Namespace: microsoft.graph.identityGovernance
Wichtig
Die APIs unter der /beta Version in Microsoft Graph können sich ändern. Die Verwendung dieser APIs in Produktionsanwendungen wird nicht unterstützt. Um festzustellen, ob eine API in v1.0 verfügbar ist, verwenden Sie die Version Selektor.
Erstellen Sie ein neues Workflowobjekt . Sie können bis zu 100 Workflows in einem Mandanten erstellen.
Diese API ist in den folgenden nationalen Cloudbereitstellungen verfügbar.
| Weltweiter Service |
US Government L4 |
US Government L5 (DOD) |
China, betrieben von 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Berechtigungen
Wählen Sie die Berechtigungen aus, die für diese API als am wenigsten privilegiert markiert sind. Verwenden Sie eine höhere Berechtigung oder Berechtigungen nur, wenn Ihre App dies erfordert. Ausführliche Informationen zu delegierten Berechtigungen und Anwendungsberechtigungen finden Sie unter Berechtigungstypen. Weitere Informationen zu diesen Berechtigungen finden Sie in der Berechtigungsreferenz.
| Berechtigungstyp |
Berechtigungen mit den geringsten Berechtigungen |
Berechtigungen mit höheren Berechtigungen |
| Delegiert (Geschäfts-, Schul- oder Unikonto) |
LifecycleWorkflows-Workflow.ReadWrite.All |
LifecycleWorkflows.ReadWrite.All |
| Delegiert (persönliches Microsoft-Konto) |
Nicht unterstützt |
Nicht unterstützt |
| Application |
LifecycleWorkflows-Workflow.ReadWrite.All |
LifecycleWorkflows.ReadWrite.All |
Wichtig
In delegierten Szenarien mit Geschäfts-, Schul- oder Unikonten muss dem angemeldeten Benutzer eine unterstützte Microsoft Entra Rolle oder eine benutzerdefinierte Rolle mit einer unterstützten Rollenberechtigung zugewiesen werden.
Lifecycle Workflows Administrator ist die Rolle mit den geringsten Berechtigungen, die für diesen Vorgang unterstützt wird.
HTTP-Anforderung
POST /identityGovernance/lifecycleWorkflows/workflows
Anforderungstext
Geben Sie im Anforderungstext eine JSON-Darstellung des Workflowobjekts an.
Beim Erstellen eines Workflows können Sie die folgenden Eigenschaften angeben.
| Eigenschaft |
Typ |
Beschreibung |
| category |
microsoft.graph.identityGovernance.lifecycleWorkflowCategory |
Die Kategorie des Workflows. Die möglichen Werte sind: joiner, leaver, unknownFutureValue. Es kann nur ein Wert sein. Erforderlich. |
| description |
Zeichenfolge |
Eine Zeichenfolge, die den Zweck des Workflows für die administrative Verwendung beschreibt. |
| displayName |
Zeichenfolge |
Eine eindeutige Zeichenfolge, die den Workflow identifiziert. Erforderlich. |
| executionConditions |
microsoft.graph.identityGovernance.workflowExecutionConditions |
Definiert, wer und wann ein Workflow ausgeführt wird. Erforderlich. |
| id |
Zeichenfolge |
Bezeichner, der für die individuelle Adressierung eines bestimmten Workflows verwendet wird. |
| isEnabled |
Boolescher Wert |
Ein boolescher Wert, der angibt, ob der Workflow ausgeführt werden soll oder nicht. |
| isSchedulingEnabled |
Boolean |
Ein boolescher Wert, der angibt, ob die Planung aktiviert ist oder nicht. |
| tasks |
microsoft.graph.identityGovernance.task collection |
Stellt die konfigurierten Tasks und deren Ausführungssequenz innerhalb des Workflows dar. Erforderlich. |
Antwort
Wenn die Methode erfolgreich verläuft, werden der 201 Created Antwortcode und ein microsoft.graph.identityGovernance.workflow-Objekt im Antworttext zurückgegeben.
Beispiele
Beispiel 1: Erstellen eines Joinerworkflows mithilfe des zeitbasierten Triggers
Anforderung
Das folgende Beispiel zeigt eine Anforderung, die einen Workflow mit der folgenden Konfiguration erstellt:
- Es handelt sich um einen "Joiner"-Workflow, der für die Ausführung geplant ist.
- Sie wird für neue Benutzer mit Sitz in Australien auf ihrem employeeHireDate mithilfe des zeitbasierten Attributtriggers ausgeführt.
- Wenn der Workflow ausgeführt wird, werden zwei Aufgaben ausgeführt: Das Konto des Benutzers ist aktiviert, und eine Willkommens-E-Mail wird an den Benutzer gesendet.
POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
Content-Type: application/json
{
"category": "joiner",
"description": "Configure new hire tasks for onboarding employees on their first day",
"displayName": "Australia Onboard new hire employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
"rule": "(country eq 'Australia')"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
"timeBasedAttribute": "employeeHireDate",
"offsetInDays": 0
}
},
"tasks": [
{
"continueOnError": false,
"description": "Enable user account in the directory",
"displayName": "Enable User Account",
"isEnabled": true,
"taskDefinitionId": "6fc52c9d-398b-4305-9763-15f42c1676fc",
"arguments": []
},
{
"continueOnError": false,
"description": "Send welcome email to new hire",
"displayName": "Send Welcome Email",
"isEnabled": true,
"taskDefinitionId": "70b29d51-b59a-4773-9280-8841dfd3f2ea",
"arguments": []
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;
var requestBody = new Workflow
{
Category = LifecycleWorkflowCategory.Joiner,
Description = "Configure new hire tasks for onboarding employees on their first day",
DisplayName = "Australia Onboard new hire employee",
IsEnabled = true,
IsSchedulingEnabled = true,
ExecutionConditions = new TriggerAndScopeBasedConditions
{
OdataType = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
Scope = new RuleBasedSubjectSet
{
OdataType = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
Rule = "(country eq 'Australia')",
},
Trigger = new TimeBasedAttributeTrigger
{
OdataType = "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
TimeBasedAttribute = WorkflowTriggerTimeBasedAttribute.EmployeeHireDate,
OffsetInDays = 0,
},
},
Tasks = new List<TaskObject>
{
new TaskObject
{
ContinueOnError = false,
Description = "Enable user account in the directory",
DisplayName = "Enable User Account",
IsEnabled = true,
TaskDefinitionId = "6fc52c9d-398b-4305-9763-15f42c1676fc",
Arguments = new List<KeyValuePair>
{
},
},
new TaskObject
{
ContinueOnError = false,
Description = "Send welcome email to new hire",
DisplayName = "Send Welcome Email",
IsEnabled = true,
TaskDefinitionId = "70b29d51-b59a-4773-9280-8841dfd3f2ea",
Arguments = new List<KeyValuePair>
{
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.JOINER_LIFECYCLEWORKFLOWCATEGORY
requestBody.SetCategory(&category)
description := "Configure new hire tasks for onboarding employees on their first day"
requestBody.SetDescription(&description)
displayName := "Australia Onboard new hire employee"
requestBody.SetDisplayName(&displayName)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
isSchedulingEnabled := true
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled)
executionConditions := graphmodelsidentitygovernance.NewTriggerAndScopeBasedConditions()
scope := graphmodelsidentitygovernance.NewRuleBasedSubjectSet()
rule := "(country eq 'Australia')"
scope.SetRule(&rule)
executionConditions.SetScope(scope)
trigger := graphmodelsidentitygovernance.NewTimeBasedAttributeTrigger()
timeBasedAttribute := graphmodels.EMPLOYEEHIREDATE_WORKFLOWTRIGGERTIMEBASEDATTRIBUTE
trigger.SetTimeBasedAttribute(&timeBasedAttribute)
offsetInDays := int32(0)
trigger.SetOffsetInDays(&offsetInDays)
executionConditions.SetTrigger(trigger)
requestBody.SetExecutionConditions(executionConditions)
task := graphmodelsidentitygovernance.NewTask()
continueOnError := false
task.SetContinueOnError(&continueOnError)
description := "Enable user account in the directory"
task.SetDescription(&description)
displayName := "Enable User Account"
task.SetDisplayName(&displayName)
isEnabled := true
task.SetIsEnabled(&isEnabled)
taskDefinitionId := "6fc52c9d-398b-4305-9763-15f42c1676fc"
task.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task.SetArguments(arguments)
task1 := graphmodelsidentitygovernance.NewTask()
continueOnError := false
task1.SetContinueOnError(&continueOnError)
description := "Send welcome email to new hire"
task1.SetDescription(&description)
displayName := "Send Welcome Email"
task1.SetDisplayName(&displayName)
isEnabled := true
task1.SetIsEnabled(&isEnabled)
taskDefinitionId := "70b29d51-b59a-4773-9280-8841dfd3f2ea"
task1.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task1.SetArguments(arguments)
tasks := []graphmodelsidentitygovernance.Taskable {
task,
task1,
}
requestBody.SetTasks(tasks)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Joiner);
workflow.setDescription("Configure new hire tasks for onboarding employees on their first day");
workflow.setDisplayName("Australia Onboard new hire employee");
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(true);
com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions executionConditions = new com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions");
com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet scope = new com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet();
scope.setOdataType("#microsoft.graph.identityGovernance.ruleBasedSubjectSet");
scope.setRule("(country eq 'Australia')");
executionConditions.setScope(scope);
com.microsoft.graph.beta.models.identitygovernance.TimeBasedAttributeTrigger trigger = new com.microsoft.graph.beta.models.identitygovernance.TimeBasedAttributeTrigger();
trigger.setOdataType("#microsoft.graph.identityGovernance.timeBasedAttributeTrigger");
trigger.setTimeBasedAttribute(com.microsoft.graph.beta.models.identitygovernance.WorkflowTriggerTimeBasedAttribute.EmployeeHireDate);
trigger.setOffsetInDays(0);
executionConditions.setTrigger(trigger);
workflow.setExecutionConditions(executionConditions);
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
task.setContinueOnError(false);
task.setDescription("Enable user account in the directory");
task.setDisplayName("Enable User Account");
task.setIsEnabled(true);
task.setTaskDefinitionId("6fc52c9d-398b-4305-9763-15f42c1676fc");
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
tasks.add(task);
com.microsoft.graph.beta.models.identitygovernance.Task task1 = new com.microsoft.graph.beta.models.identitygovernance.Task();
task1.setContinueOnError(false);
task1.setDescription("Send welcome email to new hire");
task1.setDisplayName("Send Welcome Email");
task1.setIsEnabled(true);
task1.setTaskDefinitionId("70b29d51-b59a-4773-9280-8841dfd3f2ea");
LinkedList<KeyValuePair> arguments1 = new LinkedList<KeyValuePair>();
task1.setArguments(arguments1);
tasks.add(task1);
workflow.setTasks(tasks);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);
const options = {
authProvider,
};
const client = Client.init(options);
const workflow = {
category: 'joiner',
description: 'Configure new hire tasks for onboarding employees on their first day',
displayName: 'Australia Onboard new hire employee',
isEnabled: true,
isSchedulingEnabled: true,
executionConditions: {
'@odata.type': '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions',
scope: {
'@odata.type': '#microsoft.graph.identityGovernance.ruleBasedSubjectSet',
rule: '(country eq \'Australia\')'
},
trigger: {
'@odata.type': '#microsoft.graph.identityGovernance.timeBasedAttributeTrigger',
timeBasedAttribute: 'employeeHireDate',
offsetInDays: 0
}
},
tasks: [
{
continueOnError: false,
description: 'Enable user account in the directory',
displayName: 'Enable User Account',
isEnabled: true,
taskDefinitionId: '6fc52c9d-398b-4305-9763-15f42c1676fc',
arguments: []
},
{
continueOnError: false,
description: 'Send welcome email to new hire',
displayName: 'Send Welcome Email',
isEnabled: true,
taskDefinitionId: '70b29d51-b59a-4773-9280-8841dfd3f2ea',
arguments: []
}
]
};
await client.api('/identityGovernance/lifecycleWorkflows/workflows')
.version('beta')
.post(workflow);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAndScopeBasedConditions;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\RuleBasedSubjectSet;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TimeBasedAttributeTrigger;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\WorkflowTriggerTimeBasedAttribute;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('joiner'));
$requestBody->setDescription('Configure new hire tasks for onboarding employees on their first day');
$requestBody->setDisplayName('Australia Onboard new hire employee');
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(true);
$executionConditions = new TriggerAndScopeBasedConditions();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions');
$executionConditionsScope = new RuleBasedSubjectSet();
$executionConditionsScope->setOdataType('#microsoft.graph.identityGovernance.ruleBasedSubjectSet');
$executionConditionsScope->setRule('(country eq \'Australia\')');
$executionConditions->setScope($executionConditionsScope);
$executionConditionsTrigger = new TimeBasedAttributeTrigger();
$executionConditionsTrigger->setOdataType('#microsoft.graph.identityGovernance.timeBasedAttributeTrigger');
$executionConditionsTrigger->setTimeBasedAttribute(new WorkflowTriggerTimeBasedAttribute('employeeHireDate'));
$executionConditionsTrigger->setOffsetInDays(0);
$executionConditions->setTrigger($executionConditionsTrigger);
$requestBody->setExecutionConditions($executionConditions);
$tasksTask1 = new Task();
$tasksTask1->setContinueOnError(false);
$tasksTask1->setDescription('Enable user account in the directory');
$tasksTask1->setDisplayName('Enable User Account');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setTaskDefinitionId('6fc52c9d-398b-4305-9763-15f42c1676fc');
$tasksTask1->setArguments([ ]);
$tasksArray []= $tasksTask1;
$tasksTask2 = new Task();
$tasksTask2->setContinueOnError(false);
$tasksTask2->setDescription('Send welcome email to new hire');
$tasksTask2->setDisplayName('Send Welcome Email');
$tasksTask2->setIsEnabled(true);
$tasksTask2->setTaskDefinitionId('70b29d51-b59a-4773-9280-8841dfd3f2ea');
$tasksTask2->setArguments([ ]);
$tasksArray []= $tasksTask2;
$requestBody->setTasks($tasksArray);
$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
category = "joiner"
description = "Configure new hire tasks for onboarding employees on their first day"
displayName = "Australia Onboard new hire employee"
isEnabled = $true
isSchedulingEnabled = $true
executionConditions = @{
"@odata.type" = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions"
scope = @{
"@odata.type" = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet"
rule = "(country eq 'Australia')"
}
trigger = @{
"@odata.type" = "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger"
timeBasedAttribute = "employeeHireDate"
offsetInDays =
}
}
tasks = @(
@{
continueOnError = $false
description = "Enable user account in the directory"
displayName = "Enable User Account"
isEnabled = $true
taskDefinitionId = "6fc52c9d-398b-4305-9763-15f42c1676fc"
arguments = @(
)
}
@{
continueOnError = $false
description = "Send welcome email to new hire"
displayName = "Send Welcome Email"
isEnabled = $true
taskDefinitionId = "70b29d51-b59a-4773-9280-8841dfd3f2ea"
arguments = @(
)
}
)
}
New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.trigger_and_scope_based_conditions import TriggerAndScopeBasedConditions
from msgraph_beta.generated.models.identity_governance.rule_based_subject_set import RuleBasedSubjectSet
from msgraph_beta.generated.models.identity_governance.time_based_attribute_trigger import TimeBasedAttributeTrigger
from msgraph_beta.generated.models.workflow_trigger_time_based_attribute import WorkflowTriggerTimeBasedAttribute
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
category = LifecycleWorkflowCategory.Joiner,
description = "Configure new hire tasks for onboarding employees on their first day",
display_name = "Australia Onboard new hire employee",
is_enabled = True,
is_scheduling_enabled = True,
execution_conditions = TriggerAndScopeBasedConditions(
odata_type = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
scope = RuleBasedSubjectSet(
odata_type = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
rule = "(country eq 'Australia')",
),
trigger = TimeBasedAttributeTrigger(
odata_type = "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
time_based_attribute = WorkflowTriggerTimeBasedAttribute.EmployeeHireDate,
offset_in_days = 0,
),
),
tasks = [
Task(
continue_on_error = False,
description = "Enable user account in the directory",
display_name = "Enable User Account",
is_enabled = True,
task_definition_id = "6fc52c9d-398b-4305-9763-15f42c1676fc",
arguments = [
],
),
Task(
continue_on_error = False,
description = "Send welcome email to new hire",
display_name = "Send Welcome Email",
is_enabled = True,
task_definition_id = "70b29d51-b59a-4773-9280-8841dfd3f2ea",
arguments = [
],
),
],
)
result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)
Antwort
Das folgende Beispiel zeigt die Antwort.
Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
"category": "joiner",
"description": "Configure new hire tasks for onboarding employees on their first day",
"displayName": "New Zealand new hire",
"lastModifiedDateTime": "2022-08-26T04:51:27.521792Z",
"createdDateTime": "2022-08-26T04:51:27.5217824Z",
"deletedDateTime": null,
"id": "818cd47f-138c-4a83-b3f5-afa92bfcf391",
"isEnabled": true,
"isSchedulingEnabled": false,
"nextScheduleRunDateTime": null,
"version": 1,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
"rule": "(country eq 'New Zealand')"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
"timeBasedAttribute": "employeeHireDate",
"offsetInDays": 0
}
}
}
Beispiel 2: Erstellen eines Mover-Workflows mithilfe des Triggers für Attributänderungen
Anforderung
Das folgende Beispiel zeigt eine Anforderung, die einen Workflow mit der folgenden Konfiguration erstellt:
- Es handelt sich um einen "Mover"-Workflow, der für die Ausführung geplant ist.
- Sie wird für vorhandene Benutzer ausgeführt, die der Abteilung "Vertrieb" mithilfe des Triggers für Attributänderungen hinzugefügt wurden.
- Eine Aufgabe wird ausgeführt, nämlich eine E-Mail zu senden, um den Vorgesetzten des Benutzers über den Umzug zu benachrichtigen.
POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
Content-Type: application/json
Content-length: 631
{
"category": "mover",
"description": "Configure mover tasks for a user when their job profile changes",
"displayName": "Sales contractor moves to full-time employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
"rule": "(department eq 'Sales')"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.attributeChangeTrigger",
"triggerAttributes": [
{
"name": "department"
}
]
}
},
"tasks": [
{
"continueOnError": false,
"description": "Send email to moving employee's manager",
"displayName": "Notify manager of move",
"isEnabled": true,
"taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
"arguments": []
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;
var requestBody = new Workflow
{
Category = LifecycleWorkflowCategory.Mover,
Description = "Configure mover tasks for a user when their job profile changes",
DisplayName = "Sales contractor moves to full-time employee",
IsEnabled = true,
IsSchedulingEnabled = true,
ExecutionConditions = new TriggerAndScopeBasedConditions
{
OdataType = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
Scope = new RuleBasedSubjectSet
{
OdataType = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
Rule = "(department eq 'Sales')",
},
Trigger = new AttributeChangeTrigger
{
OdataType = "#microsoft.graph.identityGovernance.attributeChangeTrigger",
TriggerAttributes = new List<TriggerAttribute>
{
new TriggerAttribute
{
Name = "department",
},
},
},
},
Tasks = new List<TaskObject>
{
new TaskObject
{
ContinueOnError = false,
Description = "Send email to moving employee's manager",
DisplayName = "Notify manager of move",
IsEnabled = true,
TaskDefinitionId = "aab41899-9972-422a-9d97-f626014578b7",
Arguments = new List<KeyValuePair>
{
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.MOVER_LIFECYCLEWORKFLOWCATEGORY
requestBody.SetCategory(&category)
description := "Configure mover tasks for a user when their job profile changes"
requestBody.SetDescription(&description)
displayName := "Sales contractor moves to full-time employee"
requestBody.SetDisplayName(&displayName)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
isSchedulingEnabled := true
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled)
executionConditions := graphmodelsidentitygovernance.NewTriggerAndScopeBasedConditions()
scope := graphmodelsidentitygovernance.NewRuleBasedSubjectSet()
rule := "(department eq 'Sales')"
scope.SetRule(&rule)
executionConditions.SetScope(scope)
trigger := graphmodelsidentitygovernance.NewAttributeChangeTrigger()
triggerAttribute := graphmodelsidentitygovernance.NewTriggerAttribute()
name := "department"
triggerAttribute.SetName(&name)
triggerAttributes := []graphmodelsidentitygovernance.TriggerAttributeable {
triggerAttribute,
}
trigger.SetTriggerAttributes(triggerAttributes)
executionConditions.SetTrigger(trigger)
requestBody.SetExecutionConditions(executionConditions)
task := graphmodelsidentitygovernance.NewTask()
continueOnError := false
task.SetContinueOnError(&continueOnError)
description := "Send email to moving employee's manager"
task.SetDescription(&description)
displayName := "Notify manager of move"
task.SetDisplayName(&displayName)
isEnabled := true
task.SetIsEnabled(&isEnabled)
taskDefinitionId := "aab41899-9972-422a-9d97-f626014578b7"
task.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task.SetArguments(arguments)
tasks := []graphmodelsidentitygovernance.Taskable {
task,
}
requestBody.SetTasks(tasks)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Mover);
workflow.setDescription("Configure mover tasks for a user when their job profile changes");
workflow.setDisplayName("Sales contractor moves to full-time employee");
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(true);
com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions executionConditions = new com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions");
com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet scope = new com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet();
scope.setOdataType("#microsoft.graph.identityGovernance.ruleBasedSubjectSet");
scope.setRule("(department eq 'Sales')");
executionConditions.setScope(scope);
com.microsoft.graph.beta.models.identitygovernance.AttributeChangeTrigger trigger = new com.microsoft.graph.beta.models.identitygovernance.AttributeChangeTrigger();
trigger.setOdataType("#microsoft.graph.identityGovernance.attributeChangeTrigger");
LinkedList<com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute> triggerAttributes = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute>();
com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute triggerAttribute = new com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute();
triggerAttribute.setName("department");
triggerAttributes.add(triggerAttribute);
trigger.setTriggerAttributes(triggerAttributes);
executionConditions.setTrigger(trigger);
workflow.setExecutionConditions(executionConditions);
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
task.setContinueOnError(false);
task.setDescription("Send email to moving employee's manager");
task.setDisplayName("Notify manager of move");
task.setIsEnabled(true);
task.setTaskDefinitionId("aab41899-9972-422a-9d97-f626014578b7");
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
tasks.add(task);
workflow.setTasks(tasks);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);
const options = {
authProvider,
};
const client = Client.init(options);
const workflow = {
category: 'mover',
description: 'Configure mover tasks for a user when their job profile changes',
displayName: 'Sales contractor moves to full-time employee',
isEnabled: true,
isSchedulingEnabled: true,
executionConditions: {
'@odata.type': '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions',
scope: {
'@odata.type': '#microsoft.graph.identityGovernance.ruleBasedSubjectSet',
rule: '(department eq \'Sales\')'
},
trigger: {
'@odata.type': '#microsoft.graph.identityGovernance.attributeChangeTrigger',
triggerAttributes: [
{
name: 'department'
}
]
}
},
tasks: [
{
continueOnError: false,
description: 'Send email to moving employee\'s manager',
displayName: 'Notify manager of move',
isEnabled: true,
taskDefinitionId: 'aab41899-9972-422a-9d97-f626014578b7',
arguments: []
}
]
};
await client.api('/identityGovernance/lifecycleWorkflows/workflows')
.version('beta')
.post(workflow);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAndScopeBasedConditions;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\RuleBasedSubjectSet;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\AttributeChangeTrigger;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAttribute;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('mover'));
$requestBody->setDescription('Configure mover tasks for a user when their job profile changes');
$requestBody->setDisplayName('Sales contractor moves to full-time employee');
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(true);
$executionConditions = new TriggerAndScopeBasedConditions();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions');
$executionConditionsScope = new RuleBasedSubjectSet();
$executionConditionsScope->setOdataType('#microsoft.graph.identityGovernance.ruleBasedSubjectSet');
$executionConditionsScope->setRule('(department eq \'Sales\')');
$executionConditions->setScope($executionConditionsScope);
$executionConditionsTrigger = new AttributeChangeTrigger();
$executionConditionsTrigger->setOdataType('#microsoft.graph.identityGovernance.attributeChangeTrigger');
$triggerAttributesTriggerAttribute1 = new TriggerAttribute();
$triggerAttributesTriggerAttribute1->setName('department');
$triggerAttributesArray []= $triggerAttributesTriggerAttribute1;
$executionConditionsTrigger->setTriggerAttributes($triggerAttributesArray);
$executionConditions->setTrigger($executionConditionsTrigger);
$requestBody->setExecutionConditions($executionConditions);
$tasksTask1 = new Task();
$tasksTask1->setContinueOnError(false);
$tasksTask1->setDescription('Send email to moving employee\'s manager');
$tasksTask1->setDisplayName('Notify manager of move');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setTaskDefinitionId('aab41899-9972-422a-9d97-f626014578b7');
$tasksTask1->setArguments([]);
$tasksArray []= $tasksTask1;
$requestBody->setTasks($tasksArray);
$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
category = "mover"
description = "Configure mover tasks for a user when their job profile changes"
displayName = "Sales contractor moves to full-time employee"
isEnabled = $true
isSchedulingEnabled = $true
executionConditions = @{
"@odata.type" = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions"
scope = @{
"@odata.type" = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet"
rule = "(department eq 'Sales')"
}
trigger = @{
"@odata.type" = "#microsoft.graph.identityGovernance.attributeChangeTrigger"
triggerAttributes = @(
@{
name = "department"
}
)
}
}
tasks = @(
@{
continueOnError = $false
description = "Send email to moving employee's manager"
displayName = "Notify manager of move"
isEnabled = $true
taskDefinitionId = "aab41899-9972-422a-9d97-f626014578b7"
arguments = @(
)
}
)
}
New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.trigger_and_scope_based_conditions import TriggerAndScopeBasedConditions
from msgraph_beta.generated.models.identity_governance.rule_based_subject_set import RuleBasedSubjectSet
from msgraph_beta.generated.models.identity_governance.attribute_change_trigger import AttributeChangeTrigger
from msgraph_beta.generated.models.identity_governance.trigger_attribute import TriggerAttribute
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
category = LifecycleWorkflowCategory.Mover,
description = "Configure mover tasks for a user when their job profile changes",
display_name = "Sales contractor moves to full-time employee",
is_enabled = True,
is_scheduling_enabled = True,
execution_conditions = TriggerAndScopeBasedConditions(
odata_type = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
scope = RuleBasedSubjectSet(
odata_type = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
rule = "(department eq 'Sales')",
),
trigger = AttributeChangeTrigger(
odata_type = "#microsoft.graph.identityGovernance.attributeChangeTrigger",
trigger_attributes = [
TriggerAttribute(
name = "department",
),
],
),
),
tasks = [
Task(
continue_on_error = False,
description = "Send email to moving employee's manager",
display_name = "Notify manager of move",
is_enabled = True,
task_definition_id = "aab41899-9972-422a-9d97-f626014578b7",
arguments = [
],
),
],
)
result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)
Antwort
Das folgende Beispiel zeigt die Antwort.
Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.
HTTP/1.1 200 OK
Content-Type: application/json
{
"category": "mover",
"description": "Configure mover tasks for a user when their job profile changes",
"displayName": "Sales contractor moves to full time employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
"rule": "(department eq 'Sales')"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.attributeChangeTrigger",
"triggerAttributes": [
{
"name": "department"
}
]
}
},
"tasks": [
{
"continueOnError": false,
"description": "Send email to moving employee's manager",
"displayName": "Notify manager of move",
"isEnabled": true,
"taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
"arguments": []
}
]
}
Beispiel 3: Erstellen eines Abbruchworkflows mithilfe des gruppenbasierten Triggers
Anforderung
Das folgende Beispiel zeigt eine Anforderung, die einen Workflow mit der folgenden Konfiguration erstellt:
- Es handelt sich um einen "Leaver"-Workflow, der für die Ausführung aktiviert und geplant ist.
- Sie wird für Benutzer ausgeführt, die mithilfe des gruppenbasierten Triggers aus der Gruppe Sales entfernt werden.
- Beim Ausführen des Workflows werden zwei Aufgaben ausgeführt: Benutzer aus allen Teams entfernen, Benutzer aus allen Gruppen entfernen.
POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
Content-Type: application/json
{
"category": "leaver",
"description": "Configure offboarding tasks for employees on their last day of work",
"displayName": "Offboard an employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.groupBasedSubjectSet",
"groups": [
{
"id": "668e7540-7f8e-4ca4-a207-b7dffbb6d038"
}
]
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.membershipChangeTrigger",
"changeType": "remove"
}
},
"tasks": [
{
"category": "leaver",
"continueOnError": false,
"description": "Remove user from all Teams memberships",
"displayName": "Remove user from all Teams",
"isEnabled": true,
"taskDefinitionId": "81f7b200-2816-4b3b-8c5d-dc556f07b024",
"arguments": []
},
{
"category": "leaver",
"continueOnError": false,
"description": "Remove user from all Azure AD groups memberships",
"displayName": "Remove user from all groups",
"isEnabled": true,
"taskDefinitionId": "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
"arguments": []
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;
var requestBody = new Workflow
{
Category = LifecycleWorkflowCategory.Leaver,
Description = "Configure offboarding tasks for employees on their last day of work",
DisplayName = "Offboard an employee",
IsEnabled = true,
IsSchedulingEnabled = true,
ExecutionConditions = new TriggerAndScopeBasedConditions
{
OdataType = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
Scope = new GroupBasedSubjectSet
{
OdataType = "#microsoft.graph.identityGovernance.groupBasedSubjectSet",
Groups = new List<Group>
{
new Group
{
Id = "668e7540-7f8e-4ca4-a207-b7dffbb6d038",
},
},
},
Trigger = new MembershipChangeTrigger
{
OdataType = "#microsoft.graph.identityGovernance.membershipChangeTrigger",
ChangeType = MembershipChangeType.Remove,
},
},
Tasks = new List<TaskObject>
{
new TaskObject
{
Category = LifecycleTaskCategory.Leaver,
ContinueOnError = false,
Description = "Remove user from all Teams memberships",
DisplayName = "Remove user from all Teams",
IsEnabled = true,
TaskDefinitionId = "81f7b200-2816-4b3b-8c5d-dc556f07b024",
Arguments = new List<KeyValuePair>
{
},
},
new TaskObject
{
Category = LifecycleTaskCategory.Leaver,
ContinueOnError = false,
Description = "Remove user from all Azure AD groups memberships",
DisplayName = "Remove user from all groups",
IsEnabled = true,
TaskDefinitionId = "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
Arguments = new List<KeyValuePair>
{
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.LEAVER_LIFECYCLEWORKFLOWCATEGORY
requestBody.SetCategory(&category)
description := "Configure offboarding tasks for employees on their last day of work"
requestBody.SetDescription(&description)
displayName := "Offboard an employee"
requestBody.SetDisplayName(&displayName)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
isSchedulingEnabled := true
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled)
executionConditions := graphmodelsidentitygovernance.NewTriggerAndScopeBasedConditions()
scope := graphmodelsidentitygovernance.NewGroupBasedSubjectSet()
group := graphmodels.NewGroup()
id := "668e7540-7f8e-4ca4-a207-b7dffbb6d038"
group.SetId(&id)
groups := []graphmodels.Groupable {
group,
}
scope.SetGroups(groups)
executionConditions.SetScope(scope)
trigger := graphmodelsidentitygovernance.NewMembershipChangeTrigger()
changeType := graphmodels.REMOVE_MEMBERSHIPCHANGETYPE
trigger.SetChangeType(&changeType)
executionConditions.SetTrigger(trigger)
requestBody.SetExecutionConditions(executionConditions)
task := graphmodelsidentitygovernance.NewTask()
category := graphmodels.LEAVER_LIFECYCLETASKCATEGORY
task.SetCategory(&category)
continueOnError := false
task.SetContinueOnError(&continueOnError)
description := "Remove user from all Teams memberships"
task.SetDescription(&description)
displayName := "Remove user from all Teams"
task.SetDisplayName(&displayName)
isEnabled := true
task.SetIsEnabled(&isEnabled)
taskDefinitionId := "81f7b200-2816-4b3b-8c5d-dc556f07b024"
task.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task.SetArguments(arguments)
task1 := graphmodelsidentitygovernance.NewTask()
category := graphmodels.LEAVER_LIFECYCLETASKCATEGORY
task1.SetCategory(&category)
continueOnError := false
task1.SetContinueOnError(&continueOnError)
description := "Remove user from all Azure AD groups memberships"
task1.SetDescription(&description)
displayName := "Remove user from all groups"
task1.SetDisplayName(&displayName)
isEnabled := true
task1.SetIsEnabled(&isEnabled)
taskDefinitionId := "b3a31406-2a15-4c9a-b25b-a658fa5f07fc"
task1.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task1.SetArguments(arguments)
tasks := []graphmodelsidentitygovernance.Taskable {
task,
task1,
}
requestBody.SetTasks(tasks)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Leaver);
workflow.setDescription("Configure offboarding tasks for employees on their last day of work");
workflow.setDisplayName("Offboard an employee");
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(true);
com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions executionConditions = new com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions");
com.microsoft.graph.beta.models.identitygovernance.GroupBasedSubjectSet scope = new com.microsoft.graph.beta.models.identitygovernance.GroupBasedSubjectSet();
scope.setOdataType("#microsoft.graph.identityGovernance.groupBasedSubjectSet");
LinkedList<Group> groups = new LinkedList<Group>();
Group group = new Group();
group.setId("668e7540-7f8e-4ca4-a207-b7dffbb6d038");
groups.add(group);
scope.setGroups(groups);
executionConditions.setScope(scope);
com.microsoft.graph.beta.models.identitygovernance.MembershipChangeTrigger trigger = new com.microsoft.graph.beta.models.identitygovernance.MembershipChangeTrigger();
trigger.setOdataType("#microsoft.graph.identityGovernance.membershipChangeTrigger");
trigger.setChangeType(com.microsoft.graph.beta.models.identitygovernance.MembershipChangeType.Remove);
executionConditions.setTrigger(trigger);
workflow.setExecutionConditions(executionConditions);
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
task.setCategory(EnumSet.of(com.microsoft.graph.beta.models.identitygovernance.LifecycleTaskCategory.Leaver));
task.setContinueOnError(false);
task.setDescription("Remove user from all Teams memberships");
task.setDisplayName("Remove user from all Teams");
task.setIsEnabled(true);
task.setTaskDefinitionId("81f7b200-2816-4b3b-8c5d-dc556f07b024");
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
tasks.add(task);
com.microsoft.graph.beta.models.identitygovernance.Task task1 = new com.microsoft.graph.beta.models.identitygovernance.Task();
task1.setCategory(EnumSet.of(com.microsoft.graph.beta.models.identitygovernance.LifecycleTaskCategory.Leaver));
task1.setContinueOnError(false);
task1.setDescription("Remove user from all Azure AD groups memberships");
task1.setDisplayName("Remove user from all groups");
task1.setIsEnabled(true);
task1.setTaskDefinitionId("b3a31406-2a15-4c9a-b25b-a658fa5f07fc");
LinkedList<KeyValuePair> arguments1 = new LinkedList<KeyValuePair>();
task1.setArguments(arguments1);
tasks.add(task1);
workflow.setTasks(tasks);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);
const options = {
authProvider,
};
const client = Client.init(options);
const workflow = {
category: 'leaver',
description: 'Configure offboarding tasks for employees on their last day of work',
displayName: 'Offboard an employee',
isEnabled: true,
isSchedulingEnabled: true,
executionConditions: {
'@odata.type': '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions',
scope: {
'@odata.type': '#microsoft.graph.identityGovernance.groupBasedSubjectSet',
groups: [
{
id: '668e7540-7f8e-4ca4-a207-b7dffbb6d038'
}
]
},
trigger: {
'@odata.type': '#microsoft.graph.identityGovernance.membershipChangeTrigger',
changeType: 'remove'
}
},
tasks: [
{
category: 'leaver',
continueOnError: false,
description: 'Remove user from all Teams memberships',
displayName: 'Remove user from all Teams',
isEnabled: true,
taskDefinitionId: '81f7b200-2816-4b3b-8c5d-dc556f07b024',
arguments: []
},
{
category: 'leaver',
continueOnError: false,
description: 'Remove user from all Azure AD groups memberships',
displayName: 'Remove user from all groups',
isEnabled: true,
taskDefinitionId: 'b3a31406-2a15-4c9a-b25b-a658fa5f07fc',
arguments: []
}
]
};
await client.api('/identityGovernance/lifecycleWorkflows/workflows')
.version('beta')
.post(workflow);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAndScopeBasedConditions;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\GroupBasedSubjectSet;
use Microsoft\Graph\Beta\Generated\Models\Group;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\MembershipChangeTrigger;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\MembershipChangeType;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleTaskCategory;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('leaver'));
$requestBody->setDescription('Configure offboarding tasks for employees on their last day of work');
$requestBody->setDisplayName('Offboard an employee');
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(true);
$executionConditions = new TriggerAndScopeBasedConditions();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions');
$executionConditionsScope = new GroupBasedSubjectSet();
$executionConditionsScope->setOdataType('#microsoft.graph.identityGovernance.groupBasedSubjectSet');
$groupsGroup1 = new Group();
$groupsGroup1->setId('668e7540-7f8e-4ca4-a207-b7dffbb6d038');
$groupsArray []= $groupsGroup1;
$executionConditionsScope->setGroups($groupsArray);
$executionConditions->setScope($executionConditionsScope);
$executionConditionsTrigger = new MembershipChangeTrigger();
$executionConditionsTrigger->setOdataType('#microsoft.graph.identityGovernance.membershipChangeTrigger');
$executionConditionsTrigger->setChangeType(new MembershipChangeType('remove'));
$executionConditions->setTrigger($executionConditionsTrigger);
$requestBody->setExecutionConditions($executionConditions);
$tasksTask1 = new Task();
$tasksTask1->setCategory(new LifecycleTaskCategory('leaver'));
$tasksTask1->setContinueOnError(false);
$tasksTask1->setDescription('Remove user from all Teams memberships');
$tasksTask1->setDisplayName('Remove user from all Teams');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setTaskDefinitionId('81f7b200-2816-4b3b-8c5d-dc556f07b024');
$tasksTask1->setArguments([]);
$tasksArray []= $tasksTask1;
$tasksTask2 = new Task();
$tasksTask2->setCategory(new LifecycleTaskCategory('leaver'));
$tasksTask2->setContinueOnError(false);
$tasksTask2->setDescription('Remove user from all Azure AD groups memberships');
$tasksTask2->setDisplayName('Remove user from all groups');
$tasksTask2->setIsEnabled(true);
$tasksTask2->setTaskDefinitionId('b3a31406-2a15-4c9a-b25b-a658fa5f07fc');
$tasksTask2->setArguments([]);
$tasksArray []= $tasksTask2;
$requestBody->setTasks($tasksArray);
$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
category = "leaver"
description = "Configure offboarding tasks for employees on their last day of work"
displayName = "Offboard an employee"
isEnabled = $true
isSchedulingEnabled = $true
executionConditions = @{
"@odata.type" = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions"
scope = @{
"@odata.type" = "#microsoft.graph.identityGovernance.groupBasedSubjectSet"
groups = @(
@{
id = "668e7540-7f8e-4ca4-a207-b7dffbb6d038"
}
)
}
trigger = @{
"@odata.type" = "#microsoft.graph.identityGovernance.membershipChangeTrigger"
changeType = "remove"
}
}
tasks = @(
@{
category = "leaver"
continueOnError = $false
description = "Remove user from all Teams memberships"
displayName = "Remove user from all Teams"
isEnabled = $true
taskDefinitionId = "81f7b200-2816-4b3b-8c5d-dc556f07b024"
arguments = @(
)
}
@{
category = "leaver"
continueOnError = $false
description = "Remove user from all Azure AD groups memberships"
displayName = "Remove user from all groups"
isEnabled = $true
taskDefinitionId = "b3a31406-2a15-4c9a-b25b-a658fa5f07fc"
arguments = @(
)
}
)
}
New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.trigger_and_scope_based_conditions import TriggerAndScopeBasedConditions
from msgraph_beta.generated.models.identity_governance.group_based_subject_set import GroupBasedSubjectSet
from msgraph_beta.generated.models.group import Group
from msgraph_beta.generated.models.identity_governance.membership_change_trigger import MembershipChangeTrigger
from msgraph_beta.generated.models.membership_change_type import MembershipChangeType
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.lifecycle_task_category import LifecycleTaskCategory
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
category = LifecycleWorkflowCategory.Leaver,
description = "Configure offboarding tasks for employees on their last day of work",
display_name = "Offboard an employee",
is_enabled = True,
is_scheduling_enabled = True,
execution_conditions = TriggerAndScopeBasedConditions(
odata_type = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
scope = GroupBasedSubjectSet(
odata_type = "#microsoft.graph.identityGovernance.groupBasedSubjectSet",
groups = [
Group(
id = "668e7540-7f8e-4ca4-a207-b7dffbb6d038",
),
],
),
trigger = MembershipChangeTrigger(
odata_type = "#microsoft.graph.identityGovernance.membershipChangeTrigger",
change_type = MembershipChangeType.Remove,
),
),
tasks = [
Task(
category = LifecycleTaskCategory.Leaver,
continue_on_error = False,
description = "Remove user from all Teams memberships",
display_name = "Remove user from all Teams",
is_enabled = True,
task_definition_id = "81f7b200-2816-4b3b-8c5d-dc556f07b024",
arguments = [
],
),
Task(
category = LifecycleTaskCategory.Leaver,
continue_on_error = False,
description = "Remove user from all Azure AD groups memberships",
display_name = "Remove user from all groups",
is_enabled = True,
task_definition_id = "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
arguments = [
],
),
],
)
result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)
Antwort
Das folgende Beispiel zeigt die Antwort.
Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
"category": "leaver",
"description": "Configure offboarding tasks for employees on their last day of work",
"displayName": "Offboard an employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"lastModifiedDateTime": "2024-03-28T20:20:05.6599449Z",
"createdDateTime": "2024-03-28T20:20:05.6599142Z",
"deletedDateTime": null,
"id": "73ed8912-6a04-4f5d-bef8-61fcc94336a7",
"nextScheduleRunDateTime": "2024-03-28T20:37:08Z",
"version": 1,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.groupBasedSubjectSet"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.membershipChangeTrigger",
"changeType": "remove"
}
}
}
Beispiel 4: Erstellen eines Mover-Workflows mit einem festgelegten Zielbereich
Anforderung
Das folgende Beispiel zeigt eine Anforderung, die einen Workflow mit der folgenden Konfiguration erstellt:
- Es ist ein "Mover"-Workflow, der nur bei Bedarf ausgeführt wird.
- Sie wird für Benutzer innerhalb des festgelegten Zielbereichs der Verwaltungseinheiten "4f9dc456-0574-4122-9e55-8b4cc494b27d" und "2c987843-e9b1-4b1a-b924-ff1d2a9b054d" ausgeführt.
- Eine Aufgabe wird ausgeführt, nämlich eine E-Mail zu senden, um den Vorgesetzten des Benutzers über den Umzug zu benachrichtigen.
POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
{
"category": "mover",
"displayName": "On Demand workflow move",
"description": "Execute real-time tasks for employee job changes",
"tasks": [
{
"arguments": [],
"description": "Send email to notify user’s manager of user move",
"displayName": "Send email to notify manager of user move",
"isEnabled": true,
"continueOnError": false,
"taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
"category": "mover"
}
],
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.onDemandExecutionOnly"
},
"isEnabled": true,
"isSchedulingEnabled": false,
"administrationScopeTargets": [
{
"@odata.type": "#microsoft.graph.administrativeUnit",
"id": "4f9dc456-0574-4122-9e55-8b4cc494b27d"
},
{
"@odata.type": "#microsoft.graph.administrativeUnit",
"id": "2c987843-e9b1-4b1a-b924-ff1d2a9b054d"
}
]
}
Antwort
Das folgende Beispiel zeigt die Antwort.
Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
"category": "mover",
"description": "Execute real-time tasks for employee job changes",
"displayName": "On Demand workflow move",
"isEnabled": true,
"isSchedulingEnabled": false,
"lastModifiedDateTime": "2025-01-09T15:28:24.0565594Z",
"createdDateTime": "2025-01-09T15:28:24.0565526Z",
"id": "465d0d08-3099-483f-9d93-16aad77bcd22",
"version": 1,
"administrationScopeTargets": [
{
"@odata.type": "#microsoft.graph.administrativeUnit",
"id": "4f9dc456-0574-4122-9e55-8b4cc494b27d"
},
{
"@odata.type": "#microsoft.graph.administrativeUnit",
"id": "2c987843-e9b1-4b1a-b924-ff1d2a9b054d"
}
]
}