Question

我们正在使用新的OpenID实施开发与Office 365的多租户SSO集成。

一旦检索到访问令牌，我们就会致电https://graph.windows.net/me?api-version=1.21-preview以获取用户的个人资料信息，其中包含以下内容 - 很棒。

{
    "odata.metadata": "https:\/\/graph.windows.net\/myorganization\/$metadata#directoryObjects\/Microsoft.WindowsAzure.ActiveDirectory.User\/@Element",
    "odata.type": "Microsoft.WindowsAzure.ActiveDirectory.User",
    "objectType": "User",
    "objectId": "GUID",
    "accountEnabled": true,
    "assignedLicenses": [

    ],
    "assignedPlans": [

    ],
    "city": null,
    "country": null,
    "department": null,
    "dirSyncEnabled": null,
    "displayName": "Tester A",
    "facsimileTelephoneNumber": null,
    "givenName": "Test",
    "immutableId": null,
    "jobTitle": null,
    "lastDirSyncTime": null,
    "mail": null,
    "mailNickname": "tester-a",
    "mobile": null,
    "otherMails": [

    ],
    "passwordPolicies": "None",
    "passwordProfile": null,
    "physicalDeliveryOfficeName": null,
    "postalCode": null,
    "preferredLanguage": null,
    "provisionedPlans": [

    ],
    "provisioningErrors": [

    ],
    "proxyAddresses": [

    ],
    "state": null,
    "streetAddress": null,
    "surname": "A",
    "telephoneNumber": null,
    "usageLocation": null,
    "userPrincipalName": "tester-a@test.onmicrosoft.com",
    "userType": "Member"
}

但是，它似乎没有为组织返回任何标识符或特定域 - 除userPrincipalName字段中包含的域之外。是否有更好的方法来识别组织（考虑到组织可能会test.onmicrosoft.com更新为test.microsoft.com的自定义域名？

Answer 1

事实上。使用tenantDetails API（https://graph.windows.net/ {tenantDomain} / tenantDetails？api-version = {version}）获取目录的显示名称以及与之关联的所有已验证域。记录在这里：http://msdn.microsoft.com/en-us/library/azure/hh974467.aspx。

以下是我的租户的修剪输出。

希望这有帮助。

  {
"odata.metadata": "https://graph.windows.net/dushyantgill.com/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.TenantDetail",
"value": [
  {
    "odata.type": "Microsoft.WindowsAzure.ActiveDirectory.TenantDetail",
    "objectType": "Company",
    "objectId": "62e173e9-301e-423e-bcd4-29121ec1aa24",
    "assignedPlans": [
      {
        "assignedTimestamp": "2013-09-17T01:01:58Z",
        "capabilityStatus": "Enabled",
        "service": "SharePoint",
        "servicePlanId": "a1f3d0a8-84c0-4ae0-bae4-685917b8ab48"
      } [SNIP]
    ],
    "city": "Redmond",
    "companyLastDirSyncTime": "2014-04-20T17:42:58Z",
    "country": null,
    "countryLetterCode": "US",
    "dirSyncEnabled": true,
    "displayName": "dushyantgill",
    "marketingNotificationEmails": [],
    "postalCode": "98052",
    "preferredLanguage": "en",
    "provisionedPlans": [
      {
        "capabilityStatus": "Enabled",
        "provisioningStatus": "Success",
        "service": "exchange"
      }[SNIP]
    ],
    "provisioningErrors": [],
    "state": "WA",
    "street": "[SNIP]",
    "technicalNotificationMails": [
      "[SNIP]"
    ],
    "telephoneNumber": null,
    "tenantType": null,
    "verifiedDomains": [
      {
        "capabilities": "Email, OfficeCommunicationsOnline",
        "default": false,
        "id": "0005000080186A52",
        "initial": false,
        "name": "dushyantgill.mail.onmicrosoft.com",
        "type": "Managed"
      },
      {
        "capabilities": "Email, OfficeCommunicationsOnline",
        "default": false,
        "id": "00057FFE803C0EDA",
        "initial": false,
        "name": "dushyantgill.org",
        "type": "Federated"
      },
      {
        "capabilities": "Email, OfficeCommunicationsOnline",
        "default": true,
        "id": "00053FFF80232F54",
        "initial": false,
        "name": "dushyantgill.com",
        "type": "Managed"
      }[SNIP]
    ]
  }
]

}

从Azure AD Graph获取组织标识或域

1 个答案: