Lightweight python library for easily managing Azure AD (Entra ID) users and groups through the Graph API.
Project description
azure-graph-toolkit
Lightweight python library for easily managing Azure AD (Entra ID) users and groups through the Graph API.
Explore the docs (work in progress)»
·
Report Bug
·
Request Feature
Table of Contents
About The Project
There are many great Azure libraries available on GitHub; however, I didn't find one that really suited my needs, so I created this one to simplify and automate daily tasks.
Features:
- Add user to AAD group
- Remove user from AAD group
- Check if user is member of a group
- List all user membership groups
- Reset user password
- Disable/enable user
- Revoke user session tokens
Getting Started
Prerequisites
- Python >= 3.8
- Azure AD App Registration with the following role assigned:
| Least privilege role | Delegation type | Description |
|---|---|---|
GroupMember.ReadWrite.All |
Application | To manage user membership groups. |
GroupMember.Read.All |
Application | List all the groups available. |
User.ReadWrite.All, User Administrator role |
Application | To change user password. |
User.ManageIdentities.All, User.EnableDisableAccount.All |
Application | To disable/enable user. |
User.RevokeSessions.All |
Application | To revoke user session tokens. |
Installation
- Install azure-graph-toolkit library from PyPi
pip install azure-graph-toolkit
- Profit 😁
Usage
Import library modules
from azure_graph_toolkit import graph_auth, graph_utils
App authentication and authorization. Once get the access token is possible to interact with Azure AD Graph API.
tenant_id = '<tenant Id>'
client_id = '<client (App) Id>'
client_secret = '<client secret>'
access_token = graph_auth.get_access_token(tenant_id, client_id, client_secret)
Add user to AAD group:
result = graph_utils.add_user_to_group('mario.rossi@domain.com', 'block-usb-group', access_token)
print(result)
Remove user from AAD group:
result = graph_utils.remove_user_from_group('mario.rossi@domain.com', 'block-usb-group', access_token)
print(result)
Disable user:
result = graph_utils.set_user_account_status('mario.rossi@domain.com', enable_account=False, access_token)
print(result)
Revoke user sessions:
result = graph_utils.user_revoke_sessions('mario.rossi@domain.com', access_token)
print(result)
Example Output
{'status_code': 204, 'message': 'Success. User mario.rossi@domain.com added to AAD group block-usb-group.'}
{'status_code': 404, 'message': 'No AAD group with a name containing \'block-usb-group\' was found. Please try another group name.'}
Roadmap
- List user MFA status
- List user's owned devices
- List devices compliance status
- Add device to group
- Remove device from group
- Create and delete users
- Create and delete groups
Contact
Ivano Dibenedetto - @Linkedin - ivano.dibenedetto7@gmail.com
Project Link: https://github.com/Ivanodib/azure-graph-toolkit
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for azure_graph_toolkit-1.1.1.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e302942060a09622c3745cf2db7c4f0cdcbbb217ae594c0b1b61ee999dc2b51d |
|
| MD5 | a156502cdd8d60e7c2d23a26c18fe693 |
|
| BLAKE2b-256 | 5937a35d14bafa7c41840a5c5189a37e1cf3d40a889165daede29470aa679f59 |
Hashes for azure_graph_toolkit-1.1.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8a96b07fcb252b6b25a8b490ca7a126deea71471e1819288023a80d36d06158e |
|
| MD5 | 848b6a11161a049d895268aac82e4c85 |
|
| BLAKE2b-256 | b1219bcf844d1e674c14ffb0c535f594dd3056e67474de1916ec621dc8519aaf |
