How to remove Azure Access Package User assignments using Graph API?

Are you looking to remove Access Package User assignments programmatically?




You have come to the right place. I will walk you through the steps to remove a User assignment from the Access Package.

Before we get into the procedure, I assume that you have an understanding of the following items. If not, please follow the links to learn.
Alright, straight to the point. How can I remove the user assignment? All you need is an Assignment id. That's it.

Use the below Graph API endpoint using the HTTP POST method with a request body as provided below. Make sure that you are feeding assignment id in the body.

Http Method: POST
Endpoint: https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests

Headers:
content-type: application/json

Body:
{
   "accessPackageAssignment": {
      "id": "<<assignment GUID>>"
   },
   "justification": "Admin remove",
   "requestType": "AdminRemove"
}

You can use the Microsoft Graph Explorer tool to test the API


Now that you know how to use graph API to remove user assignments, you can use this in any language that is capable of making web requests such as PowerShell, Dotnet core, nodejs, python.

Here is a sample code for C#

using Microsoft.Graph;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;
using System.Collections.Generic;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading.Tasks;

public async Task<AccessPackageAssignmentRequestObject> RemoveUserAssignment(string assignmentId)
{
    string[] scopes = new string[] { "EntitlementManagement.ReadWrite.All" };

    var clientApp = PublicClientApplicationBuilder
        .Create(this.AppId)
        .WithAuthority(this.LoginAuthority)
        .WithRedirectUri("http://localhost")
        .Build();

    InteractiveAuthenticationProvider authenticationProvider = new InteractiveAuthenticationProvider(clientApp, scopes);
    GraphServiceClient graphPublicClient = new GraphServiceClient(authenticationProvider);

    var accessPackageAssignmentRequest = new AccessPackageAssignmentRequestObject
    {
        RequestType = "AdminRemove",
        Justification = "Admin remove",
        AccessPackageAssignment = new AccessPackageAssignment
        {
            Id = assignmentId
        }
    };

    return await this.GraphPublicClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentRequests
         .Request()
         .AddAsync(accessPackageAssignmentRequest);
}

I hope this helped you. Thank you for visiting.

Comments

Popular posts from this blog

Nintex Forms (on-prem) Web Request Control Internals