You are viewing limited content. For full access, please sign in.

Question

Question

Query Azure Active Directory to return user info

Workflow Version 11 Administration How To
Updated one day ago
asked on September 28, 2022

We are now using Azure AD and I need to be able to query AD to pull in info like full name and other AD attributes? Is there any way to do this? My network guy asked if LF can query LDAPS? Can I setup a LDAPS data source to query? What would be the best way to accomplish this? 

Thank you. 

0 0

Answer

APPROVED ANSWER SELECTED ANSWER
replied on September 30, 2022

Try adding your ADDS domain directly as a Trustee Directory through Workflow Configuration Manager or Workflow Administration Console, appending ":636" (LDAPS port) to the Host value.

2 0

Replies

replied on September 29, 2022

Pure Azure AD or AAD with regular AD as a Linked Provider?

Very different scenarios.

0 0
View 3 previous replies
replied on September 30, 2022

We have Azure AD which syncs to Azure ADDS.

ADDS is a cloud based traditional AD but we can’t query it with unsecure ldap.

how could I query it with LDAPS using LF? 

 

0 0
replied on September 30, 2022

Is this in the context of a Workflow or what?

If you have the Azure ADDS domain registered as an identity provider in LFDS, all you do is enable the "Use TLS" (LDAPS) toggle there.

0 0
replied on September 30, 2022

in the context of Workflow. I already have everyone setup in LFDS and can log in with SAML. 

My workflow gets an email address and I want to look up that persons name, office, and any other attribute they have in the AD account. 

Just like the Find User activity used to do when I had an on-prem AD. 

0 0
APPROVED ANSWER SELECTED ANSWER
replied on September 30, 2022

Try adding your ADDS domain directly as a Trustee Directory through Workflow Configuration Manager or Workflow Administration Console, appending ":636" (LDAPS port) to the Host value.

2 0
replied on October 3, 2022

That was it, I got it working. Thank you. 

1 0
replied on October 3, 2022

Great! We'll update the Workflow Trustee Directory Manager documentation to make it clear how to configure alternative LDAP ports, including for LDAPS.

0 0
replied one day ago Show version history

Hi @████████,

Is there a way to query Pure Azure AD from Forms?

If not, is there a way for forms to do regular AD without an intermediate table?

thanks!

0 0
replied one day ago

Hi Daniel,

Is there a way to query Pure Azure AD from Forms?

The first thing that comes to mind is using JavaScript to have Forms make a web request to the Microsoft Graph API to retrieve user or group info. See: Use the Microsoft Graph API - Microsoft Graph | Microsoft Learn

You generally have to authenticate to the Microsoft Graph API with OAuth 2.0, so that's not necessarily trivial to do securely.

If not, is there a way for forms to do regular AD without an intermediate table?

For a real-time field lookup, no. If it's for an AD user registered in Laserfiche, you can potentially get a few basic attributes like (if memory serves me) username, display name, and email.

The "long way" that doesn't involve an intermediate table is to have the Forms process invoke a Workflow that runs a custom Script activity with .NET code to execute the desired query, then return the result to Forms with an Update Business Process Variables activity. You could also have Workflow 12 2025H1 or above make a web request to the Microsoft Graph API instead as it has native OAuth 2.0 support for web services as of that version.

If you set up the Forms process like:

  1. Search Form (enter search param) -> Submit
  2. Workflow Service Task -> Invoke AD lookup workflow -> Toggle "Wait for workflow to complete" (user will automatically be taken to next form when workflow completes)
  3. Results Form (display lookup result)

You get a semi real-time lookup flow. Though a little clunky, it may work for your use case.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...