47f6-4a3b-811b-e6028a9e21b9
","membershipRule":null,"membershipRuleProcessingState":null,"onPremisesDomainName":null,"onPremisesLastSyncDateTime":null,"onPremisesNetBiosName":null,"onPremisesSamAccountName":null,"onPremisesSecurityIdentifier":null,
"onPremisesSyncEnabled":null,"preferredDataLocation":null,"preferredLanguage":null,"proxyAddresses":[],"renewedDateTime":"2018-08-31T14:24:21Z","resourceBehaviorOptions":[],"resourceProvisioningOptions":[],"securityEnabl
ed":true,"securityIdentifier":"S-1-12-1-1138136638-1188538207-3113870471-2001254235","theme":null,"visibility":null,"onPremisesProvisioningErrors":[]}]}

 

 

Qlik Sense will fetch the odata type #microsoft.graph.group and fetch the displayName, then create the groups.

If there is more than 100 groups, the results will be paginated by page of 100 in the Graph API, Qlik Sense can fetch up to 10 pages (1000 groups).

Labels (2)
1,240 Views
Was this article helpful? Yes No
Contributors
Version history
Last update:
‎2022-08-15 03:29 AM
Updated by:
Top