Azure Active Directory (Azure AD) Activities are now in Public Preview

Update!

This package is now available on the Official Stable Feed:

image

Azure Active Directory (Azure AD) Activities are now in Public Preview

Description

UiPath.AzureActiveDirectory.Activities package offers activities for Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access management service.

This initial set of 40+ activities enables you to easily automate important operations with Azure AD objects like users, groups, lifecycle policies, and directory roles.

Examples of Scenarios to Automate

Listed below are some examples of typical scenarios where Azure AD activities will be very helpful.

Employees Onboarding

When a new employee is hired in a company, the HR department provides the input for a UiPath automation process which creates a corresponding new user account in Azure AD and adds the user account to a list of specified groups.

Employees Offboarding

When an employee leaves the company, the associated Azure AD user account is removed from the groups it belongs to and the user account is deleted.

Access Control & Rights Delegation

Manage access to miscellaneous resources via Azure AD group memberships.

Activities List

Scope

Azure AD Application Scope – Provides an application permission scope for other Azure Active Directory activities. Activities executed using an application scope are executed on behalf of an application.
Azure AD Delegated Scope – Provides a delegated permission scope for other Azure Active Directory activities. Activities executed using a delegated scope are always executed on behalf of an authenticated user.

Users

Create User – Creates a new user account in Azure Active Directory.
Update User – Updates the properties of an existing user.
Delete User – Deletes a user from Azure Active Directory.
Get User – Gets detailed information about a user.
For Each User – Performs an activity or a series of activities on each user matching a filter criteria.
User Exists – Checks if a user exists in Azure Active Directory.
Reset Password – Resets the password for a user.
For Each User Group – Performs an activity or a series of activities on each group the user is a direct member of.
For Each User Role – Performs an activity or a series of activities on each directory role the user is a member of.

Users \ Manager

Get Manager – Gets the user’s manager.
Set Manager – Sets the user’s manager.
For Each Direct Report – Performs an activity or a series of activities on each direct report of a user.

Groups

Create Assigned Group – Creates a new assigned group in Azure Active Directory.
Update Group – Updates the properties of an existing group.
Group Exists – Checks if a group exists in Azure Active Directory.
Get Group by Id – Gets detailed information about a group.
For Each Group – Performs an activity or a series of activities on each group matching a filter criteria.
Delete Group – Deletes a group from Azure Active Directory.

Groups \ Lifecycle Policies

Create Lifecycle Policy – Creates a lifecycle policy for an Office 365 group.
Update Lifecycle Policy – Updates an existing lifecycle policy.
Delete Lifecycle Policy – Deletes a lifecycle policy.
Add Group to Lifecycle Policy – Adds a group to a lifecycle policy.
Remove Group from Lifecycle Policy – Removes a group from a lifecycle policy.
Is Group in Lifecycle Policy – Checks whether a group is member of a lifecycle policy.
For Each Lifecycle Policy – Performs an activity or a series of activities on each lifecycle policy.

Groups \ Membership

Add Member to Group – Adds a member to a group.
Remove Member from Group – Removes a member from a group.
Is Member of Group – Checks whether a given object belongs to a group.
For Each User in Group – Performs an activity or a series of activities on each user which is a direct member of a group.
For Each Group in Group – Performs an activity or a series of activities on each group which is a direct member of a group.
For Each Parent Group – Performs an activity or a series of activities on each parent group of the specified group.

Groups \ Ownership

Add Owner to Group – Adds an owner to a group.
Remove Owner from Group – Removes an owner from a group.
Is Owner of Group – Checks whether a given object is an owner of a group.
For Each User in Group Owners - Performs an activity or a series of activities on each user which is an owner of the group.

Directory Roles

Add Member to Role – Adds a user or a service principal to a directory role.
Remove Member from Role – Removes a user or a service principal from a directory role.
Is Member in Role – Checks whether a given user or service principal is in a directory role.
For Each User in Role – Performs an activity or a series of activities on each user that is a member of a directory role.
For Each Role – Performs an activity or a series of activities on each role in Azure Active Directory.

How to install

UiPath.AzureActiveDirectory.Activities package is available in Beta feed. Please follow the steps below to install the package in UiPath Studio:

If you haven’t already, add the UiPath Beta feed to your Studio Manage Package window.

In the Beta feed, check ‘Include Prerelease’, search for “UiPath.AzureActiveDirectory.Activities”, and install the latest version.
** Important - We must reiterate, make sure you check the ‘Include Prerelease’ checkbox :blush:

The Azure AD activities should be visible now in UiPath Studio, as shown below:

How to use

Employees Onboarding

A UiPath workflow that processes an Excel file containing a list of new employees. For each employee it does the following:

  • Creates and enables a new Azure AD user account.
  • Forces the user to change his/her password at the next login.
  • Adds the user to specific Azure AD groups.

Sample project: AzureAD_EmployeesOnboarding.zip (26.7 KB)

Move Users to New Group

A UiPath process that moves a list of users from one AD group to another. The process has four input parameters:
DepartmentName, JobTitle, GroupToLeaveID, and GroupToJoinID.
Example: DepartmentName = ”Development”, JobTitle = “RPA Developer”, GroupToLeaveID = “b5656f40-392f-4187-b033-809d6ff9b7c1” (i.e. the object ID of “Developers” group), and GroupToJoinID = “a67b04cd-8a37-407e-bed7-58e50bb80de1” (i.e. the object ID of “RPA Developers” group).

Sample project: AzureAD_MoveUsersToGroup.zip (14.3 KB)

New Manager

A UiPath process that retrieves the list of users reporting to a former manager and replaces her/him with a new manager. The process has two input parameters: FormerManager and NewManager.

Sample project: AzureAD_NewManager.zip (13.6 KB)

To exemplify, let’s go step by step through the process of creating the New Manager workflow:

  1. First, add an Azure AD Application Scope activity and set the values for the input parameters like in the screenshot below (I stored the values of these parameters in Environment Variables). A short description of this activity’s parameters:

    • ClientID (String) - The client (application) ID, i.e. Environment.GetEnvironmentVariable(“AzureADActivitiesClientId”)

    • ClientSecret (SecureString) - The client (application) secret, i.e. new system.Net.NetworkCredential(“”,Environment.GetEnvironmentVariable(“AzureADActivitiesClientSecret”)).SecurePassword

    • TenantID (String) - The directory (tenant) ID. i.e. Environment.GetEnvironmentVariable(“AzureADActivitiesTenantId”)

    ** Obtaining the values for Tenant ID, Client ID and Client Secret: check this article for an example https://developer.ibm.com/recipes/tutorials/how-to-procure-tenant-id-client-id-and-client-secret-key-to-connect-to-microsoft-azure-data-lake-storage-gen2/

  2. Then, use For Each Direct Report activity to get the direct reports of the FormerManager user account. You should provide a value for the UserIdOrUpn input parameter, i.e. the User Principal Name (UPN) or the Object ID of the manager. In my example, I’m using the UPN former.manager@abc.onmicrosoft.com stored in FormerManager argument.

  3. Finally, add Set Manager activity in order to change the manager for each directory object that is a direct report of the FormerManager. Such a directory object can represent a user or an organizational contact (the value of directoryObjectInfo.ODataType gives you the type of the directory object). The parameters of this activity are:

    • UserIdOrUpn (String) - The User Principal Name (UPN) or the Object ID of the user, i.e. directoryObjectInfo.Id .
    • ManagerIdOrUpn (String) - The User Principal Name (UPN) or the Object ID of the user’s manager, i.e. NewManager new.manager@abc.onmicrosoft.com

That’s all folks! Enjoy this new activities package part of UiPath IT Automation initiative :blush:

6 Likes

Wow, this is huge! Thank you!

4 Likes

Awesome work guys!!! This is just awesome…!!

2 Likes

Hi Guys, I have to check available license in a particular service plan. If possible, Please add this activity under in Azure AD too.

Hi @Iswarya.G,

Thanks for your feedback. I will consider such activity for the next version of Azure AD pack.

P.S. In version 1.1.0, we have Assign License and Remove License activities.

2 Likes

Thanks @ovidiuponoran

I have an issue while assigning license to the created user account.
The issue is usage location couldn’t be set while creating user account by using the activity. Without usage location I can’t assign the license to the user account. There is no property\ activity available to set the usage location to the user.
Note: Usage location will be added automatically when creating the user account manually.

Please provide a solution for this issue.

Hi @Iswarya.G

I expect to work by calling Update User activity with a UserInfo object - returned by Get User / Create User activity - for which the value for UserInfo.UsageLocation has been set. Please let me know if this is working for you.

1 Like

Hi,

Use Get User / Create User activity to return the details about a user, let’s say the output parameter is objUserInfo.

Then you shall use an Assign activity to set objUserInfo.UsageLocation to the value you want (eg.
objUserInfo.UsageLocation = “JP”).

Finally, you call Update User activity by passing the updated objUserInfo object. That’s all!

Kind regards,

Ovidiu

1 Like

Hi @ovidiuponoran

I have to remove the user from Distribution List. I used the “Remove Member from Group” activity to remove the user from DL. But, I got an exception like in below screenshot. I can able to remove the user from Office365 Group.

Is there any possible way to remove the user from DL.

image

Hi @Ishu

Remove Member from Group activity works for Security and Office365 groups.

Distribution Lists cannot be managed in Azure AD.
“Other group types such as distribution lists and mail-enabled security groups are managed only in Exchange admin center or Microsoft 365 admin center. You must sign in to Exchange admin center or Microsoft 365 admin center to manage these groups” source: Learn about groups and group membership - Azure Active Directory - Microsoft Entra | Microsoft Learn

Maybe you can try Remove-DistributionGroupMember (ExchangePowerShell) | Microsoft Learn

1 Like

Hi,
I have a requirement of changing Azure Active Directory user password for a list of users.
For that I thought of using Ui path AAD activity of Reset Password. Can anyone please provide me with some similar work done on this.

Regards,
Dilukshi

Hi, @ovidiuponoran

thanks, it’s very useful activities.
I just have one question.

When installing an activity, some dependencies are “unresolved”.
I uninstalled it once and reinstalled it and it did not resolve itself.
Is there any way to fix this?

image

Can anyone advise me on what level of permission is required to execute the Azure Commands? I am getting the below error

"For Each User: Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
Inner error:
AdditionalData:
date: 08/04/2020 09:58:16
request-id: 9dd25858-e796-40f5-80c8-xxxxxxxxxxxxx
ClientRequestId: 9dd25858-e796-40f5-80c8-xxxxxxxxxxx
"

Hi @vijayatasos
For all Azure AD activities, the documentation lists the permissions needed by each activity, in the Permissions section.

1 Like

@ytakayama please try the following:

  1. Fix by clearing local UiPath cache
  • close Studio
  • go to %userprofile%\AppData\Local\UiPath.cache and delete all files
  • reopen the project
  • Studio should now re-add all dependencies
  1. Fix by manually adding the missing dependencies
  • if the fix from 1. didn’t work, go to Manage Packages and add (if not already there) the nuget.org feed to the sources list and enable it
  • try and add to the project from the nuget.org each missing assembly
2 Likes

Thanks!
This problem has been solved!

2 Likes

Thanks for sharing details.

Is it possible to retrieve all user information based on their date of joining? Does any activity supports that?
Kindly advise.

Hi @Keerthi_Shivashankar

The activity that allows you to filter the users you want to retrieve from Azure AD is For Each User There you can define a OData filter.

Hi,

It looks like the “Add Member to Group” is broken in version 1.1.9 and 1.20.0-preview

Add Member to Group: An error has occurred: Method ‘DisposeAsync’ in type ‘System.Text.Json.Utf8JsonWriter’ from assembly ‘System.Text.Json, Version=5.0.0.2, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51’ does not have an implementation.

rolling back to 1.1.8 works fine.

Graham