Skip to main content

Office 365 AD User Blocker/Unblocker

Enable and Disable User Account using Missing TimeSheets#

Requirements:#

  • Azure AD
  • Azure AD App registration with Microsoft Graph Permissions:
    • User.ManageIdentities.All
    • User.ReadWrite.All
  • User With adusername = email address
  • user With Timesheet Required
  • Configuration Key "AzureADKeys"
{    "TenantId": "*",    "ClientId": "*",    "ClientSecret": "*"}
  • Global Query "GetDelinquentUsers"
SELECT  ssu.Oid, ssu.UserName, u.AdUserName FROM    SecuritySystemUser ssu, [User] u WHERE   ssu.Oid = u.Oid   AND   u.HasToFillTimesheets = 1   AND   u.AdUserName LIKE '%@%.%'

Block Workflow#

Payload from GetDelinquentUsers Global Query:#

{  "Data": [    {        "Oid": "7744be77-4370-4936-8d3d-61cb772ba545",        "UserName": "Adam",        "AdUserName":"adam@aduserdomain.org"    }}

Unblock Workflow#

  • Webhook for document Type Skill.Module.BusinessObjects.UnblockUserRequest pointing to Automation
  • Automation:

Payload from WebHook Example:#

{  "secret": null,  "event": {    "id": "7744be77-4370-4936-8d3d-61cb772ba545",    ...    },    "details": {      "userName": "adam@aduserdomain.org",      "requestUtcDate": "2021-08-03T14:11:37.2064188Z",      ...    }  }}