Permissions Management API operations quick reference for Azure authorization systems

The permissions management APIs enable you to discover permissions assigned to all identities across multiple clouds; request permissions; approve, reject, and cancel permissions requests. This article provides a quick reference guide for API operations on Azure authorization systems, supported through the permissions management APIs.

Get all authorization systems

List all authorization systems onboarded to Permissions Management.

GET https://graph.microsoft.com/beta/external/authorizationSystems

Filter authorization systems by name.

GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=contains(authorizationSystemName, 'cloud')

Get an authorization system

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}

List Azure authorization systems

List Azure authorization systems onboarded to Permissions Management by filtering by the authorizationSystemType property.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'azure'

C#

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'azure'";
});

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

mgc-beta external authorization-systems list --filter "authorizationSystemType eq 'azure'"

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
	  //other-imports
)


requestFilter := "authorizationSystemType eq 'azure'"

requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
	Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
	requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'azure'";
});

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let authorizationSystems = await client.api('/external/authorizationSystems')
	.version('beta')
	.filter('authorizationSystemType eq \'azure\'')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'azure'";
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Import-Module Microsoft.Graph.Beta.Search

Get-MgBetaExternalAuthorizationSystem -Filter "authorizationSystemType eq 'azure'" 

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
		filter = "authorizationSystemType eq 'azure'",
)

request_configuration = RequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

List Azure authorization systems onboarded to Permissions Management.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/microsoft.graph.azureAuthorizationSystem

C#

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems["{authorizationSystem-id}"].GetAsync();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

mgc-beta external authorization-systems get --authorization-system-id {authorizationSystem-id}

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)


// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().ByAuthorizationSystemId("authorizationSystem-id").Get(context.Background(), nil)

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AuthorizationSystem result = graphClient.external().authorizationSystems().byAuthorizationSystemId("{authorizationSystem-id}").get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureAuthorizationSystem = await client.api('/external/authorizationSystems/microsoft.graph.azureAuthorizationSystem')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

<?php
use Microsoft\Graph\Beta\GraphServiceClient;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$result = $graphServiceClient->external()->authorizationSystems()->byAuthorizationSystemId('authorizationSystem-id')->get()->wait();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Import-Module Microsoft.Graph.Beta.Search

Get-MgBetaExternalAuthorizationSystem -AuthorizationSystemId $authorizationSystemId

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.external.authorization_systems.by_authorization_system_id('authorizationSystem-id').get()

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Identify all Azure authorization systems that are online and have permissions modification capability enabled.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'

C#

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

mgc-beta external authorization-systems list --filter "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
	  //other-imports
)


requestFilter := "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"

requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
	Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
	requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let authorizationSystems = await client.api('/external/authorizationSystems')
	.version('beta')
	.filter('authorizationSystemType eq \'azure\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq \'enabled\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq \'online\'')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Import-Module Microsoft.Graph.Beta.Search

Get-MgBetaExternalAuthorizationSystem -Filter "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'" 

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
		filter = "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'",
)

request_configuration = RequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get identities in an Azure authorization system

List all identities

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let all = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get one identity

By primary key ID.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all/{id}

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureIdentity = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

By alternate key externalId.

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all(externalId='{externalId}')

Get Azure managed identities

List all Azure managed identities

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let managedIdentities = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get one Azure managed identity

By primary key managed identity ID.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities/{id}

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureManagedIdentity = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

By alternate key externalId.

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities(externalId='{externalId}')

Get Azure users

List all Azure users

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let users = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get one Azure user

By primary key user ID.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users/{id}

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureUser = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

By alternate key externalId.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users(externalId='{externalId}')

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureUser = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get Azure service principals

List all Azure service principals

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let servicePrincipals = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get one Azure service principal

By primary key user ID.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals/{id}

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureServicePrincipal = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

By alternate key externalId.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals(externalId='{externalId}')

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureServicePrincipal = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get actions

List all actions

List all actions.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

List actions for a specific service in an Azure authorization system.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions?$filter=service/id eq 'Microsoft.Storage'

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions')
	.version('beta')
	.filter('service/id eq \'Microsoft.Storage\'')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

List high-risk delete actions for a specific service in the Azure authorization system

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions?$filter=service/id eq 'Microsoft.Storage' and severity eq 'high' and actionType eq 'delete'

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions')
	.version('beta')
	.filter('service/id eq \'Microsoft.Storage\' and severity eq \'high\' and actionType eq \'delete\'')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get an action

By primary key action ID.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions/{id}

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureAuthorizationSystemTypeAction = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

By alternate key externalId.

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions(externalId={externalId})

Get resources

List all resources

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let resources = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get a resource

By primary key resource ID.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources/{id}

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureAuthorizationSystemResource = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

By alternate key externalId.

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources(externalId={externalId})

Get role definition

List all role definitions

List all role definitions.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let roleDefinitions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

List all role definitions by assignable scopes.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{computedId}/graph.azureAuthorizationSystem/roleDefinitions?$filter=assignableScopes/any(p:p eq '/' or '/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee' or '/subscriptions/e160b34b-2a0f-41f6-aaf3-09c5a9f43768/resourceGroups/2eResourceGroup')

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let roleDefinitions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get a role definition

By primary key role definition ID assigned by Permissions Management.

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions/{id}

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let azureRoleDefinition = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

By alternate key externalId which is the globally unique ID of the role in Microsoft Azure.

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/policies(externalId='{externalId}')

Get services

List all services

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/services

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let services = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/services')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Get a service

HTTP

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/services/{id}

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

let authorizationSystemTypeService = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/services/{id}')
	.version('beta')
	.get();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Request an Azure action

HTTP

POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json

{
  "requestedPermissions": {
    "@odata.type": "microsoft.graph.singleResourceAzurePermissionsDefinition",
    "authorizationSystemInfo": {
      "authorizationSystemId": "87eefd90-95a3-480a-ba42-56ff299a05ee",
      "authorizationSystemType": "AZURE"
    },
    "actionInfo": {
      "@odata.type": "microsoft.graph.azureActionPermissionsDefinitionAction",
      "actions": ["Microsoft.Authorization/roleassignments/read", "Microsoft.Authorization/roleassignments/write"]
    },
    "identityInfo": {
      "externalId": "alex@adatum.com"",
      "source": {
        "@odata.type": "microsoft.graph.edIdentitySource"
      },
      "identityType": "user"
    },
    "resourceId": "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"
  },
  "justification": "I need to do this because I want to access AAD resources",
  "notes": "Pretty Pleaseeeee",
  "scheduleInfo": {
    "startDateTime": null,
    "expiration": {
      "duration": "PT1H"
    },
    "recurrence": null
  },
  "ticketInfo": {
    "ticketNumber": "INC1234567",
    "ticketSystem": "ServiceNow",
    "ticketSubmitterIdentityId": "alex@contoso.com",
    "ticketApproverIdentityId": "alexmanager@contoso.com"
  }
}

C#

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

mgc-beta identity-governance permissions-management scheduled-permissions-requests post --body '{\
  "requestedPermissions": {\
    "@odata.type": "microsoft.graph.singleResourceAzurePermissionsDefinition",\
    "authorizationSystemInfo": {\
      "authorizationSystemId": "87eefd90-95a3-480a-ba42-56ff299a05ee",\
      "authorizationSystemType": "AZURE"\
    },\
    "actionInfo": {\
      "@odata.type": "microsoft.graph.azureActionPermissionsDefinitionAction",\
      "actions": ["Microsoft.Authorization/roleassignments/read", "Microsoft.Authorization/roleassignments/write"]\
    },\
    "identityInfo": {\
      "externalId": "alex@adatum.com"",\
      "source": {\
        "@odata.type": "microsoft.graph.edIdentitySource"\
      },\
      "identityType": "user"\
    },\
    "resourceId": "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"\
  },\
  "justification": "I need to do this because I want to access AAD resources",\
  "notes": "Pretty Pleaseeeee",\
  "scheduleInfo": {\
    "startDateTime": null,\
    "expiration": {\
      "duration": "PT1H"\
    },\
    "recurrence": null\
  },\
  "ticketInfo": {\
    "ticketNumber": "INC1234567",\
    "ticketSystem": "ServiceNow",\
    "ticketSubmitterIdentityId": "alex@contoso.com",\
    "ticketApproverIdentityId": "alexmanager@contoso.com"\
  }\
}\
'

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const scheduledPermissionsRequest = {
  requestedPermissions: {
    '@odata.type': 'microsoft.graph.singleResourceAzurePermissionsDefinition',
    authorizationSystemInfo: {
      authorizationSystemId: '87eefd90-95a3-480a-ba42-56ff299a05ee',
      authorizationSystemType: 'AZURE'
    },
    actionInfo: {
      '@odata.type': 'microsoft.graph.azureActionPermissionsDefinitionAction',
      actions: ['Microsoft.Authorization/roleassignments/read', 'Microsoft.Authorization/roleassignments/write']
    },
    identityInfo: {
      externalId: 'alex@adatum.com'",
      source: {
        '@odata.type': 'microsoft.graph.edIdentitySource'
      },
      identityType: 'user'
    },
    resourceId: '/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee'
  },
  justification: 'I need to do this because I want to access AAD resources',
  notes: 'Pretty Pleaseeeee',
  scheduleInfo: {
    startDateTime: null,
    expiration: {
      duration: 'PT1H'
    },
    recurrence: null
  },
  ticketInfo: {
    ticketNumber: 'INC1234567',
    ticketSystem: 'ServiceNow',
    ticketSubmitterIdentityId: 'alex@contoso.com',
    ticketApproverIdentityId: 'alexmanager@contoso.com'
  }
};

await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
	.version('beta')
	.post(scheduledPermissionsRequest);

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

Snippet not available

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Request an Azure role

HTTP

POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json

{
  "requestedPermissions": {
    "@odata.type": "microsoft.graph.singleResourceAzurePermissionsDefinition",
    "authorizationSystemInfo": {
      "authorizationSystemId": "87eefd90-95a3-480a-ba42-56ff299a05ee",
      "authorizationSystemType": "AZURE"
    },
    "actionInfo": {
      "@odata.type": "microsoft.graph.azureRolePermissionsDefinitionAction",
      "roles": [
        {
          "id": "cdda3590-29a3-44f6-95f2-9f980659eb04"
        },
        {
          "id": "312a565d-c81f-4fd8-895a-4e21e48d571c"
        }
      ]
    },
    "identityInfo": {
      "externalId": "alex@contoso.com",
      "source": {
        "@odata.type": "microsoft.graph.edIdentitySource"
      },
      "identityType": "user"
    },
    "resourceId": "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"
  },
  "justification": "I need to do this because I want to some new azure roles",
  "notes": "Pretty Pleaseeeee",
  "scheduleInfo": {
    "expiration": {
      "duration": "PT1H"
    },
    "recurrence": null
  },
  "ticketInfo": {
    "ticketNumber": "INC1234567",
    "ticketSystem": "ServiceNow",
    "ticketSubmitterIdentityId": "alex@contoso.com",
    "ticketApproverIdentityId": "alexmanager@contoso.com"
  }
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new ScheduledPermissionsRequest
{
	RequestedPermissions = new SingleResourceAzurePermissionsDefinition
	{
		OdataType = "microsoft.graph.singleResourceAzurePermissionsDefinition",
		AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
		{
			AuthorizationSystemId = "87eefd90-95a3-480a-ba42-56ff299a05ee",
			AuthorizationSystemType = "AZURE",
		},
		ActionInfo = new AzureRolePermissionsDefinitionAction
		{
			OdataType = "microsoft.graph.azureRolePermissionsDefinitionAction",
			Roles = new List<PermissionsDefinitionAzureRole>
			{
				new PermissionsDefinitionAzureRole
				{
					Id = "cdda3590-29a3-44f6-95f2-9f980659eb04",
				},
				new PermissionsDefinitionAzureRole
				{
					Id = "312a565d-c81f-4fd8-895a-4e21e48d571c",
				},
			},
		},
		IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
		{
			ExternalId = "alex@contoso.com",
			Source = new EdIdentitySource
			{
				OdataType = "microsoft.graph.edIdentitySource",
			},
			IdentityType = PermissionsDefinitionIdentityType.User,
		},
		ResourceId = "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee",
	},
	Justification = "I need to do this because I want to some new azure roles",
	Notes = "Pretty Pleaseeeee",
	ScheduleInfo = new RequestSchedule
	{
		Expiration = new ExpirationPattern
		{
			Duration = TimeSpan.Parse("PT1H"),
		},
		Recurrence = null,
	},
	TicketInfo = new TicketInfo
	{
		TicketNumber = "INC1234567",
		TicketSystem = "ServiceNow",
		TicketSubmitterIdentityId = "alex@contoso.com",
		TicketApproverIdentityId = "alexmanager@contoso.com",
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

CLI

mgc-beta identity-governance permissions-management scheduled-permissions-requests post --body '{\
  "requestedPermissions": {\
    "@odata.type": "microsoft.graph.singleResourceAzurePermissionsDefinition",\
    "authorizationSystemInfo": {\
      "authorizationSystemId": "87eefd90-95a3-480a-ba42-56ff299a05ee",\
      "authorizationSystemType": "AZURE"\
    },\
    "actionInfo": {\
      "@odata.type": "microsoft.graph.azureRolePermissionsDefinitionAction",\
      "roles": [\
        {\
          "id": "cdda3590-29a3-44f6-95f2-9f980659eb04"\
        },\
        {\
          "id": "312a565d-c81f-4fd8-895a-4e21e48d571c"\
        }\
      ]\
    },\
    "identityInfo": {\
      "externalId": "alex@contoso.com",\
      "source": {\
        "@odata.type": "microsoft.graph.edIdentitySource"\
      },\
      "identityType": "user"\
    },\
    "resourceId": "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"\
  },\
  "justification": "I need to do this because I want to some new azure roles",\
  "notes": "Pretty Pleaseeeee",\
  "scheduleInfo": {\
    "expiration": {\
      "duration": "PT1H"\
    },\
    "recurrence": null\
  },\
  "ticketInfo": {\
    "ticketNumber": "INC1234567",\
    "ticketSystem": "ServiceNow",\
    "ticketSubmitterIdentityId": "alex@contoso.com",\
    "ticketApproverIdentityId": "alexmanager@contoso.com"\
  }\
}\
'

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Go

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewSingleResourceAzurePermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "87eefd90-95a3-480a-ba42-56ff299a05ee"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId) 
authorizationSystemType := "AZURE"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType) 
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAzureRolePermissionsDefinitionAction()


permissionsDefinitionAzureRole := graphmodels.NewPermissionsDefinitionAzureRole()
id := "cdda3590-29a3-44f6-95f2-9f980659eb04"
permissionsDefinitionAzureRole.SetId(&id) 
permissionsDefinitionAzureRole1 := graphmodels.NewPermissionsDefinitionAzureRole()
id := "312a565d-c81f-4fd8-895a-4e21e48d571c"
permissionsDefinitionAzureRole1.SetId(&id) 

roles := []graphmodels.PermissionsDefinitionAzureRoleable {
	permissionsDefinitionAzureRole,
	permissionsDefinitionAzureRole1,
}
actionInfo.SetRoles(roles)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "alex@contoso.com"
identityInfo.SetExternalId(&externalId) 
source := graphmodels.NewEdIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE 
identityInfo.SetIdentityType(&identityType) 
requestedPermissions.SetIdentityInfo(identityInfo)
resourceId := "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"
requestedPermissions.SetResourceId(&resourceId) 
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to some new azure roles"
requestBody.SetJustification(&justification) 
notes := "Pretty Pleaseeeee"
requestBody.SetNotes(&notes) 
scheduleInfo := graphmodels.NewRequestSchedule()
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration) 
scheduleInfo.SetExpiration(expiration)
recurrence := null
scheduleInfo.SetRecurrence(&recurrence) 
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber) 
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem) 
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId) 
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId) 
requestBody.SetTicketInfo(ticketInfo)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
SingleResourceAzurePermissionsDefinition requestedPermissions = new SingleResourceAzurePermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.singleResourceAzurePermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("87eefd90-95a3-480a-ba42-56ff299a05ee");
authorizationSystemInfo.setAuthorizationSystemType("AZURE");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AzureRolePermissionsDefinitionAction actionInfo = new AzureRolePermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.azureRolePermissionsDefinitionAction");
LinkedList<PermissionsDefinitionAzureRole> roles = new LinkedList<PermissionsDefinitionAzureRole>();
PermissionsDefinitionAzureRole permissionsDefinitionAzureRole = new PermissionsDefinitionAzureRole();
permissionsDefinitionAzureRole.setId("cdda3590-29a3-44f6-95f2-9f980659eb04");
roles.add(permissionsDefinitionAzureRole);
PermissionsDefinitionAzureRole permissionsDefinitionAzureRole1 = new PermissionsDefinitionAzureRole();
permissionsDefinitionAzureRole1.setId("312a565d-c81f-4fd8-895a-4e21e48d571c");
roles.add(permissionsDefinitionAzureRole1);
actionInfo.setRoles(roles);
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
EdIdentitySource source = new EdIdentitySource();
source.setOdataType("microsoft.graph.edIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
requestedPermissions.setResourceId("/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee");
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to some new azure roles");
scheduledPermissionsRequest.setNotes("Pretty Pleaseeeee");
RequestSchedule scheduleInfo = new RequestSchedule();
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduleInfo.setRecurrence(null);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const scheduledPermissionsRequest = {
  requestedPermissions: {
    '@odata.type': 'microsoft.graph.singleResourceAzurePermissionsDefinition',
    authorizationSystemInfo: {
      authorizationSystemId: '87eefd90-95a3-480a-ba42-56ff299a05ee',
      authorizationSystemType: 'AZURE'
    },
    actionInfo: {
      '@odata.type': 'microsoft.graph.azureRolePermissionsDefinitionAction',
      roles: [
        {
          id: 'cdda3590-29a3-44f6-95f2-9f980659eb04'
        },
        {
          id: '312a565d-c81f-4fd8-895a-4e21e48d571c'
        }
      ]
    },
    identityInfo: {
      externalId: 'alex@contoso.com',
      source: {
        '@odata.type': 'microsoft.graph.edIdentitySource'
      },
      identityType: 'user'
    },
    resourceId: '/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee'
  },
  justification: 'I need to do this because I want to some new azure roles',
  notes: 'Pretty Pleaseeeee',
  scheduleInfo: {
    expiration: {
      duration: 'PT1H'
    },
    recurrence: null
  },
  ticketInfo: {
    ticketNumber: 'INC1234567',
    ticketSystem: 'ServiceNow',
    ticketSubmitterIdentityId: 'alex@contoso.com',
    ticketApproverIdentityId: 'alexmanager@contoso.com'
  }
};

await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
	.version('beta')
	.post(scheduledPermissionsRequest);

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PHP

<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\SingleResourceAzurePermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AzureRolePermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAzureRole;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\EdIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new SingleResourceAzurePermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.singleResourceAzurePermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('87eefd90-95a3-480a-ba42-56ff299a05ee');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AZURE');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AzureRolePermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.azureRolePermissionsDefinitionAction');
$rolesPermissionsDefinitionAzureRole1 = new PermissionsDefinitionAzureRole();
$rolesPermissionsDefinitionAzureRole1->setId('cdda3590-29a3-44f6-95f2-9f980659eb04');
$rolesArray []= $rolesPermissionsDefinitionAzureRole1;
$rolesPermissionsDefinitionAzureRole2 = new PermissionsDefinitionAzureRole();
$rolesPermissionsDefinitionAzureRole2->setId('312a565d-c81f-4fd8-895a-4e21e48d571c');
$rolesArray []= $rolesPermissionsDefinitionAzureRole2;
$requestedPermissionsActionInfo->setRoles($rolesArray);

$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new EdIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.edIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestedPermissions->setResourceId('/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee');
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to some new azure roles');
$requestBody->setNotes('Pretty Pleaseeeee');
$scheduleInfo = new RequestSchedule();
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$scheduleInfo->setRecurrence(null);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);

$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

PowerShell

Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	requestedPermissions = @{
		"@odata.type" = "microsoft.graph.singleResourceAzurePermissionsDefinition"
		authorizationSystemInfo = @{
			authorizationSystemId = "87eefd90-95a3-480a-ba42-56ff299a05ee"
			authorizationSystemType = "AZURE"
		}
		actionInfo = @{
			"@odata.type" = "microsoft.graph.azureRolePermissionsDefinitionAction"
			roles = @(
				@{
					id = "cdda3590-29a3-44f6-95f2-9f980659eb04"
				}
				@{
					id = "312a565d-c81f-4fd8-895a-4e21e48d571c"
				}
			)
		}
		identityInfo = @{
			externalId = "alex@contoso.com"
			source = @{
				"@odata.type" = "microsoft.graph.edIdentitySource"
			}
			identityType = "user"
		}
		resourceId = "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"
	}
	justification = "I need to do this because I want to some new azure roles"
	notes = "Pretty Pleaseeeee"
	scheduleInfo = @{
		expiration = @{
			duration = "PT1H"
		}
		recurrence = $null
	}
	ticketInfo = @{
		ticketNumber = "INC1234567"
		ticketSystem = "ServiceNow"
		ticketSubmitterIdentityId = "alex@contoso.com"
		ticketApproverIdentityId = "alexmanager@contoso.com"
	}
}

New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.single_resource_azure_permissions_definition import SingleResourceAzurePermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.azure_role_permissions_definition_action import AzureRolePermissionsDefinitionAction
from msgraph_beta.generated.models.permissions_definition_azure_role import PermissionsDefinitionAzureRole
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.ed_identity_source import EdIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
	requested_permissions = SingleResourceAzurePermissionsDefinition(
		odata_type = "microsoft.graph.singleResourceAzurePermissionsDefinition",
		authorization_system_info = PermissionsDefinitionAuthorizationSystem(
			authorization_system_id = "87eefd90-95a3-480a-ba42-56ff299a05ee",
			authorization_system_type = "AZURE",
		),
		action_info = AzureRolePermissionsDefinitionAction(
			odata_type = "microsoft.graph.azureRolePermissionsDefinitionAction",
			roles = [
				PermissionsDefinitionAzureRole(
					id = "cdda3590-29a3-44f6-95f2-9f980659eb04",
				),
				PermissionsDefinitionAzureRole(
					id = "312a565d-c81f-4fd8-895a-4e21e48d571c",
				),
			],
		),
		identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
			external_id = "alex@contoso.com",
			source = EdIdentitySource(
				odata_type = "microsoft.graph.edIdentitySource",
			),
			identity_type = PermissionsDefinitionIdentityType.User,
		),
		resource_id = "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee",
	),
	justification = "I need to do this because I want to some new azure roles",
	notes = "Pretty Pleaseeeee",
	schedule_info = RequestSchedule(
		expiration = ExpirationPattern(
			duration = "PT1H",
		),
		recurrence = None,
	),
	ticket_info = TicketInfo(
		ticket_number = "INC1234567",
		ticket_system = "ServiceNow",
		ticket_submitter_identity_id = "alex@contoso.com",
		ticket_approver_identity_id = "alexmanager@contoso.com",
	),
)

result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Cancel a permissions request by ID

Either the requestor or an administrator can cancel an approved request, while only the requestor can cancel a pending (statusDetail of submitted) request.

POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests/{id}/cancelAll

List details of all permission requests

GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges

List details of all permission requests filtered by the date they were modified

GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges?$filter=modificationDateTime gt {t}

Get details of a permissions request

GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges/{id}

Related content

• Discover, remediate, and monitor permissions in multicloud infrastructures using permissions management APIs (preview)