Azure Active Directory

Integration version: 15.0

This integration uses one or more open source components. You can download a copy of the full source code of this integration from the Cloud Storage bucket.

Use cases

  1. List all the users in Microsoft Entra ID.

  2. Disable refresh tokens when a company device is stolen to prevent signing in.

Prerequisites

Before configuring the integration in the Google Security Operations SOAR platform, make sure to complete the following prerequisite steps:

  1. Configure network access.

  2. Create the Microsoft Entra app.

  3. Configure the API permissions for your app.

  4. Create a client secret.

Configure network access

Make sure to allow traffic over the 389 port to enable API access from Google Security Operations SOAR to Microsoft Entra ID.

Create Microsoft Entra app

  1. Sign in to the Azure portal as a user administrator or a password administrator.

  2. Select Microsoft Entra ID.

  3. Go to App registrations > New registration.

  4. Enter the name of the app.

  5. Click Register.

  6. Save the Application (client) ID and Directory (tenant) ID values to use them later when configuring the integration parameters.

Configure API permissions

  1. Go to API Permissions > Add a permission.

  2. Select Microsoft Graph > Application permissions.

  3. In the Select Permissions section, select the following permissions:

    • Directory.Read.All
    • Directory.ReadWrite.All
    • Group.ReadWrite.All
    • User.ReadWrite.All
  4. Click Add permissions.

  5. Click Grant admin consent for YOUR_ORGANIZATION_NAME.

    When the Grant admin consent confirmation dialog appears, click Yes.

Create client secret

  1. Navigate to Certificates and secrets > New client secret.

  2. Provide a description for a client secret and set its expiration deadline.

  3. Click Add.

  4. Save the value of the client secret (not the secret ID) to use it as the Client Secret parameter value when configuring the integration. The client secret value is only displayed once.

Integrate Azure Active Directory with Google SecOps

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name Type Default Value Is Mandatory Description
Instance Name String N/A No Name of the Instance you intend to configure integration for.
Description String N/A No Description of the Instance.
Client ID String N/A Yes Specifies the Microsoft Entra ID client ID of the calling web service.
Client Secret String N/A Yes Enter a key registered for the calling web service or daemon application in Microsoft Entra ID.
Directory ID String N/A Yes Unique identifier of your directory.
Verify SSL Checkbox Checked No Use this checkbox, if your Microsoft Entra ID connection requires an SSL verification (unchecked by default).
Run Remotely Checkbox Unchecked No

Check the field in order to run the configured integration remotely.

Once checked, the option appears to select the remote user (agent).

Actions

List Users

List Microsoft Entra ID users based on the specified search criteria. This action is not working on entities. Additionally, advanced filtering is working on the Username (userPrincipalName) field.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Filter List All Fields No

Specify the fields to be included in the results.

By default, all the fields are returned.

Order By Field List displayName No Specify the field based on which the results are ordered.
Order By List desc No Specify the result order.
Advanced Filter Logic DDL

Equal

Possible values:

  • Equal
  • Contains
No

Specify the filter logic that should be applied.

Note: Advanced filtering is working on the Username (userPrincipalName) field.

Advanced Filter Value String N/A No

Specify the value that is used in the filter.

If "Equal" is selected, the action tries to find the exact match among results.

If "Contains" is selected, the action tries to find results that contain provided substring.

If nothing is provided in this parameter, the filter is not applied.

Note: Advanced filtering is working on the Username (userPrincipalName) field.

Use cases

Confirm user information: The user wants credentials on user without knowing their username. The user lists all users and identifies them through their name on the list.

Run On

GENERAL

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
[
    {
        "Group Type": "managed",
        "Id": "1212-12312-123",
        "Name": "Group Name",
        "Description": "This group is ...",
        "Created Time":"2019-10-24T19:10:18Z"
    }
]
Entity Enrichment
Enrichment Field Name Logic - When to apply
Username Returns if it exists in JSON result
Surname Returns if it exists in JSON result
Name Returns if it exists in JSON result
Job Title Returns if it exists in JSON result
Mail Returns if it exists in JSON result
Case Wall
Result Type Value / Description Type
Output message*

If successful: "List of users was fetched successfully."

If errors are reported: "Some errors occurred. Please check log."

If no users are returned based on provided action filter parameters: "No users were returned based on provided filter criteria."

If unsuccessful: "Users list fetch was not successful."

General
Table Users {Name, Username, id, given Name, Preferred Language, Mail, Mobile Phone, Surname, Job Title} Entity

Get Manager Contact Details

Get manager contact details for the user. This action expects the User entity in the username@domain format.

Parameters

N/A

Use cases

Get manager contact details.

Run On

This action runs on the User entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
[
    {
        "EntityResult":
        {
            "displayName": "manager@example.com",
            "mobilePhone": "1212-12312-123",
            "@odata.context": "graph.microsoft.com"
        },
        "Entity": "user@example.com"
    }
]
Entity Enrichment

Manager contact details are returned if JSON is returned.

Enrichment Field Name Logic - When to apply
Display Name Returns if it exists in JSON result
Mobile Phone Returns if it exists in JSON result
@odata.context Returns if it exists in JSON result
Case Wall
Result Type Value / Description Type
Output message*

If successful: "User manager details were fetched successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Could not fetch user manager's details successfully."

General
Table Manager Contact {Name, Mobile Phone} Entity

Enable Account

Enable account in Microsoft Entra ID. This action expects the User entity in the username@domain format.

Parameters

N/A

Use cases

Enable a user account whose account was suspended:

  1. List users. Confirm their ID/username.
  2. Using the ID/username, activate user.

Run On

This action runs on the User entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A
Case Wall
Result Type Value / Description Type
Output message*

If successful: "User account Enabled successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Enable user account was not successful."

General

Disable Account

Disable account in Microsoft Entra ID. This action expects the User entity in the username@domain format.

Permissions required

The action requires an Microsoft Entra ID account with administrative privileges to execute.

Parameters

N/A

Use cases

Suspend an account under investigation:

  1. List users. Find the username/ID.
  2. Disable user account.

Run On

This action runs on the user entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A
Case Wall
Result Type Value / Description Type
Output message*

If successful: "User account disabled successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Disable user account was not successful."

General

Force Password Update

Force password update for user so the user will have to change their password on the next login. This action expects the User entity in the username@domain format.

Prerequisites

Make sure you have assigned the Password Administrator role to your application:

  1. Sign in to the Azure portal using your Microsoft account.
  2. In Microsoft Entra ID, search for Roles and administrators.
  3. Select or search for Password Administrator from the list.
  4. Click Add Assignment.
  5. Select member and click Next.
  6. Enter justification and click Assign.

Parameters

N/A

Use cases

Force password Update:

  1. A policy triggers the expiry of a user set password lifetime.
  2. Force user password.

Run On

This action runs on the User entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result

Result: HTTP 204:No content

N/A
Case Wall
Result Type Value / Description Type
Output message*

If successful: "Force password Update on user was successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Attempt to Force user password update was not successful."

General

Reset User Password

Change user password to the password specified in the action. The user will have to change their password on the next login. This action expects the user entity in the username@domain format.

Prerequisites

Make sure you have assigned the Password Administrator role to your application:

  1. Sign in to the Azure portal using your Microsoft account.
  2. In Microsoft Entra ID, search for Roles and administrators.
  3. Select or search for Password Administrator from the list.
  4. Click Add Assignment.
  5. Select member and click Next.
  6. Enter justification and click Assign.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Password Password N/A Yes User Authentication password.

Use cases

Reset password:

  1. Get user details.
  2. Change their password.

Run On

This action runs on the User entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A
Case Wall
Result Type Value / Description Type
Output message*

If successful: "User password was reset successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "User password reset was not successful."

General

List Groups

List Microsoft Entra ID groups based on the specified search criteria. This action is not working on entities. Additionally, filtering works on the Name field.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Order By Field List displayName No Specifies the field based on which the results are ordered.
Order by List ASC No Specifies the result order.
Filter Logic DDL

Equal

Possible values:

  • Equal
  • Contains
No

Specify the filter logic that should be applied.

Filtering works on the Name field.

Filter Value String N/A No

Specify the value that should be used in the filter.

If "Equal" is selected, the action tries to find the exact match among results.

If "Contains" is selected, the action tries to find results that contain the provided substring.

If nothing is provided in this parameter, the filter is not applied.

Filtering works on the Name field.

Use cases

Confirm groups

  1. User wants to confirm the group existing in Microsoft Entra ID.
  2. User lists the groups.

Run On

GENERAL

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result

Group list data JSON is returned.

[
    {
        "Group Type": "managed",
        "Id": "1212-12312-123",
        "Name": "Group Name",
        "Description": "This group is ...",
        "Created Time":"2019-10-24T19:10:18Z"
    }
]
Entity Enrichment
Enrichment Field Name Logic - When to apply
Group Type Returns if it exists in JSON result
ID Returns if it exists in JSON result
Name Returns if it exists in JSON result
Description Returns if it exists in JSON result
Created Time Returns if it exists in JSON result
Case Wall
Result Type Value / Description Type
Output message*

If successful: "Groups list was fetched successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Groups list fetch was not successful."

General
Table Groups {Name, id, Description, Mail, Created Time, Group Type} Entity

Enrich User

Enrich the User entity with information from Microsoft Entra ID. This action expects the User entity in the username@domain format.

Parameters

N/A

Use cases

Enrich user: Get information on the user.

Run On

This action runs on the User entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result

User data JSON is returned.

[
    {
        "EntityResult": {
            "displayName": "Test User",
            "mobilePhone": "0001110001",
            "preferredLanguage": "English",
            "jobTitle": "Engineer",
            "userPrincipalName":"test_user@example.com"
        },
        "Entity": "test_user@example.com"
    }
]
Entity Enrichment
Enrichment Field Name Logic - When to apply
AAD_Name Returns if it exists in JSON result
AAD_Mobile Phone Returns if it exists in JSON result
AAD_Preferred Language Returns if it exists in JSON result
AAD_Job Title Returns if it exists in JSON result
AAD_Username Returns if it exists in JSON result
Case Wall
Result Type Value / Description Type
Output message*

If successful: "User details were fetched successfully:{username}."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Users list fetch was not successful."

General
Table User Table Entity

Enrich Host

Enrich the Host entity with information from Microsoft Entra ID. This action finds a match for a provided Host entity based on the devices displayName field in Microsoft Entra ID.

Parameters

N/A

Use cases

Enrich host: Get information on host.

Run On

This action runs on the Host entity.

Action Results

Entity Enrichment
Enrichment Field Name Logic - When to apply
AAD_Name Returns if it exists in JSON result
AAD_Enabled Returns if it exists in JSON result
AAD_Property Device ID Returns if it exists in JSON result
AAD_OS Returns if it exists in JSON result
AAD_Version Returns if it exists in JSON result
AAD_Profile Type Returns if it exists in JSON result
AAD_Compliant Returns if it exists in JSON result
AAD_Last Sign In Returns if it exists in JSON result
Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result

Host data in JSON is returned.

[
    {
        "EntityResult": {
            "deletedDateTime": "1234569",
            "complianceExpirationDateTime": "1234567",
            "profileType": "RegisteredDevice",
            "key": "007",
            "if":"889922-aaaa-123123"
        },
        "Entity": "us-lt-v13001"
    }
]
Entity Enrichment
Enrichment Field Name Logic - When to apply
AAD_Name Returns if it exists in JSON result
AAD_Enabled Returns if it exists in JSON result
AAD_Property Device ID Returns if it exists in JSON result
AAD_OS Returns if it exists in JSON result
AAD_Version Returns if it exists in JSON result
AAD_Profile Type Returns if it exists in JSON result
AAD_Compliant Returns if it exists in JSON result
AAD_Last Sign In Returns if it exists in JSON result
Case Wall
Result Type Value / Description Type
Output message*

If successful: "Host details were fetched successfully:{hostname}."

If errors: "Some errors occurred. Please check log."

If unsuccessful: "Host details were not found."

General
Table Host Table Entity

Is User in Group

Check if the user has membership in a specific Microsoft Entra ID group. This action expects the User entity in the username@domain format and group ID in the 00e40000-1971-439d-80fc-d0e000001dbd format.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Group ID String N/A Yes Microsoft Entra ID group ID in the 00e40000-1971-439d-80fc-d0e000001dbd format.

Use cases

Confirm the group membership of a user:

  1. List groups. Get the group ID.
  2. Find if a user is in a group.

Run On

This action runs on the User entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result

Group details JSON is returned. Example:

[
    {
        "EntityResult": "true",
        "Entity": "user@example.com"
    }
]
Case Wall
Result Type Value / Description Type
Output message*

If successful: "The following user was found in the group:{user}."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "User was not found in the group."

General

Add User to a Group

Add a user to a specific Microsoft Entra ID group. This action expects the User entity in the username@domain format and group ID in the 00e40000-1971-439d-80fc-d0e000001dbd format.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Group ID String N/A Yes Microsoft Entra ID group ID in the 00e40000-1971-439d-80fc-d0e000001dbd format.

Use cases

Add a new member:

  1. Get user. Confirm user ID.
  2. List groups. Confirm group ID to add member.
  3. Add the member to a group using user and group ID.

Run On

This action runs on the user entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
Case Wall
Result Type Value / Description Type
Output message*

If successful: "Member {id} was added to group {id} successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Member could not be added successfully."

General

Ping

Test connectivity to the Microsoft Entra ID service with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.

Use cases

Test Connectivity.

Run On

This action runs on all entities.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
Case Wall
Result Type Value / Description Type
Output message*

If successful: "Connection Established successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Connection could not be established successfully."

General

Revoke User Session

Revoke user session. Supported entities: Username, Email Address (username that matches email regex).

Parameters

N/A

Use Cases

N/A

Run On

This action runs on the Username entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON result
{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Edm.Boolean",
    "value": true
}

If the user is not found:

{
    "error": "User not found."
}
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

If the 200 status code is reported for one user (is_success=true): "Successfully revoked sessions for the following users Azure AD: {entity.identifier}"

If the user is not found (is_success=true): "Action wasn't able to find the following users in Azure AD: {entity.identifier}"

If all users are not found (is_success=false): "None of the provided users were found in Azure AD."

The action should fail and stop a playbook execution:

If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "Revoke User Session". Reason: {0}''.format(error.Stacktrace)"

General

List User's Groups Membership

List Microsoft Entra ID groups the user is a member of.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
User Name String (CSV) N/A No

Specify the username to return groups membership for.

User name should be specified in the username@domain format.

Parameter accepts multiple values as a comma-separated string.

Return Only Security Enabled Groups Checkbox Unchecked No If enabled, only security groups that the user is a member of are returned.
Return Detailed Groups Information Checkbox Unchecked No If enabled, detailed information on the AD groups is returned.
Filter Key DDL

Select One

Possible values:

  • Select One
  • Group Display Name
  • Group Description
No Specify the key that needs to be used to filter groups.
Filter Logic DDL

Not Specified

Possible values:

  • Not Specified
  • Equal
  • Contains
No

Specify the filter logic that should be applied.

Filtering logic works based on the value provided in the "Filter Key" parameter.

Filter Value String N/A No

Specify the value that should be used in the filter.

If "Equal" is selected, the action tries to find the exact match among results.

If "Contains" is selected, the action tries to find results that contain the provided substring.

If nothing is provided in this parameter, the filter will not be applied.

Filtering logic works based on the value provided in the "Filter Key" parameter.

Max Records To Return Integer 50 No

Specify the number of records to return.

If nothing is provided, action will return 50 records.

Run On

This action runs on the Username entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON result
{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(Edm.String)",
    "value": [
        "d25ca1b5-c61c-4f7f-8d44-24c64e05a035",
        "59a278af-e84f-48ed-acab-84b64dcee830",
        "bf4ec937-31f5-467b-a0d4-0bb71b68ecc1",
        "a8356f85-7b28-4118-a7e2-ea07cbf1ab55",
        "1f54a09d-dc84-469e-925d-db7e40391dbb",
        "192c0699-fad2-4d02-88a2-84efd6369894",
        "ee820b05-6cb4-4496-b441-b6f744358536",
        "37220e2c-ad25-4ffc-891d-f6c71dca4792",
        "c084d2c7-a7e6-47a5-921b-0c32c3ab41d1",
        "b8e1af87-3083-46d0-8e7d-6c953eced5c5"
    ]
}
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

If data is available (is_success=true): "Successfully found groups for the provided criteria for the following entities: ".

If the provided username is not found (is_success=false): "The following entities were not found in the Azure AD: ."

If data is not available (is_success=false): "No groups were found in Azure Active Directory for the following entities: "

If the "Filter Value" parameter is empty (is_success=true): "The filter was not applied, because the "Filter Value" parameter has an empty value."

The action should fail and stop a playbook execution:

If the "Filter Key" is set to "Select One" and the "Filter Logic" parameter is set to "Equal" or "Contains": "Error executing action "List User's Groups Membership"." Reason: you need to select a field from the "Filter Key" parameter.

If the provided username is not found in Azure AD: "Error executing action "Remove User from the Group"." Reason: Provided username was not found in the Azure Active Directory.

If an invalid value is provided for the "Max Records to Return" parameter: "Error executing action "List User's Groups Membership"." Reason: "Invalid value was provided for "Max Records to Return": . Positive number should be provided".

If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "List User's Groups Membership"." Reason: {0}''.format(error.Stacktrace

General
Case Wall Table

Table Name: Groups Memberships

Table Columns:

  • ID
  • Display Name
  • Description
  • Security Enabled
  • Security Identifier
  • Created DateTime Classification
  • Visibility
  • Mail
  • Mail Enabled
  • Mail Nickname
General

List Members in the Group

List members in the specified Microsoft Entra ID group.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
User Name String (CSV) N/A No

Specify the username to return groups membership for.

User name should be specified in the username@domain format.

Parameter accepts multiple values as a comma-separated string.

Return Only Security Enabled Groups Checkbox Unchecked No If enabled, only security groups that the user is a member of is returned.
Return Detailed Groups Information Checkbox Unchecked No If enabled, detailed information on the AD groups is returned.
Filter Key DDL

Select One

Possible Values:

  • Select One
  • Group Display Name
  • Group Description
No Specify the key that needs to be used to filter groups.
Filter Logic DDL

Not Specified

Possible Values:

  • Not Specified
  • Equal
  • Contains
No

Specify the filter logic that should be applied.

Filtering logic works based on the value provided in the "Filter Key" parameter.

Filter Value String N/A No

Specify the value that should be used in the filter.

If "Equal" is selected, the action tries to find the exact match among results.

If "Contains" is selected, the action tries to find results that contain the provided substring.

If nothing is provided in this parameter, the filter is not applied.

Filtering logic works based on the value provided in the "Filter Key" parameter.

Max Records To Return Integer 50 No

Specify the number of records to return.

If nothing is provided, action will return 50 records.

Group ID String N/A No

Specify the ID of the group in which you want to list the members.

If both the "Group Name" parameter and the "Group ID" parameter are provided, then the "Group ID" parameter has priority.

Example of the ID: 00e40000-1971-439d-80fc-d0e000001dbd.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON result
{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(Edm.String)",
    "value": [
        "d25ca1b5-c61c-4f7f-8d44-24c64e05a035",
        "59a278af-e84f-48ed-acab-84b64dcee830",
        "bf4ec937-31f5-467b-a0d4-0bb71b68ecc1",
        "a8356f85-7b28-4118-a7e2-ea07cbf1ab55",
        "1f54a09d-dc84-469e-925d-db7e40391dbb",
        "192c0699-fad2-4d02-88a2-84efd6369894",
        "ee820b05-6cb4-4496-b441-b6f744358536",
        "37220e2c-ad25-4ffc-891d-f6c71dca4792",
        "c084d2c7-a7e6-47a5-921b-0c32c3ab41d1",
        "b8e1af87-3083-46d0-8e7d-6c953eced5c5"
    ]
}
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

If data is available (is_success=true): "Successfully found members for the provided criteria in Azure AD group".

If data is not available (is_success=false): "No members were found for the provided criteria in Azure AD group."

If the "Filter Value" parameter is empty (is_success=true): "The filter was not applied, because parameter "Filter Value" has an empty value."

The action should fail and stop a playbook execution:

If the provided group name is not found in Azure AD: "Error executing action "List Members in Group"." Reason: Provided group name was not found in the Azure Active Directory.

If the "Filter Key" is set to "Select One" and the "Filter Logic" is set to "Equal" or "Contains": "Error executing action "List Members in Group"." Reason: you need to select a field from the "Filter Key" parameter.

If an invalid value is provided for the "Max Records to Return" parameter: "Error executing action "List Members in Group"." Reason: "Invalid value was provided for "Max Records to Return": . Positive number should be provided".

If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "List Users in Group"." Reason: {0}''.format(error.Stacktrace)

If the "Group ID" and "Group Name" parameters are not specified: "Error executing action "Remove User from a Group". Either "Group ID" or "Group Name" needs to be provided."

General
Case Wall Table

Table Name: Available members of the group

Table Columns:

  • Id
  • User Principal Name
  • Display Name
  • Surname
  • Given Name
  • Mail
  • Job Title
  • Business Phones
  • Mobile Phone
  • Office Location
  • Preferred Language
General

Remove User from the Group

Remove a user from the specified group.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
User Name String (CSV) N/A No

Specify the username to remove from the target group.

Username should be specified in the username@domain format.

Parameter accepts multiple values as a comma-separated string.

Group Name String N/A No Specify the group name from which you want to remove the user.
Group ID String N/A No

Specify the ID of the group from which you want to remove the user.

If both the "Group Name" parameter and the "Group ID" parameter are provided, then the "Group ID" parameter will have priority.

Example of the id: 00e40000-1971-439d-80fc-d0e000001dbd.

Run On

This action runs on the Username entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

If data is available (is_success=true): "Successfully removed the following entities from the Azure AD group : ".

If the 404 status code is reported (is_success=false): "The following entities were not found in the Azure AD: ."

If the 404 status code is reported for all of the provided entities (is_success=false): "No usernames were removed from the Azure AD group ."

The action should fail and stop a playbook execution:

If the provided group name is not found in Azure AD: "Error executing action "List Members in Group"." Reason: Provided group name was not found in the Azure Active Directory.

If the provided username is not found in Azure AD: Error executing action "Remove User from the Group". Reason: Provided username was not found in the Azure Active Directory.

If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "List Users in Group"." Reason: {0}''.format(error.Stacktrace)

If the "Group ID" and "Group Name" parameters are not specified: "Error executing action "Remove User from a Group". Either "Group ID" or "Group Name" needs to be provided."

General