We are developing SharePoint provider hosted application for SharePoint Online. This application is going to be multitenant and used by different customers with Office 365 subscriptions. Previously we developed SharePoint solutions on-prem and new app model brings us a lot of challenges and new tasks.
One of them is the following:
The provider hosted app needs to programmatically get members of security group from Office365 tenant. Business case is pretty simple we need to know all members of SharePoint group to make a report per each user. and if our SP group contains Security group we need to resolve members somehow...
Solutions Overview
Before start digging into code, let's find out what Security Group is? Where is it resided, managed?
Does it depends on Office 365 plan?
Security Group is Azure Active Directory security group. When you create some O365 subscription, MS creates Azure AD instance where your users/groups are stored. So you can manage the users and groups from this AD by different ways:
1) Office365 admin portal https://portal.microsoft.com
2) Azure portal https://manage.windowsazure.com, but you need to create additional subscription to windows Azure and I suppose not all customers, especially midsize, have this subscription.
3) Microsoft Azure Active Directory Module for Windows PowerShell commands http://msdn.microsoft.com/library/azure/jj151815.aspx
All these ways make changes to the same Azure AD instance. and if you change something via Office365 portal, you will see the changes in Azure portal immediately.
Good article gives overview what's going on behind the scene http://technet.microsoft.com/en-us/library/hh967611.aspx
So base questions are the following:
1) How to authenticate and authorize to Azure AD from the SharePoint App
2) How to get group identification to pass it to Graph API
3) Customer's installation use cases: What target customers, tenant's owners should do to make their Azure AD available for the SharePoint App.
One of them is the following:
The provider hosted app needs to programmatically get members of security group from Office365 tenant. Business case is pretty simple we need to know all members of SharePoint group to make a report per each user. and if our SP group contains Security group we need to resolve members somehow...
Solutions Overview
Before start digging into code, let's find out what Security Group is? Where is it resided, managed?
Does it depends on Office 365 plan?
Security Group is Azure Active Directory security group. When you create some O365 subscription, MS creates Azure AD instance where your users/groups are stored. So you can manage the users and groups from this AD by different ways:
1) Office365 admin portal https://portal.microsoft.com
2) Azure portal https://manage.windowsazure.com, but you need to create additional subscription to windows Azure and I suppose not all customers, especially midsize, have this subscription.
3) Microsoft Azure Active Directory Module for Windows PowerShell commands http://msdn.microsoft.com/library/azure/jj151815.aspx
All these ways make changes to the same Azure AD instance. and if you change something via Office365 portal, you will see the changes in Azure portal immediately.
Good article gives overview what's going on behind the scene http://technet.microsoft.com/en-us/library/hh967611.aspx
So base questions are the following:
1) How to authenticate and authorize to Azure AD from the SharePoint App
2) How to get group identification to pass it to Graph API
3) Customer's installation use cases: What target customers, tenant's owners should do to make their Azure AD available for the SharePoint App.
