Skip to main content

Office 365 AD User Blocker/Unblocker

Enable and Disable User Account using Missing TimeSheets

Requirements:

  • Azure AD
  • Azure AD App registration with Microsoft Graph Permissions:
    • User.ManageIdentities.All
    • User.ReadWrite.All
  • User With adusername = email address
  • user With Timesheet Required
  • Configuration Key "AzureADKeys"
{
"TenantId": "*",
"ClientId": "*",
"ClientSecret": "*"
}
  • Global Query "GetDelinquentUsers"
SELECT  ssu.Oid, ssu.UserName, u.AdUserName 
FROM SecuritySystemUser ssu, [User] u
WHERE ssu.Oid = u.Oid
AND u.HasToFillTimesheets = 1
AND u.AdUserName LIKE '%@%.%'

Block Workflow

Payload from GetDelinquentUsers Global Query:

{
"Data": [
{
"Oid": "7744be77-4370-4936-8d3d-61cb772ba545",
"UserName": "Adam",
"AdUserName":"adam@aduserdomain.org"
}
}

Unblock Workflow

  • Webhook for document Type Skill.Module.BusinessObjects.UnblockUserRequest pointing to Automation
  • Automation:

Payload from WebHook Example:

{
"secret": null,
"event": {
"id": "7744be77-4370-4936-8d3d-61cb772ba545",
...
},
"details": {
"userName": "adam@aduserdomain.org",
"requestUtcDate": "2021-08-03T14:11:37.2064188Z",
...
}
}
}