Créer un flux de travail

Article
04/17/2024

Espace de noms : microsoft.graph.identityGovernance

Importante

Les API sous la version /beta dans Microsoft Graph sont susceptibles d’être modifiées. L’utilisation de ces API dans des applications de production n’est pas prise en charge. Pour déterminer si une API est disponible dans v1.0, utilisez le sélecteur Version .

Créez un objet de flux de travail . Vous pouvez créer jusqu’à 100 workflows dans un locataire.

Cette API est disponible dans les déploiements de cloud national suivants.

Service global	Gouvernement des États-Unis L4	Us Government L5 (DOD)	Chine gérée par 21Vianet
✅	✅	✅	❌

Autorisations

Choisissez l’autorisation ou les autorisations marquées comme moins privilégiées pour cette API. Utilisez une autorisation ou des autorisations privilégiées plus élevées uniquement si votre application en a besoin. Pour plus d’informations sur les autorisations déléguées et d’application, consultez Types d’autorisations. Pour en savoir plus sur ces autorisations, consultez les informations de référence sur les autorisations.

Type d’autorisation	Autorisations avec privilèges minimum	Autorisations privilégiées plus élevées
Déléguée (compte professionnel ou scolaire)	LifecycleWorkflows.CreateWorkflows	LifecycleWorkflows.ReadWrite.All, LifecycleWorkflows.ReadWrite.Workflows
Déléguée (compte Microsoft personnel)	Non prise en charge.	Non prise en charge.
Application	LifecycleWorkflows.CreateWorkflows	LifecycleWorkflows.ReadWrite.All, LifecycleWorkflows.ReadWrite.Workflows

Importante

Dans les scénarios délégués avec des comptes professionnels ou scolaires, l’utilisateur connecté doit se voir attribuer un rôle Microsoft Entra pris en charge ou un rôle personnalisé avec une autorisation de rôle prise en charge. L’administrateur des workflows de cycle de vie est le rôle le moins privilégié pris en charge pour cette opération.

Requête HTTP

POST /identityGovernance/lifecycleWorkflows/workflows

En-têtes de demande

Nom	Description
Autorisation	Porteur {token}. Obligatoire. En savoir plus sur l’authentification et l’autorisation.
Content-Type	application/json. Obligatoire.

Corps de la demande

Dans le corps de la demande, fournissez une représentation JSON de l’objet de workflow .

Vous pouvez spécifier les propriétés suivantes lors de la création d’un workflow.

Propriété	Type	Description
category	microsoft.graph.identityGovernance.lifecycleWorkflowCategory	Catégorie du flux de travail. Les valeurs possibles sont `joiner`, `leaver`, `unknownFutureValue`. Il ne peut s’agir que d’une seule valeur. Obligatoire.
description	String	Chaîne qui décrit l’objectif du flux de travail pour une utilisation administrative.
displayName	String	Chaîne unique qui identifie le flux de travail. Obligatoire.
executionConditions	microsoft.graph.identityGovernance.workflowExecutionConditions	Définit pour qui et quand un workflow s’exécute. Obligatoire.
id	String	Identificateur utilisé pour traiter individuellement un flux de travail spécifique.
isEnabled	Boolean	Valeur booléenne qui indique si le flux de travail est défini pour s’exécuter ou non.
isSchedulingEnabled	Boolean	Valeur booléenne qui indique si la planification est activée ou non.
tasks	collection microsoft.graph.identityGovernance.task	Représente les tâches configurées à exécuter et leur séquence d’exécution dans le workflow. Obligatoire.

Réponse

Si elle réussit, cette méthode renvoie un 201 Created code de réponse et un objet microsoft.graph.identityGovernance.workflow dans le corps de la réponse.

Exemples

Exemple 1 : Créer un workflow de joiner à l’aide du déclencheur basé sur le temps

Demande

L’exemple suivant montre une requête qui crée un workflow avec la configuration suivante :

Il s’agit d’un workflow « joiner » activé et planifié pour s’exécuter.
Il s’exécute pour les nouveaux utilisateurs basés en Australie, sur leur employeeHireDate à l’aide du déclencheur d’attribut basé sur le temps.
Deux tâches sont effectuées lorsque le flux de travail s’exécute : le compte de l’utilisateur est activé et un e-mail de bienvenue est envoyé à l’utilisateur.

POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
Content-Type: application/json

{
    "category": "joiner",
    "description": "Configure new hire tasks for onboarding employees on their first day",
    "displayName": "Australia Onboard new hire employee",
    "isEnabled": true,
    "isSchedulingEnabled": true,
    "executionConditions": {
        "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
        "scope": {
            "@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
            "rule": "(country eq 'Australia')"
        },
        "trigger": {
            "@odata.type": "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
            "timeBasedAttribute": "employeeHireDate",
            "offsetInDays": 0
        }
    },
    "tasks": [
        {
            "continueOnError": false,
            "description": "Enable user account in the directory",
            "displayName": "Enable User Account",
            "isEnabled": true,
            "taskDefinitionId": "6fc52c9d-398b-4305-9763-15f42c1676fc",
            "arguments": []
        },
        {
            "continueOnError": false,
            "description": "Send welcome email to new hire",
            "displayName": "Send Welcome Email",
            "isEnabled": true,
            "taskDefinitionId": "70b29d51-b59a-4773-9280-8841dfd3f2ea",
            "arguments": []
        }
    ]
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;

var requestBody = new Workflow
{
	Category = LifecycleWorkflowCategory.Joiner,
	Description = "Configure new hire tasks for onboarding employees on their first day",
	DisplayName = "Australia Onboard new hire employee",
	IsEnabled = true,
	IsSchedulingEnabled = true,
	ExecutionConditions = new TriggerAndScopeBasedConditions
	{
		OdataType = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
		Scope = new RuleBasedSubjectSet
		{
			OdataType = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
			Rule = "(country eq 'Australia')",
		},
		Trigger = new TimeBasedAttributeTrigger
		{
			OdataType = "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
			TimeBasedAttribute = WorkflowTriggerTimeBasedAttribute.EmployeeHireDate,
			OffsetInDays = 0,
		},
	},
	Tasks = new List<TaskObject>
	{
		new TaskObject
		{
			ContinueOnError = false,
			Description = "Enable user account in the directory",
			DisplayName = "Enable User Account",
			IsEnabled = true,
			TaskDefinitionId = "6fc52c9d-398b-4305-9763-15f42c1676fc",
			Arguments = new List<KeyValuePair>
			{
			},
		},
		new TaskObject
		{
			ContinueOnError = false,
			Description = "Send welcome email to new hire",
			DisplayName = "Send Welcome Email",
			IsEnabled = true,
			TaskDefinitionId = "70b29d51-b59a-4773-9280-8841dfd3f2ea",
			Arguments = new List<KeyValuePair>
			{
			},
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);

Importante

Microsoft Graph SDK utilisent la version v1.0 de l’API par défaut et ne prennent pas en charge tous les types, propriétés et API disponibles dans la version bêta. Pour plus d’informations sur l’accès à l’API bêta avec le SDK, consultez Utiliser les kits de développement logiciel (SDK) Microsoft Graph avec l’API bêta.

Pour plus d’informations sur la façon d'ajouter le Kit de développement logiciel (SDK) à votre projet et créer une instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).



mgc-beta identity-governance lifecycle-workflows workflows create --body '{\
    "category": "joiner",\
    "description": "Configure new hire tasks for onboarding employees on their first day",\
    "displayName": "Australia Onboard new hire employee",\
    "isEnabled": true,\
    "isSchedulingEnabled": true,\
    "executionConditions": {\
        "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",\
        "scope": {\
            "@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",\
            "rule": "(country eq 'Australia')"\
        },\
        "trigger": {\
            "@odata.type": "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",\
            "timeBasedAttribute": "employeeHireDate",\
            "offsetInDays": 0\
        }\
    },\
    "tasks": [\
        {\
            "continueOnError": false,\
            "description": "Enable user account in the directory",\
            "displayName": "Enable User Account",\
            "isEnabled": true,\
            "taskDefinitionId": "6fc52c9d-398b-4305-9763-15f42c1676fc",\
            "arguments": []\
        },\
        {\
            "continueOnError": false,\
            "description": "Send welcome email to new hire",\
            "displayName": "Send Welcome Email",\
            "isEnabled": true,\
            "taskDefinitionId": "70b29d51-b59a-4773-9280-8841dfd3f2ea",\
            "arguments": []\
        }\
    ]\
}\
'

Importante



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.JOINER_LIFECYCLEWORKFLOWCATEGORY 
requestBody.SetCategory(&category) 
description := "Configure new hire tasks for onboarding employees on their first day"
requestBody.SetDescription(&description) 
displayName := "Australia Onboard new hire employee"
requestBody.SetDisplayName(&displayName) 
isEnabled := true
requestBody.SetIsEnabled(&isEnabled) 
isSchedulingEnabled := true
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled) 
executionConditions := graphmodelsidentitygovernance.NewTriggerAndScopeBasedConditions()
scope := graphmodelsidentitygovernance.NewRuleBasedSubjectSet()
rule := "(country eq 'Australia')"
scope.SetRule(&rule) 
executionConditions.SetScope(scope)
trigger := graphmodelsidentitygovernance.NewTimeBasedAttributeTrigger()
timeBasedAttribute := graphmodels.EMPLOYEEHIREDATE_WORKFLOWTRIGGERTIMEBASEDATTRIBUTE 
trigger.SetTimeBasedAttribute(&timeBasedAttribute) 
offsetInDays := int32(0)
trigger.SetOffsetInDays(&offsetInDays) 
executionConditions.SetTrigger(trigger)
requestBody.SetExecutionConditions(executionConditions)


task := graphmodelsidentitygovernance.NewTask()
continueOnError := false
task.SetContinueOnError(&continueOnError) 
description := "Enable user account in the directory"
task.SetDescription(&description) 
displayName := "Enable User Account"
task.SetDisplayName(&displayName) 
isEnabled := true
task.SetIsEnabled(&isEnabled) 
taskDefinitionId := "6fc52c9d-398b-4305-9763-15f42c1676fc"
task.SetTaskDefinitionId(&taskDefinitionId) 
arguments := []graphmodels.KeyValuePairable {

}
task.SetArguments(arguments)
task1 := graphmodelsidentitygovernance.NewTask()
continueOnError := false
task1.SetContinueOnError(&continueOnError) 
description := "Send welcome email to new hire"
task1.SetDescription(&description) 
displayName := "Send Welcome Email"
task1.SetDisplayName(&displayName) 
isEnabled := true
task1.SetIsEnabled(&isEnabled) 
taskDefinitionId := "70b29d51-b59a-4773-9280-8841dfd3f2ea"
task1.SetTaskDefinitionId(&taskDefinitionId) 
arguments := []graphmodels.KeyValuePairable {

}
task1.SetArguments(arguments)

tasks := []graphmodelsidentitygovernance.Taskable {
	task,
	task1,
}
requestBody.SetTasks(tasks)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)

Importante


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Joiner);
workflow.setDescription("Configure new hire tasks for onboarding employees on their first day");
workflow.setDisplayName("Australia Onboard new hire employee");
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(true);
com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions executionConditions = new com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions");
com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet scope = new com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet();
scope.setOdataType("#microsoft.graph.identityGovernance.ruleBasedSubjectSet");
scope.setRule("(country eq 'Australia')");
executionConditions.setScope(scope);
com.microsoft.graph.beta.models.identitygovernance.TimeBasedAttributeTrigger trigger = new com.microsoft.graph.beta.models.identitygovernance.TimeBasedAttributeTrigger();
trigger.setOdataType("#microsoft.graph.identityGovernance.timeBasedAttributeTrigger");
trigger.setTimeBasedAttribute(com.microsoft.graph.beta.models.identitygovernance.WorkflowTriggerTimeBasedAttribute.EmployeeHireDate);
trigger.setOffsetInDays(0);
executionConditions.setTrigger(trigger);
workflow.setExecutionConditions(executionConditions);
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
task.setContinueOnError(false);
task.setDescription("Enable user account in the directory");
task.setDisplayName("Enable User Account");
task.setIsEnabled(true);
task.setTaskDefinitionId("6fc52c9d-398b-4305-9763-15f42c1676fc");
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
tasks.add(task);
com.microsoft.graph.beta.models.identitygovernance.Task task1 = new com.microsoft.graph.beta.models.identitygovernance.Task();
task1.setContinueOnError(false);
task1.setDescription("Send welcome email to new hire");
task1.setDisplayName("Send Welcome Email");
task1.setIsEnabled(true);
task1.setTaskDefinitionId("70b29d51-b59a-4773-9280-8841dfd3f2ea");
LinkedList<KeyValuePair> arguments1 = new LinkedList<KeyValuePair>();
task1.setArguments(arguments1);
tasks.add(task1);
workflow.setTasks(tasks);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);

Importante


const options = {
	authProvider,
};

const client = Client.init(options);

const workflow = {
    category: 'joiner',
    description: 'Configure new hire tasks for onboarding employees on their first day',
    displayName: 'Australia Onboard new hire employee',
    isEnabled: true,
    isSchedulingEnabled: true,
    executionConditions: {
        '@odata.type': '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions',
        scope: {
            '@odata.type': '#microsoft.graph.identityGovernance.ruleBasedSubjectSet',
            rule: '(country eq \'Australia\')'
        },
        trigger: {
            '@odata.type': '#microsoft.graph.identityGovernance.timeBasedAttributeTrigger',
            timeBasedAttribute: 'employeeHireDate',
            offsetInDays: 0
        }
    },
    tasks: [
        {
            continueOnError: false,
            description: 'Enable user account in the directory',
            displayName: 'Enable User Account',
            isEnabled: true,
            taskDefinitionId: '6fc52c9d-398b-4305-9763-15f42c1676fc',
            arguments: []
        },
        {
            continueOnError: false,
            description: 'Send welcome email to new hire',
            displayName: 'Send Welcome Email',
            isEnabled: true,
            taskDefinitionId: '70b29d51-b59a-4773-9280-8841dfd3f2ea',
            arguments: []
        }
    ]
};

await client.api('/identityGovernance/lifecycleWorkflows/workflows')
	.version('beta')
	.post(workflow);

Importante


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAndScopeBasedConditions;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\RuleBasedSubjectSet;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TimeBasedAttributeTrigger;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\WorkflowTriggerTimeBasedAttribute;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('joiner'));
$requestBody->setDescription('Configure new hire tasks for onboarding employees on their first day');
$requestBody->setDisplayName('Australia Onboard new hire employee');
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(true);
$executionConditions = new TriggerAndScopeBasedConditions();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions');
$executionConditionsScope = new RuleBasedSubjectSet();
$executionConditionsScope->setOdataType('#microsoft.graph.identityGovernance.ruleBasedSubjectSet');
$executionConditionsScope->setRule('(country eq \'Australia\')');
$executionConditions->setScope($executionConditionsScope);
$executionConditionsTrigger = new TimeBasedAttributeTrigger();
$executionConditionsTrigger->setOdataType('#microsoft.graph.identityGovernance.timeBasedAttributeTrigger');
$executionConditionsTrigger->setTimeBasedAttribute(new WorkflowTriggerTimeBasedAttribute('employeeHireDate'));
$executionConditionsTrigger->setOffsetInDays(0);
$executionConditions->setTrigger($executionConditionsTrigger);
$requestBody->setExecutionConditions($executionConditions);
$tasksTask1 = new Task();
$tasksTask1->setContinueOnError(false);
$tasksTask1->setDescription('Enable user account in the directory');
$tasksTask1->setDisplayName('Enable User Account');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setTaskDefinitionId('6fc52c9d-398b-4305-9763-15f42c1676fc');
$tasksTask1->setArguments([	]);
$tasksArray []= $tasksTask1;
$tasksTask2 = new Task();
$tasksTask2->setContinueOnError(false);
$tasksTask2->setDescription('Send welcome email to new hire');
$tasksTask2->setDisplayName('Send Welcome Email');
$tasksTask2->setIsEnabled(true);
$tasksTask2->setTaskDefinitionId('70b29d51-b59a-4773-9280-8841dfd3f2ea');
$tasksTask2->setArguments([	]);
$tasksArray []= $tasksTask2;
$requestBody->setTasks($tasksArray);


$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();

Importante


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	category = "joiner"
	description = "Configure new hire tasks for onboarding employees on their first day"
	displayName = "Australia Onboard new hire employee"
	isEnabled = $true
	isSchedulingEnabled = $true
	executionConditions = @{
		"@odata.type" = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions"
		scope = @{
			"@odata.type" = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet"
			rule = "(country eq 'Australia')"
		}
		trigger = @{
			"@odata.type" = "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger"
			timeBasedAttribute = "employeeHireDate"
			offsetInDays = 
		}
	}
	tasks = @(
		@{
			continueOnError = $false
			description = "Enable user account in the directory"
			displayName = "Enable User Account"
			isEnabled = $true
			taskDefinitionId = "6fc52c9d-398b-4305-9763-15f42c1676fc"
			arguments = @(
			)
		}
		@{
			continueOnError = $false
			description = "Send welcome email to new hire"
			displayName = "Send Welcome Email"
			isEnabled = $true
			taskDefinitionId = "70b29d51-b59a-4773-9280-8841dfd3f2ea"
			arguments = @(
			)
		}
	)
}

New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params

Importante


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.trigger_and_scope_based_conditions import TriggerAndScopeBasedConditions
from msgraph_beta.generated.models.identity_governance.rule_based_subject_set import RuleBasedSubjectSet
from msgraph_beta.generated.models.identity_governance.time_based_attribute_trigger import TimeBasedAttributeTrigger
from msgraph_beta.generated.models.workflow_trigger_time_based_attribute import WorkflowTriggerTimeBasedAttribute
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
	category = LifecycleWorkflowCategory.Joiner,
	description = "Configure new hire tasks for onboarding employees on their first day",
	display_name = "Australia Onboard new hire employee",
	is_enabled = True,
	is_scheduling_enabled = True,
	execution_conditions = TriggerAndScopeBasedConditions(
		odata_type = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
		scope = RuleBasedSubjectSet(
			odata_type = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
			rule = "(country eq 'Australia')",
		),
		trigger = TimeBasedAttributeTrigger(
			odata_type = "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
			time_based_attribute = WorkflowTriggerTimeBasedAttribute.EmployeeHireDate,
			offset_in_days = 0,
		),
	),
	tasks = [
		Task(
			continue_on_error = False,
			description = "Enable user account in the directory",
			display_name = "Enable User Account",
			is_enabled = True,
			task_definition_id = "6fc52c9d-398b-4305-9763-15f42c1676fc",
			arguments = [
			],
		),
		Task(
			continue_on_error = False,
			description = "Send welcome email to new hire",
			display_name = "Send Welcome Email",
			is_enabled = True,
			task_definition_id = "70b29d51-b59a-4773-9280-8841dfd3f2ea",
			arguments = [
			],
		),
	],
)

result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)

Importante

Réponse

L’exemple suivant illustre la réponse.

Remarque : l’objet de réponse affiché ci-après peut être raccourci pour plus de lisibilité.

HTTP/1.1 201 Created
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
    "category": "joiner",
    "description": "Configure new hire tasks for onboarding employees on their first day",
    "displayName": "New Zealand new hire",
    "lastModifiedDateTime": "2022-08-26T04:51:27.521792Z",
    "createdDateTime": "2022-08-26T04:51:27.5217824Z",
    "deletedDateTime": null,
    "id": "818cd47f-138c-4a83-b3f5-afa92bfcf391",
    "isEnabled": true,
    "isSchedulingEnabled": false,
    "nextScheduleRunDateTime": null,
    "version": 1,
    "executionConditions": {
        "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
        "scope": {
            "@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
            "rule": "(country eq 'New Zealand')"
        },
        "trigger": {
            "@odata.type": "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
            "timeBasedAttribute": "employeeHireDate",
            "offsetInDays": 0
        }
    }
}

Exemple 2 : Créer un flux de travail de déplacement à l’aide du déclencheur de modifications d’attribut

Demande

L’exemple suivant montre une requête qui crée un workflow avec la configuration suivante :

Il s’agit d’un flux de travail « mover » activé et planifié pour s’exécuter.
Il s’exécute pour les utilisateurs existants ajoutés au service « Ventes » à l’aide du déclencheur de modifications d’attribut.
Une tâche est effectuée, qui consiste à envoyer un e-mail pour informer le responsable de l’utilisateur du déplacement.

POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
Content-Type: application/json
Content-length: 631

{
    "category": "mover",
    "description": "Configure mover tasks for a user when their job profile changes",
    "displayName": "Sales contractor moves to full-time employee",
    "isEnabled": true,
    "isSchedulingEnabled": true,
    "executionConditions": {
        "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
        "scope": {
            "@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
            "rule": "(department eq 'Sales')"
        },
        "trigger": {
            "@odata.type": "#microsoft.graph.identityGovernance.attributeChangeTrigger",
            "triggerAttributes": [
                {
                    "name": "department"
                }
            ]
        }
    },
    "tasks": [
        {
            "continueOnError": false,
            "description": "Send email to moving employee's manager",
            "displayName": "Notify manager of move",
            "isEnabled": true,
            "taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
            "arguments": []
        }
    ]
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;

var requestBody = new Workflow
{
	Category = LifecycleWorkflowCategory.Mover,
	Description = "Configure mover tasks for a user when their job profile changes",
	DisplayName = "Sales contractor moves to full-time employee",
	IsEnabled = true,
	IsSchedulingEnabled = true,
	ExecutionConditions = new TriggerAndScopeBasedConditions
	{
		OdataType = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
		Scope = new RuleBasedSubjectSet
		{
			OdataType = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
			Rule = "(department eq 'Sales')",
		},
		Trigger = new AttributeChangeTrigger
		{
			OdataType = "#microsoft.graph.identityGovernance.attributeChangeTrigger",
			TriggerAttributes = new List<TriggerAttribute>
			{
				new TriggerAttribute
				{
					Name = "department",
				},
			},
		},
	},
	Tasks = new List<TaskObject>
	{
		new TaskObject
		{
			ContinueOnError = false,
			Description = "Send email to moving employee's manager",
			DisplayName = "Notify manager of move",
			IsEnabled = true,
			TaskDefinitionId = "aab41899-9972-422a-9d97-f626014578b7",
			Arguments = new List<KeyValuePair>
			{
			},
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);

Importante



mgc-beta identity-governance lifecycle-workflows workflows create --body '{\
    "category": "mover",\
    "description": "Configure mover tasks for a user when their job profile changes",\
    "displayName": "Sales contractor moves to full-time employee",\
    "isEnabled": true,\
    "isSchedulingEnabled": true,\
    "executionConditions": {\
        "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",\
        "scope": {\
            "@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",\
            "rule": "(department eq 'Sales')"\
        },\
        "trigger": {\
            "@odata.type": "#microsoft.graph.identityGovernance.attributeChangeTrigger",\
            "triggerAttributes": [\
                {\
                    "name": "department"\
                }\
            ]\
        }\
    },\
    "tasks": [\
        {\
            "continueOnError": false,\
            "description": "Send email to moving employee's manager",\
            "displayName": "Notify manager of move",\
            "isEnabled": true,\
            "taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",\
            "arguments": []\
        }\
    ]\
}\
'

Importante



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.MOVER_LIFECYCLEWORKFLOWCATEGORY 
requestBody.SetCategory(&category) 
description := "Configure mover tasks for a user when their job profile changes"
requestBody.SetDescription(&description) 
displayName := "Sales contractor moves to full-time employee"
requestBody.SetDisplayName(&displayName) 
isEnabled := true
requestBody.SetIsEnabled(&isEnabled) 
isSchedulingEnabled := true
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled) 
executionConditions := graphmodelsidentitygovernance.NewTriggerAndScopeBasedConditions()
scope := graphmodelsidentitygovernance.NewRuleBasedSubjectSet()
rule := "(department eq 'Sales')"
scope.SetRule(&rule) 
executionConditions.SetScope(scope)
trigger := graphmodelsidentitygovernance.NewAttributeChangeTrigger()


triggerAttribute := graphmodelsidentitygovernance.NewTriggerAttribute()
name := "department"
triggerAttribute.SetName(&name) 

triggerAttributes := []graphmodelsidentitygovernance.TriggerAttributeable {
	triggerAttribute,
}
trigger.SetTriggerAttributes(triggerAttributes)
executionConditions.SetTrigger(trigger)
requestBody.SetExecutionConditions(executionConditions)


task := graphmodelsidentitygovernance.NewTask()
continueOnError := false
task.SetContinueOnError(&continueOnError) 
description := "Send email to moving employee's manager"
task.SetDescription(&description) 
displayName := "Notify manager of move"
task.SetDisplayName(&displayName) 
isEnabled := true
task.SetIsEnabled(&isEnabled) 
taskDefinitionId := "aab41899-9972-422a-9d97-f626014578b7"
task.SetTaskDefinitionId(&taskDefinitionId) 
arguments := []graphmodels.KeyValuePairable {

}
task.SetArguments(arguments)

tasks := []graphmodelsidentitygovernance.Taskable {
	task,
}
requestBody.SetTasks(tasks)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)

Importante


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Mover);
workflow.setDescription("Configure mover tasks for a user when their job profile changes");
workflow.setDisplayName("Sales contractor moves to full-time employee");
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(true);
com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions executionConditions = new com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions");
com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet scope = new com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet();
scope.setOdataType("#microsoft.graph.identityGovernance.ruleBasedSubjectSet");
scope.setRule("(department eq 'Sales')");
executionConditions.setScope(scope);
com.microsoft.graph.beta.models.identitygovernance.AttributeChangeTrigger trigger = new com.microsoft.graph.beta.models.identitygovernance.AttributeChangeTrigger();
trigger.setOdataType("#microsoft.graph.identityGovernance.attributeChangeTrigger");
LinkedList<com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute> triggerAttributes = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute>();
com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute triggerAttribute = new com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute();
triggerAttribute.setName("department");
triggerAttributes.add(triggerAttribute);
trigger.setTriggerAttributes(triggerAttributes);
executionConditions.setTrigger(trigger);
workflow.setExecutionConditions(executionConditions);
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
task.setContinueOnError(false);
task.setDescription("Send email to moving employee's manager");
task.setDisplayName("Notify manager of move");
task.setIsEnabled(true);
task.setTaskDefinitionId("aab41899-9972-422a-9d97-f626014578b7");
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
tasks.add(task);
workflow.setTasks(tasks);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);

Importante


const options = {
	authProvider,
};

const client = Client.init(options);

const workflow = {
    category: 'mover',
    description: 'Configure mover tasks for a user when their job profile changes',
    displayName: 'Sales contractor moves to full-time employee',
    isEnabled: true,
    isSchedulingEnabled: true,
    executionConditions: {
        '@odata.type': '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions',
        scope: {
            '@odata.type': '#microsoft.graph.identityGovernance.ruleBasedSubjectSet',
            rule: '(department eq \'Sales\')'
        },
        trigger: {
            '@odata.type': '#microsoft.graph.identityGovernance.attributeChangeTrigger',
            triggerAttributes: [
                {
                    name: 'department'
                }
            ]
        }
    },
    tasks: [
        {
            continueOnError: false,
            description: 'Send email to moving employee\'s manager',
            displayName: 'Notify manager of move',
            isEnabled: true,
            taskDefinitionId: 'aab41899-9972-422a-9d97-f626014578b7',
            arguments: []
        }
    ]
};

await client.api('/identityGovernance/lifecycleWorkflows/workflows')
	.version('beta')
	.post(workflow);

Importante


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAndScopeBasedConditions;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\RuleBasedSubjectSet;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\AttributeChangeTrigger;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAttribute;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('mover'));
$requestBody->setDescription('Configure mover tasks for a user when their job profile changes');
$requestBody->setDisplayName('Sales contractor moves to full-time employee');
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(true);
$executionConditions = new TriggerAndScopeBasedConditions();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions');
$executionConditionsScope = new RuleBasedSubjectSet();
$executionConditionsScope->setOdataType('#microsoft.graph.identityGovernance.ruleBasedSubjectSet');
$executionConditionsScope->setRule('(department eq \'Sales\')');
$executionConditions->setScope($executionConditionsScope);
$executionConditionsTrigger = new AttributeChangeTrigger();
$executionConditionsTrigger->setOdataType('#microsoft.graph.identityGovernance.attributeChangeTrigger');
$triggerAttributesTriggerAttribute1 = new TriggerAttribute();
$triggerAttributesTriggerAttribute1->setName('department');
$triggerAttributesArray []= $triggerAttributesTriggerAttribute1;
$executionConditionsTrigger->setTriggerAttributes($triggerAttributesArray);

$executionConditions->setTrigger($executionConditionsTrigger);
$requestBody->setExecutionConditions($executionConditions);
$tasksTask1 = new Task();
$tasksTask1->setContinueOnError(false);
$tasksTask1->setDescription('Send email to moving employee\'s manager');
$tasksTask1->setDisplayName('Notify manager of move');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setTaskDefinitionId('aab41899-9972-422a-9d97-f626014578b7');
$tasksTask1->setArguments([]);
$tasksArray []= $tasksTask1;
$requestBody->setTasks($tasksArray);


$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();

Importante


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	category = "mover"
	description = "Configure mover tasks for a user when their job profile changes"
	displayName = "Sales contractor moves to full-time employee"
	isEnabled = $true
	isSchedulingEnabled = $true
	executionConditions = @{
		"@odata.type" = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions"
		scope = @{
			"@odata.type" = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet"
			rule = "(department eq 'Sales')"
		}
		trigger = @{
			"@odata.type" = "#microsoft.graph.identityGovernance.attributeChangeTrigger"
			triggerAttributes = @(
				@{
					name = "department"
				}
			)
		}
	}
	tasks = @(
		@{
			continueOnError = $false
			description = "Send email to moving employee's manager"
			displayName = "Notify manager of move"
			isEnabled = $true
			taskDefinitionId = "aab41899-9972-422a-9d97-f626014578b7"
			arguments = @(
			)
		}
	)
}

New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params

Importante


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.trigger_and_scope_based_conditions import TriggerAndScopeBasedConditions
from msgraph_beta.generated.models.identity_governance.rule_based_subject_set import RuleBasedSubjectSet
from msgraph_beta.generated.models.identity_governance.attribute_change_trigger import AttributeChangeTrigger
from msgraph_beta.generated.models.identity_governance.trigger_attribute import TriggerAttribute
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
	category = LifecycleWorkflowCategory.Mover,
	description = "Configure mover tasks for a user when their job profile changes",
	display_name = "Sales contractor moves to full-time employee",
	is_enabled = True,
	is_scheduling_enabled = True,
	execution_conditions = TriggerAndScopeBasedConditions(
		odata_type = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
		scope = RuleBasedSubjectSet(
			odata_type = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
			rule = "(department eq 'Sales')",
		),
		trigger = AttributeChangeTrigger(
			odata_type = "#microsoft.graph.identityGovernance.attributeChangeTrigger",
			trigger_attributes = [
				TriggerAttribute(
					name = "department",
				),
			],
		),
	),
	tasks = [
		Task(
			continue_on_error = False,
			description = "Send email to moving employee's manager",
			display_name = "Notify manager of move",
			is_enabled = True,
			task_definition_id = "aab41899-9972-422a-9d97-f626014578b7",
			arguments = [
			],
		),
	],
)

result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)

Importante

Réponse

L’exemple suivant illustre la réponse.

Remarque : l’objet de réponse affiché ci-après peut être raccourci pour plus de lisibilité.

HTTP/1.1 200 OK
Content-Type: application/json

{
    "category": "mover",
    "description": "Configure mover tasks for a user when their job profile changes",
    "displayName": "Sales contractor moves to full time employee",
    "isEnabled": true,
    "isSchedulingEnabled": true,
    "executionConditions": {
        "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
        "scope": {
            "@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
            "rule": "(department eq 'Sales')"
        },
        "trigger": {
            "@odata.type": "#microsoft.graph.identityGovernance.attributeChangeTrigger",
            "triggerAttributes": [
                {
                    "name": "department"
                }
            ]
        }
    },
    "tasks": [
        {
            "continueOnError": false,
            "description": "Send email to moving employee's manager",
            "displayName": "Notify manager of move",
            "isEnabled": true,
            "taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
            "arguments": []
        }
    ]
}

Exemple 3 : Créer un flux de travail de mise en veille à l’aide du déclencheur basé sur un groupe

Demande

L’exemple suivant montre une requête qui crée un workflow avec la configuration suivante :

Il s’agit d’un workflow « leaver » activé et planifié pour s’exécuter.
Il s’exécute pour les utilisateurs qui sont supprimés du groupe Ventes à l’aide du déclencheur basé sur le groupe.
Deux tâches sont effectuées lors de l’exécution du flux de travail : Supprimer l’utilisateur de tous les teams, Supprimer l’utilisateur de tous les groupes.

POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
Content-Type: application/json

{
    "category": "leaver",
    "description": "Configure offboarding tasks for employees on their last day of work",
    "displayName": "Offboard an employee",
    "isEnabled": true,
    "isSchedulingEnabled": true,
    "executionConditions": {
        "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
        "scope": {
            "@odata.type": "#microsoft.graph.identityGovernance.groupBasedSubjectSet",
            "groups": [
                {
                    "id": "668e7540-7f8e-4ca4-a207-b7dffbb6d038"
                }
            ]
        },
        "trigger": {
            "@odata.type": "#microsoft.graph.identityGovernance.membershipChangeTrigger",
            "changeType": "remove"
        }
    },
    "tasks": [
        {
            "category": "leaver",
            "continueOnError": false,
            "description": "Remove user from all Teams memberships",
            "displayName": "Remove user from all Teams",
            "isEnabled": true,
            "taskDefinitionId": "81f7b200-2816-4b3b-8c5d-dc556f07b024",
            "arguments": []
        },
        {
            "category": "leaver",
            "continueOnError": false,
            "description": "Remove user from all Azure AD groups memberships",
            "displayName": "Remove user from all groups",
            "isEnabled": true,
            "taskDefinitionId": "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
            "arguments": []
        }
    ]
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;

var requestBody = new Workflow
{
	Category = LifecycleWorkflowCategory.Leaver,
	Description = "Configure offboarding tasks for employees on their last day of work",
	DisplayName = "Offboard an employee",
	IsEnabled = true,
	IsSchedulingEnabled = true,
	ExecutionConditions = new TriggerAndScopeBasedConditions
	{
		OdataType = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
		Scope = new GroupBasedSubjectSet
		{
			OdataType = "#microsoft.graph.identityGovernance.groupBasedSubjectSet",
			Groups = new List<Group>
			{
				new Group
				{
					Id = "668e7540-7f8e-4ca4-a207-b7dffbb6d038",
				},
			},
		},
		Trigger = new MembershipChangeTrigger
		{
			OdataType = "#microsoft.graph.identityGovernance.membershipChangeTrigger",
			ChangeType = MembershipChangeType.Remove,
		},
	},
	Tasks = new List<TaskObject>
	{
		new TaskObject
		{
			Category = LifecycleTaskCategory.Leaver,
			ContinueOnError = false,
			Description = "Remove user from all Teams memberships",
			DisplayName = "Remove user from all Teams",
			IsEnabled = true,
			TaskDefinitionId = "81f7b200-2816-4b3b-8c5d-dc556f07b024",
			Arguments = new List<KeyValuePair>
			{
			},
		},
		new TaskObject
		{
			Category = LifecycleTaskCategory.Leaver,
			ContinueOnError = false,
			Description = "Remove user from all Azure AD groups memberships",
			DisplayName = "Remove user from all groups",
			IsEnabled = true,
			TaskDefinitionId = "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
			Arguments = new List<KeyValuePair>
			{
			},
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);

Importante



mgc-beta identity-governance lifecycle-workflows workflows create --body '{\
    "category": "leaver",\
    "description": "Configure offboarding tasks for employees on their last day of work",\
    "displayName": "Offboard an employee",\
    "isEnabled": true,\
    "isSchedulingEnabled": true,\
    "executionConditions": {\
        "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",\
        "scope": {\
            "@odata.type": "#microsoft.graph.identityGovernance.groupBasedSubjectSet",\
            "groups": [\
                {\
                    "id": "668e7540-7f8e-4ca4-a207-b7dffbb6d038"\
                }\
            ]\
        },\
        "trigger": {\
            "@odata.type": "#microsoft.graph.identityGovernance.membershipChangeTrigger",\
            "changeType": "remove"\
        }\
    },\
    "tasks": [\
        {\
            "category": "leaver",\
            "continueOnError": false,\
            "description": "Remove user from all Teams memberships",\
            "displayName": "Remove user from all Teams",\
            "isEnabled": true,\
            "taskDefinitionId": "81f7b200-2816-4b3b-8c5d-dc556f07b024",\
            "arguments": []\
        },\
        {\
            "category": "leaver",\
            "continueOnError": false,\
            "description": "Remove user from all Azure AD groups memberships",\
            "displayName": "Remove user from all groups",\
            "isEnabled": true,\
            "taskDefinitionId": "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",\
            "arguments": []\
        }\
    ]\
}\
'

Importante



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.LEAVER_LIFECYCLEWORKFLOWCATEGORY 
requestBody.SetCategory(&category) 
description := "Configure offboarding tasks for employees on their last day of work"
requestBody.SetDescription(&description) 
displayName := "Offboard an employee"
requestBody.SetDisplayName(&displayName) 
isEnabled := true
requestBody.SetIsEnabled(&isEnabled) 
isSchedulingEnabled := true
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled) 
executionConditions := graphmodelsidentitygovernance.NewTriggerAndScopeBasedConditions()
scope := graphmodelsidentitygovernance.NewGroupBasedSubjectSet()


group := graphmodels.NewGroup()
id := "668e7540-7f8e-4ca4-a207-b7dffbb6d038"
group.SetId(&id) 

groups := []graphmodels.Groupable {
	group,
}
scope.SetGroups(groups)
executionConditions.SetScope(scope)
trigger := graphmodelsidentitygovernance.NewMembershipChangeTrigger()
changeType := graphmodels.REMOVE_MEMBERSHIPCHANGETYPE 
trigger.SetChangeType(&changeType) 
executionConditions.SetTrigger(trigger)
requestBody.SetExecutionConditions(executionConditions)


task := graphmodelsidentitygovernance.NewTask()
category := graphmodels.LEAVER_LIFECYCLETASKCATEGORY 
task.SetCategory(&category) 
continueOnError := false
task.SetContinueOnError(&continueOnError) 
description := "Remove user from all Teams memberships"
task.SetDescription(&description) 
displayName := "Remove user from all Teams"
task.SetDisplayName(&displayName) 
isEnabled := true
task.SetIsEnabled(&isEnabled) 
taskDefinitionId := "81f7b200-2816-4b3b-8c5d-dc556f07b024"
task.SetTaskDefinitionId(&taskDefinitionId) 
arguments := []graphmodels.KeyValuePairable {

}
task.SetArguments(arguments)
task1 := graphmodelsidentitygovernance.NewTask()
category := graphmodels.LEAVER_LIFECYCLETASKCATEGORY 
task1.SetCategory(&category) 
continueOnError := false
task1.SetContinueOnError(&continueOnError) 
description := "Remove user from all Azure AD groups memberships"
task1.SetDescription(&description) 
displayName := "Remove user from all groups"
task1.SetDisplayName(&displayName) 
isEnabled := true
task1.SetIsEnabled(&isEnabled) 
taskDefinitionId := "b3a31406-2a15-4c9a-b25b-a658fa5f07fc"
task1.SetTaskDefinitionId(&taskDefinitionId) 
arguments := []graphmodels.KeyValuePairable {

}
task1.SetArguments(arguments)

tasks := []graphmodelsidentitygovernance.Taskable {
	task,
	task1,
}
requestBody.SetTasks(tasks)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)

Importante


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Leaver);
workflow.setDescription("Configure offboarding tasks for employees on their last day of work");
workflow.setDisplayName("Offboard an employee");
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(true);
com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions executionConditions = new com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions");
com.microsoft.graph.beta.models.identitygovernance.GroupBasedSubjectSet scope = new com.microsoft.graph.beta.models.identitygovernance.GroupBasedSubjectSet();
scope.setOdataType("#microsoft.graph.identityGovernance.groupBasedSubjectSet");
LinkedList<Group> groups = new LinkedList<Group>();
Group group = new Group();
group.setId("668e7540-7f8e-4ca4-a207-b7dffbb6d038");
groups.add(group);
scope.setGroups(groups);
executionConditions.setScope(scope);
com.microsoft.graph.beta.models.identitygovernance.MembershipChangeTrigger trigger = new com.microsoft.graph.beta.models.identitygovernance.MembershipChangeTrigger();
trigger.setOdataType("#microsoft.graph.identityGovernance.membershipChangeTrigger");
trigger.setChangeType(com.microsoft.graph.beta.models.identitygovernance.MembershipChangeType.Remove);
executionConditions.setTrigger(trigger);
workflow.setExecutionConditions(executionConditions);
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
task.setCategory(EnumSet.of(com.microsoft.graph.beta.models.identitygovernance.LifecycleTaskCategory.Leaver));
task.setContinueOnError(false);
task.setDescription("Remove user from all Teams memberships");
task.setDisplayName("Remove user from all Teams");
task.setIsEnabled(true);
task.setTaskDefinitionId("81f7b200-2816-4b3b-8c5d-dc556f07b024");
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
tasks.add(task);
com.microsoft.graph.beta.models.identitygovernance.Task task1 = new com.microsoft.graph.beta.models.identitygovernance.Task();
task1.setCategory(EnumSet.of(com.microsoft.graph.beta.models.identitygovernance.LifecycleTaskCategory.Leaver));
task1.setContinueOnError(false);
task1.setDescription("Remove user from all Azure AD groups memberships");
task1.setDisplayName("Remove user from all groups");
task1.setIsEnabled(true);
task1.setTaskDefinitionId("b3a31406-2a15-4c9a-b25b-a658fa5f07fc");
LinkedList<KeyValuePair> arguments1 = new LinkedList<KeyValuePair>();
task1.setArguments(arguments1);
tasks.add(task1);
workflow.setTasks(tasks);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);

Importante


const options = {
	authProvider,
};

const client = Client.init(options);

const workflow = {
    category: 'leaver',
    description: 'Configure offboarding tasks for employees on their last day of work',
    displayName: 'Offboard an employee',
    isEnabled: true,
    isSchedulingEnabled: true,
    executionConditions: {
        '@odata.type': '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions',
        scope: {
            '@odata.type': '#microsoft.graph.identityGovernance.groupBasedSubjectSet',
            groups: [
                {
                    id: '668e7540-7f8e-4ca4-a207-b7dffbb6d038'
                }
            ]
        },
        trigger: {
            '@odata.type': '#microsoft.graph.identityGovernance.membershipChangeTrigger',
            changeType: 'remove'
        }
    },
    tasks: [
        {
            category: 'leaver',
            continueOnError: false,
            description: 'Remove user from all Teams memberships',
            displayName: 'Remove user from all Teams',
            isEnabled: true,
            taskDefinitionId: '81f7b200-2816-4b3b-8c5d-dc556f07b024',
            arguments: []
        },
        {
            category: 'leaver',
            continueOnError: false,
            description: 'Remove user from all Azure AD groups memberships',
            displayName: 'Remove user from all groups',
            isEnabled: true,
            taskDefinitionId: 'b3a31406-2a15-4c9a-b25b-a658fa5f07fc',
            arguments: []
        }
    ]
};

await client.api('/identityGovernance/lifecycleWorkflows/workflows')
	.version('beta')
	.post(workflow);

Importante


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAndScopeBasedConditions;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\GroupBasedSubjectSet;
use Microsoft\Graph\Beta\Generated\Models\Group;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\MembershipChangeTrigger;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\MembershipChangeType;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleTaskCategory;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('leaver'));
$requestBody->setDescription('Configure offboarding tasks for employees on their last day of work');
$requestBody->setDisplayName('Offboard an employee');
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(true);
$executionConditions = new TriggerAndScopeBasedConditions();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions');
$executionConditionsScope = new GroupBasedSubjectSet();
$executionConditionsScope->setOdataType('#microsoft.graph.identityGovernance.groupBasedSubjectSet');
$groupsGroup1 = new Group();
$groupsGroup1->setId('668e7540-7f8e-4ca4-a207-b7dffbb6d038');
$groupsArray []= $groupsGroup1;
$executionConditionsScope->setGroups($groupsArray);

$executionConditions->setScope($executionConditionsScope);
$executionConditionsTrigger = new MembershipChangeTrigger();
$executionConditionsTrigger->setOdataType('#microsoft.graph.identityGovernance.membershipChangeTrigger');
$executionConditionsTrigger->setChangeType(new MembershipChangeType('remove'));
$executionConditions->setTrigger($executionConditionsTrigger);
$requestBody->setExecutionConditions($executionConditions);
$tasksTask1 = new Task();
$tasksTask1->setCategory(new LifecycleTaskCategory('leaver'));
$tasksTask1->setContinueOnError(false);
$tasksTask1->setDescription('Remove user from all Teams memberships');
$tasksTask1->setDisplayName('Remove user from all Teams');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setTaskDefinitionId('81f7b200-2816-4b3b-8c5d-dc556f07b024');
$tasksTask1->setArguments([]);
$tasksArray []= $tasksTask1;
$tasksTask2 = new Task();
$tasksTask2->setCategory(new LifecycleTaskCategory('leaver'));
$tasksTask2->setContinueOnError(false);
$tasksTask2->setDescription('Remove user from all Azure AD groups memberships');
$tasksTask2->setDisplayName('Remove user from all groups');
$tasksTask2->setIsEnabled(true);
$tasksTask2->setTaskDefinitionId('b3a31406-2a15-4c9a-b25b-a658fa5f07fc');
$tasksTask2->setArguments([]);
$tasksArray []= $tasksTask2;
$requestBody->setTasks($tasksArray);


$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();

Importante


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	category = "leaver"
	description = "Configure offboarding tasks for employees on their last day of work"
	displayName = "Offboard an employee"
	isEnabled = $true
	isSchedulingEnabled = $true
	executionConditions = @{
		"@odata.type" = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions"
		scope = @{
			"@odata.type" = "#microsoft.graph.identityGovernance.groupBasedSubjectSet"
			groups = @(
				@{
					id = "668e7540-7f8e-4ca4-a207-b7dffbb6d038"
				}
			)
		}
		trigger = @{
			"@odata.type" = "#microsoft.graph.identityGovernance.membershipChangeTrigger"
			changeType = "remove"
		}
	}
	tasks = @(
		@{
			category = "leaver"
			continueOnError = $false
			description = "Remove user from all Teams memberships"
			displayName = "Remove user from all Teams"
			isEnabled = $true
			taskDefinitionId = "81f7b200-2816-4b3b-8c5d-dc556f07b024"
			arguments = @(
			)
		}
		@{
			category = "leaver"
			continueOnError = $false
			description = "Remove user from all Azure AD groups memberships"
			displayName = "Remove user from all groups"
			isEnabled = $true
			taskDefinitionId = "b3a31406-2a15-4c9a-b25b-a658fa5f07fc"
			arguments = @(
			)
		}
	)
}

New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params

Importante


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.trigger_and_scope_based_conditions import TriggerAndScopeBasedConditions
from msgraph_beta.generated.models.identity_governance.group_based_subject_set import GroupBasedSubjectSet
from msgraph_beta.generated.models.group import Group
from msgraph_beta.generated.models.identity_governance.membership_change_trigger import MembershipChangeTrigger
from msgraph_beta.generated.models.membership_change_type import MembershipChangeType
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.lifecycle_task_category import LifecycleTaskCategory
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
	category = LifecycleWorkflowCategory.Leaver,
	description = "Configure offboarding tasks for employees on their last day of work",
	display_name = "Offboard an employee",
	is_enabled = True,
	is_scheduling_enabled = True,
	execution_conditions = TriggerAndScopeBasedConditions(
		odata_type = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
		scope = GroupBasedSubjectSet(
			odata_type = "#microsoft.graph.identityGovernance.groupBasedSubjectSet",
			groups = [
				Group(
					id = "668e7540-7f8e-4ca4-a207-b7dffbb6d038",
				),
			],
		),
		trigger = MembershipChangeTrigger(
			odata_type = "#microsoft.graph.identityGovernance.membershipChangeTrigger",
			change_type = MembershipChangeType.Remove,
		),
	),
	tasks = [
		Task(
			category = LifecycleTaskCategory.Leaver,
			continue_on_error = False,
			description = "Remove user from all Teams memberships",
			display_name = "Remove user from all Teams",
			is_enabled = True,
			task_definition_id = "81f7b200-2816-4b3b-8c5d-dc556f07b024",
			arguments = [
			],
		),
		Task(
			category = LifecycleTaskCategory.Leaver,
			continue_on_error = False,
			description = "Remove user from all Azure AD groups memberships",
			display_name = "Remove user from all groups",
			is_enabled = True,
			task_definition_id = "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
			arguments = [
			],
		),
	],
)

result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)

Importante

Réponse

L’exemple suivant illustre la réponse.

Remarque : l’objet de réponse affiché ci-après peut être raccourci pour plus de lisibilité.

HTTP/1.1 201 Created
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
    "category": "leaver",
    "description": "Configure offboarding tasks for employees on their last day of work",
    "displayName": "Offboard an employee",
    "isEnabled": true,
    "isSchedulingEnabled": true,
    "lastModifiedDateTime": "2024-03-28T20:20:05.6599449Z",
    "createdDateTime": "2024-03-28T20:20:05.6599142Z",
    "deletedDateTime": null,
    "id": "73ed8912-6a04-4f5d-bef8-61fcc94336a7",
    "nextScheduleRunDateTime": "2024-03-28T20:37:08Z",
    "version": 1,
    "executionConditions": {
        "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
        "scope": {
            "@odata.type": "#microsoft.graph.identityGovernance.groupBasedSubjectSet"
        },
        "trigger": {
            "@odata.type": "#microsoft.graph.identityGovernance.membershipChangeTrigger",
            "changeType": "remove"
        }
    }
}

Partager via

Créer un flux de travail

Autorisations

Requête HTTP

En-têtes de demande

Corps de la demande

Réponse

Exemples

Exemple 1 : Créer un workflow de joiner à l’aide du déclencheur basé sur le temps

Demande

Réponse

Exemple 2 : Créer un flux de travail de déplacement à l’aide du déclencheur de modifications d’attribut

Demande

Réponse

Exemple 3 : Créer un flux de travail de mise en veille à l’aide du déclencheur basé sur un groupe

Demande

Réponse

Commentaires

Ressources supplémentaires