UiPath.AzureActiveDirectory.Activities package offers activities for Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access management service.
This initial set of 40+ activities enables you to easily automate important operations with Azure AD objects like users, groups, lifecycle policies, and directory roles.
Listed below are some examples of typical scenarios where Azure AD activities will be very helpful.
When a new employee is hired in a company, the HR department provides the input for a UiPath automation process which creates a corresponding new user account in Azure AD and adds the user account to a list of specified groups.
When an employee leaves the company, the associated Azure AD user account is removed from the groups it belongs to and the user account is deleted.
Access Control & Rights Delegation
Manage access to miscellaneous resources via Azure AD group memberships.
Azure AD Application Scope – Provides an application permission scope for other Azure Active Directory activities. Activities executed using an application scope are executed on behalf of an application.
Azure AD Delegated Scope – Provides a delegated permission scope for other Azure Active Directory activities. Activities executed using a delegated scope are always executed on behalf of an authenticated user.
Create User – Creates a new user account in Azure Active Directory.
Update User – Updates the properties of an existing user.
Delete User – Deletes a user from Azure Active Directory.
Get User – Gets detailed information about a user.
For Each User – Performs an activity or a series of activities on each user matching a filter criteria.
User Exists – Checks if a user exists in Azure Active Directory.
Reset Password – Resets the password for a user.
For Each User Group – Performs an activity or a series of activities on each group the user is a direct member of.
For Each User Role – Performs an activity or a series of activities on each directory role the user is a member of.
Get Manager – Gets the user’s manager.
Set Manager – Sets the user’s manager.
For Each Direct Report – Performs an activity or a series of activities on each direct report of a user.
Create Assigned Group – Creates a new assigned group in Azure Active Directory.
Update Group – Updates the properties of an existing group.
Group Exists – Checks if a group exists in Azure Active Directory.
Get Group by Id – Gets detailed information about a group.
For Each Group – Performs an activity or a series of activities on each group matching a filter criteria.
Delete Group – Deletes a group from Azure Active Directory.
Create Lifecycle Policy – Creates a lifecycle policy for an Office 365 group.
Update Lifecycle Policy – Updates an existing lifecycle policy.
Delete Lifecycle Policy – Deletes a lifecycle policy.
Add Group to Lifecycle Policy – Adds a group to a lifecycle policy.
Remove Group from Lifecycle Policy – Removes a group from a lifecycle policy.
Is Group in Lifecycle Policy – Checks whether a group is member of a lifecycle policy.
For Each Lifecycle Policy – Performs an activity or a series of activities on each lifecycle policy.
Add Member to Group – Adds a member to a group.
Remove Member from Group – Removes a member from a group.
Is Member of Group – Checks whether a given object belongs to a group.
For Each User in Group – Performs an activity or a series of activities on each user which is a direct member of a group.
For Each Group in Group – Performs an activity or a series of activities on each group which is a direct member of a group.
For Each Parent Group – Performs an activity or a series of activities on each parent group of the specified group.
Add Owner to Group – Adds an owner to a group.
Remove Owner from Group – Removes an owner from a group.
Is Owner of Group – Checks whether a given object is an owner of a group.
For Each User in Group Owners - Performs an activity or a series of activities on each user which is an owner of the group.
Add Member to Role – Adds a user or a service principal to a directory role.
Remove Member from Role – Removes a user or a service principal from a directory role.
Is Member in Role – Checks whether a given user or service principal is in a directory role.
For Each User in Role – Performs an activity or a series of activities on each user that is a member of a directory role.
For Each Role – Performs an activity or a series of activities on each role in Azure Active Directory.
UiPath.AzureActiveDirectory.Activities package is available in Beta feed. Please follow the steps below to install the package in UiPath Studio:
If you haven’t already, add the UiPath Beta feed to your Studio Manage Package window.
In the Beta feed, check ‘Include Prerelease’, search for “UiPath.AzureActiveDirectory.Activities”, and install the latest version.
** Important - We must reiterate, make sure you check the ‘Include Prerelease’ checkbox
The Azure AD activities should be visible now in UiPath Studio, as shown below:
A UiPath workflow that processes an Excel file containing a list of new employees. For each employee it does the following:
- Creates and enables a new Azure AD user account.
- Forces the user to change his/her password at the next login.
- Adds the user to specific Azure AD groups.
Sample project: AzureAD_EmployeesOnboarding.zip (26.7 KB)
A UiPath process that moves a list of users from one AD group to another. The process has four input parameters:
DepartmentName, JobTitle, GroupToLeaveID, and GroupToJoinID.
Example: DepartmentName = ”Development”, JobTitle = “RPA Developer”, GroupToLeaveID = “b5656f40-392f-4187-b033-809d6ff9b7c1” (i.e. the object ID of “Developers” group), and GroupToJoinID = “a67b04cd-8a37-407e-bed7-58e50bb80de1” (i.e. the object ID of “RPA Developers” group).
Sample project: AzureAD_MoveUsersToGroup.zip (14.3 KB)
A UiPath process that retrieves the list of users reporting to a former manager and replaces her/him with a new manager. The process has two input parameters: FormerManager and NewManager.
Sample project: AzureAD_NewManager.zip (13.6 KB)
To exemplify, let’s go step by step through the process of creating the New Manager workflow:
First, add an Azure AD Application Scope activity and set the values for the input parameters like in the screenshot below (I stored the values of these parameters in Environment Variables). A short description of this activity’s parameters:
ClientID (String) - The client (application) ID, i.e. Environment.GetEnvironmentVariable(“AzureADActivitiesClientId”)
ClientSecret (SecureString) - The client (application) secret, i.e. new system.Net.NetworkCredential("",Environment.GetEnvironmentVariable(“AzureADActivitiesClientSecret”)).SecurePassword
TenantID (String) - The directory (tenant) ID. i.e. Environment.GetEnvironmentVariable(“AzureADActivitiesTenantId”)
** Obtaining the values for Tenant ID, Client ID and Client Secret: check this article for an example How to procure Tenant ID, Client ID and Client Secret key to connect to Microsoft Azure Data Lake Storage Gen2 - IBM Developer Recipes
Then, use For Each Direct Report activity to get the direct reports of the FormerManager user account. You should provide a value for the UserIdOrUpn input parameter, i.e. the User Principal Name (UPN) or the Object ID of the manager. In my example, I’m using the UPN email@example.com stored in FormerManager argument.
Finally, add Set Manager activity in order to change the manager for each directory object that is a direct report of the FormerManager. Such a directory object can represent a user or an organizational contact (the value of directoryObjectInfo.ODataType gives you the type of the directory object). The parameters of this activity are:
- UserIdOrUpn (String) - The User Principal Name (UPN) or the Object ID of the user, i.e. directoryObjectInfo.Id .
- ManagerIdOrUpn (String) - The User Principal Name (UPN) or the Object ID of the user’s manager, i.e. NewManager firstname.lastname@example.org
That’s all folks! Enjoy this new activities package part of UiPath IT Automation initiative