如何以编程方式将Azure AD用户添加到Azure DevOps组织

时间:2019-11-05 10:52:59

标签: azure azure-devops azure-active-directory azure-ad-graph-api azure-devops-rest-api

我的组织已连接到Azure AD。

我想使用C#或通过Microsoft REST / Graph API将AD用户添加到我的Azure DevOps组织中。

Adding user to organisation

2 个答案:

答案 0 :(得分:2)

您可以使用User Entitlements - Add Rest API:

POST https://vsaex.dev.azure.com/{organization}/_apis/userentitlements?api-version=5.1-preview.2

json正文示例:

{
  "accessLevel": {
    "accountLicenseType": "express"
  },
  "extensions": [
    {
      "id": "ms.feed"
    }
  ],
  "user": {
    "principalName": "newuser@fabrikam.com",
    "subjectKind": "user"
  },
  "projectEntitlements": [
    {
      "group": {
        "groupType": "projectContributor"
      },
      "projectRef": {
        "id": "e5943a98-a842-4001-bd3b-06e756a7dfac"
      }
    }
  ]
}

答案 1 :(得分:1)

您可以使用Shayki提到的User Entitlements - Add API,但是,我想共享与Azure函数一起使用的代码,

public static async Task<string> AddUserEntitlment(
            [ActivityTrigger] VSTSIntegrationContext vstsIntegrationContext,
            ILogger log
        )
        {
            try
            {
                var accountName = vstsIntegrationContext.VstsInstance;
                string Url = string.Format(@"https://{0}.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview"
                            , vstsIntegrationContext.VstsInstance);
                var content = JsonConvert.SerializeObject(
                    new
                    {
                        accessLevel = new
                        {
                            accountLicenseType = "express"
                        },
                        user = new
                        {
                            principalName = vstsIntegrationContext.Email,
                            subjectKind = "user"
                        }
                    });
                    log.LogInformation("===========PAT: vstsIntegrationContext.VstsPAT");
                var response = await VSTSHelpers.CallVSTSAPI(vstsIntegrationContext.VstsInstance, vstsIntegrationContext.VstsPAT, Url, "POST", content);
                log.LogInformation("====response:" + response);
                response.EnsureSuccessStatusCode();                
                dynamic data = await response.Content.ReadAsAsync<object>();
                return data.operationResult.userId;
            }
            catch (Exception ex)
            {
                log.LogError(ex.ToString());
                throw;
            }
        }

Powershell脚本 

function Add-UserEntitlement {
    [OutputType([int])]
    Param
    (
        [String]$userEmail,
        [String]$projAccessLevel,
        [String]$projId


    )

    Begin {
        $creds = Import-Clixml -Path creds.xml
        [string]$AccName = $creds.AccountName
        [string]$userName = $creds.UserName
        [string]$vstsToken = $creds.Token
        $VstsAuth = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $userName, $vstsToken)))
    }
    Process {

        $vstsUri = "https://$AccName.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview"
        $vstsUEBody = @{
            accessLevel = @{ accountLicenseType = "express" }
            user = @{ principalName = $userEmail; subjectKind = "user" }
            projectEntitlements = @{ 
                group = @{ groupType = $projAccessLevel }
                projectRef = @{ id = $projId }
            } 
        }

        $RestParams = @{
            ContentType = "application/json"
            Method = 'Post'
            URI = $vstsUserUri
            Body = $vstsUEBody | ConvertTo-Json
            Headers = @{Authorization=("Basic {0}" -f $VstsAuth)}
        }

        $vstsUpdateResult = Invoke-RestMethod @RestParams

    }
    End {
    }
}
相关问题
最新问题