Azure AD integration - code samples
It is a list of code samples applicable to the Azure AD integration configuration. In this section:
- Correlation Rule - code sample
- Customization rule - code sample
- Provisioning Rule - Name - code sample
- Provisioning Rule - Display Name - code sample
- Provisioning Rule - Usage Location - code sample
- Leaver Rule - code sample
Correlation Rule
The following correlation rule establishes an Identity as the owner of the Azure AD account on the basis of the similarity if determined between the Identity’s Email and the Email property of the Azure AD account.
var account = readOnlyAccess360DbContext.Accounts
.Where(x => x.IntegrationId == integrationId && x.Id == accountId && !x.Terminated)
.SingleOrDefault();
if (account is not null)
{
if (account.Name.StartsWith("adm_"))
{
var accountPrincipal = account.Name.Replace("adm_", string.Empty);
if (!string.IsNullOrEmpty(accountPrincipal))
{
var ownerIdentityId = readOnlyAccess360DbContext.Identities
.Where(x => x.Email == accountPrincipal && !x.Terminated)
.Select(x => x.Id)
.SingleOrDefault();
if (ownerIdentityId != default)
{
return new(ownerIdentityId, OwnerType.Identity);
}
}
}
}
return null;Customization rule
The following customization rule determines the type of imported accounts based on the prefix that is set at the beginning of the value of the Name property of an Azure AD account.
var accountName = readOnlyAccess360DbContext.Accounts
.Where(x => x.IntegrationId == integrationId && x.Id == accountId && !x.Terminated)
.Select(x => x.Name)
.SingleOrDefault();
if (accountName is not null)
{
if (accountName.StartsWith("adm_"))
{
return (AccountType.PersonalPrivileged, null, null, null);
}
if (accountName.StartsWith("tmp_"))
{
return (AccountType.Temporary, null, null, null);
}
}
return (AccountType.Personal, null, null, null);Name
For the Name property of an Azure AD account, the following Provisioning Rule establishes the Name property of the Identity, where a space character is cut out; and then the name is concatenated in the beginning with a prefix determining the type of the account and in the end with a postfix determining the environment the account was created in. Afterwards, the name is concatenated with the at sign (i.e. '@') and the domain name of the organization.
Thus, the Name property of an Azure AD account is created being dependent on the Identity’s name and follows the standard format of the internet-style login.
var identityName = identity.Name;
if (identityName.Contains("@"))
{
identityName = identityName.Substring(0, identityName.IndexOf("@"));
}
var name = identityName.Replace(" ","") + "_sandbox";
if (accountType == AccountType.Temporary) name = "tmp_" + name;
if (accountType == AccountType.PersonalPrivileged) name = "adm_" + name;
if (accountType == AccountType.PrivilegedService) name = "adm_s_" + name;
return name + "@exampledomain.com";Display Name
For the Display Name property of an Azure AD account, the following Provisioning Rule establishes the Name property of the Identity, where a space character, if any, is cut out; the name is concatenated with a postfix determining the environment the account was created in; and finally, if the domain name exists, it is removed from the name together with the at sign (i.e. '@').
var identityName = identity.Name;
if (identityName.Contains("@"))
{
identityName = identityName.Substring(0, identityName.IndexOf("@"));
}
var name = identityName.Replace(" ","") + "_sandbox";
return name;Usage Location
For the Usage Location property of an Azure AD account, the following Provisioning Rule establishes a constant according to the Azure AD requirements, which is a two-letter country/region code aligned with ISO standard 3166. Examples: "US", "JP", and "GB". Not nullable. Required for users that will be assigned licenses due to the legal requirement to check for the availability of services in the countries/regions.
return "US";Leaver Rule
The Leaver Rule below shows an example of an established option out of the available ones in case of the Azure AD integration.
return (AccountTerminationBehavior.Delete, null, null);