import requests import json import pandas # Define your Azure AD credentials and group ID tenant_id = '' client_id = '' client_secret = '' group_id = '' data=pandas.read_excel("path of the file if excel, if you're pulling data from table use sqlalchemy") user_principal_names = set(data['Email Column Name']) # Acquire an access token using client credentials flow def get_access_token(): token_url = f'login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token' payload = { 'grant_type': 'client_credentials', 'client_id': client_id, 'client_secret': client_secret, 'scope': 'graph.microsoft.com/.default' } response = requests.post(token_url, data=payload) response_data = response.json() access_token = response_data['access_token'] return access_token # Refresh the access token access_token = get_access_token() # Remove existing members from the security group remove_members_url = f'graph.microsoft.com/v1.0/groups/{group_id}/members' headers = { 'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json' } # Get the existing members of the security group response = requests.get(remove_members_url, headers=headers) existing_members = response.json()['value'] # Remove each existing member from the security group for member in existing_members: member_id = member['id'] upn = member['userPrincipalName'] remove_member_url = f'graph.microsoft.com/v1.0/groups/{group_id}/members/{member_id}/$ref' response = requests.delete(remove_member_url, headers=headers) if response.status_code == 204: print(f'Successfully removed member with User Principal Name -- {upn} -- from the security group.') else: print(f'Failed to remove member with User Principal Name -- {upn} -- from the security group. Status code: {response.status_code}, Error message: {response.text}') # Add new users as members to the security group add_member_url = f'graph.microsoft.com/v1.0/groups/{group_id}/members/$ref' for upn in user_principal_names: data = { '@odata.id': f'graph.microsoft.com/v1.0/users/{upn}' } response = requests.post(add_member_url, data=json.dumps(data), headers=headers) if response.status_code == 204: print(f'Successfully added user with User Principal Name -- {upn} -- to the security group.') else: print(f'Failed to add user with User Principal Name -- {upn} -- to the security group. Status code: {response.status_code}, Error message: {response.text}')
Can we do the same to provision access for a new user of other domain ? I have a requirement where we will be inviting the client users as a guest users. When i need to provision access, i need to send an invitation and the client user should accept the invitation shared over mail. Can we make it done using python?
import requests
import json
import pandas
# Define your Azure AD credentials and group ID
tenant_id = ''
client_id = ''
client_secret = ''
group_id = ''
data=pandas.read_excel("path of the file if excel, if you're pulling data from table use sqlalchemy")
user_principal_names = set(data['Email Column Name'])
# Acquire an access token using client credentials flow
def get_access_token():
token_url = f'login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token'
payload = {
'grant_type': 'client_credentials',
'client_id': client_id,
'client_secret': client_secret,
'scope': 'graph.microsoft.com/.default'
}
response = requests.post(token_url, data=payload)
response_data = response.json()
access_token = response_data['access_token']
return access_token
# Refresh the access token
access_token = get_access_token()
# Remove existing members from the security group
remove_members_url = f'graph.microsoft.com/v1.0/groups/{group_id}/members'
headers = {
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}
# Get the existing members of the security group
response = requests.get(remove_members_url, headers=headers)
existing_members = response.json()['value']
# Remove each existing member from the security group
for member in existing_members:
member_id = member['id']
upn = member['userPrincipalName']
remove_member_url = f'graph.microsoft.com/v1.0/groups/{group_id}/members/{member_id}/$ref'
response = requests.delete(remove_member_url, headers=headers)
if response.status_code == 204:
print(f'Successfully removed member with User Principal Name -- {upn} -- from the security group.')
else:
print(f'Failed to remove member with User Principal Name -- {upn} -- from the security group. Status code: {response.status_code}, Error message: {response.text}')
# Add new users as members to the security group
add_member_url = f'graph.microsoft.com/v1.0/groups/{group_id}/members/$ref'
for upn in user_principal_names:
data = {
'@odata.id': f'graph.microsoft.com/v1.0/users/{upn}'
}
response = requests.post(add_member_url, data=json.dumps(data), headers=headers)
if response.status_code == 204:
print(f'Successfully added user with User Principal Name -- {upn} -- to the security group.')
else:
print(f'Failed to add user with User Principal Name -- {upn} -- to the security group. Status code: {response.status_code}, Error message: {response.text}')
Can we do the same to provision access for a new user of other domain ? I have a requirement where we will be inviting the client users as a guest users. When i need to provision access, i need to send an invitation and the client user should accept the invitation shared over mail. Can we make it done using python?
P r o m o s m