Hello,
I would like to know if it is possible to post Office365 and Active Directory through API and how?
I get an Office365 from another tenant and I would like to keep the maximum information of the request in order to automate the migration of a tenant.
For the moment I have achieved to migrate OIDC and SAML apps but the Office365 one has always errors, even when I remove sensitive data as I do with OIDC and SAML apps.
For example here is the request I get from Tenant A :
(not enough space in post sorry)
and here is what I try to post to tenant B :
PostB
{
"id": "0oaos5uv7zJ6rYTiT5d6",
"name": "active_directory",
"label": "iwaovm1.com",
"status": "ACTIVE",
"lastUpdated": "2021-05-05T07:40:25.000Z",
"created": "2021-05-05T07:39:15.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {}
},
"features": [
"IMPORT_PROFILE_UPDATES",
"PROFILE_MASTERING",
"OUTBOUND_DEL_AUTH",
"IMPORT_USER_SCHEMA",
"IMPORT_NEW_USERS"
],
"signOnMode": null,
"credentials": {
"userNameTemplate": {
"template": "substringBefore(user.login, \"@\") + \"@\" + target_app.namingContext",
"type": "CUSTOM"
},
"signing": {}
},
"settings": {
"app": {
"jitGroupsAcrossDomains": false,
"password": "admin",
"scanRate": 1,
"searchOrgUnit": null,
"filterGroupsByOU": false,
"namingContext": "iwaovm1.com",
"login": "admin",
"activationEmail": null
},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
}
},
"_links": {
"uploadLogo": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaos5uv7zJ6rYTiT5d6/logo",
"hints": {
"allow": [
"POST"
]
}
},
"appLinks": [],
"groups": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaos5uv7zJ6rYTiT5d6/groups"
},
"logo": [
{
"name": "medium",
"href": "https://ok12static.oktacdn.com/assets/img/logos/active-directory.9d71e6886192896cd905f4987688d95f.png",
"type": "image/png"
}
],
"users": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaos5uv7zJ6rYTiT5d6/users"
},
"deactivate": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaos5uv7zJ6rYTiT5d6/lifecycle/deactivate"
}
}
},
{
"id": "0oaq6k42oe8mqxv6U5d6",
"name": "oidc_client",
"label": "Test oidc",
"status": "ACTIVE",
"lastUpdated": "2021-05-12T09:10:03.000Z",
"created": "2021-05-12T09:10:03.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": true,
"web": true
},
"appLinks": {
"oidc_client_link": true
}
},
"features": [],
"signOnMode": "OPENID_CONNECT",
"credentials": {
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
},
"signing": {
"kid": "IkFjJtcazvWJdXLGSd1GvPkNZwlwuJFJ9F9mVyyrI6Q"
},
"oauthClient": {
"autoKeyRotation": true,
"client_id": "0oaq6k42oe8mqxv6U5d6",
"token_endpoint_auth_method": "client_secret_basic"
}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"oauthClient": {
"client_uri": null,
"logo_uri": null,
"redirect_uris": [
"http://localhost:8081/login/okta"
],
"post_logout_redirect_uris": [
"http://localhost:8081/logout"
],
"response_types": [
"code"
],
"grant_types": [
"authorization_code"
],
"application_type": "web",
"consent_method": "REQUIRED",
"issuer_mode": "ORG_URL",
"idp_initiated_login": {
"mode": "DISABLED",
"default_scope": []
}
}
},
"_links": {
"uploadLogo": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6k42oe8mqxv6U5d6/logo",
"hints": {
"allow": [
"POST"
]
}
},
"appLinks": [
{
"name": "oidc_client_link",
"href": "https://lyvoc-migration-a.okta.com/home/oidc_client/0oaq6k42oe8mqxv6U5d6/aln177a159h7Zf52X0g8",
"type": "text/html"
}
],
"groups": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6k42oe8mqxv6U5d6/groups"
},
"logo": [
{
"name": "medium",
"href": "https://ok12static.oktacdn.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png",
"type": "image/png"
}
],
"users": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6k42oe8mqxv6U5d6/users"
},
"deactivate": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6k42oe8mqxv6U5d6/lifecycle/deactivate"
}
}
},
{
"id": "0oaq6ke2pd0O9AcKl5d6",
"name": "lyvoc-migration-a_testsaml_1",
"label": "Test SAML",
"status": "ACTIVE",
"lastUpdated": "2021-05-12T09:09:11.000Z",
"created": "2021-05-12T09:09:10.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"lyvoc-migration-a_testsaml_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
},
"signing": {
"kid": "-xBuCdnP9h9UjghnJPgLdfsbV4Uh7HTlQOxJ9yTAu7A"
}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"signOn": {
"defaultRelayState": "http://localhost:8080/app",
"ssoAcsUrl": "http://localhost:8080",
"idpIssuer": "http://www.okta.com/${org.externalKey}",
"audience": "testokta",
"recipient": "http://localhost:8080",
"destination": "http://localhost:8080",
"subjectNameIdTemplate": "${user.userName}",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"spIssuer": null,
"requestCompressed": false,
"attributeStatements": [
{
"type": "EXPRESSION",
"name": "email",
"namespace": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
"values": [
"user.email"
]
}
],
"inlineHooks": [],
"allowMultipleAcsEndpoints": false,
"acsEndpoints": [],
"slo": {
"enabled": false
}
}
},
"_links": {
"help": {
"href": "https://lyvoc-migration-a-admin.okta.com/app/lyvoc-migration-a_testsaml_1/0oaq6ke2pd0O9AcKl5d6/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"metadata": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/sso/saml/metadata",
"type": "application/xml"
},
"uploadLogo": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/logo",
"hints": {
"allow": [
"POST"
]
}
},
"appLinks": [
{
"name": "lyvoc-migration-a_testsaml_1_link",
"href": "https://lyvoc-migration-a.okta.com/home/lyvoc-migration-a_testsaml_1/0oaq6ke2pd0O9AcKl5d6/alnq6n6skv7lKD5DN5d6",
"type": "text/html"
}
],
"groups": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/groups"
},
"logo": [
{
"name": "medium",
"href": "https://ok12static.oktacdn.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png",
"type": "image/png"
}
],
"users": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/users"
},
"deactivate": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/lifecycle/deactivate"
}
}
}
I remove some fields that created errors but know it tells me Type mismatch exception.
For Active Directory, my team already told me that it would be difficult to configure all the application.
I try to post this but I have an Internal Server Error.
AD
{
"id": "0oaos5uv7zJ6rYTiT5d6",
"name": "active_directory",
"label": "iwaovm1.com",
"status": "ACTIVE",
"lastUpdated": "2021-05-05T07:40:25.000Z",
"created": "2021-05-05T07:39:15.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {}
},
"features": [
"IMPORT_PROFILE_UPDATES",
"PROFILE_MASTERING",
"OUTBOUND_DEL_AUTH",
"IMPORT_USER_SCHEMA",
"IMPORT_NEW_USERS"
],
"signOnMode": null,
"credentials": {
"userNameTemplate": {
"template": "substringBefore(user.login, \"@\") + \"@\" + target_app.namingContext",
"type": "CUSTOM"
},
"signing": {}
},
"settings": {
"app": {
"jitGroupsAcrossDomains": false,
"password": "admin",
"scanRate": 1,
"searchOrgUnit": null,
"filterGroupsByOU": false,
"namingContext": "iwaovm1.com",
"login": "admin",
"activationEmail": null
},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
}
},
"_links": {
"uploadLogo": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaos5uv7zJ6rYTiT5d6/logo",
"hints": {
"allow": [
"POST"
]
}
},
"appLinks": [],
"groups": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaos5uv7zJ6rYTiT5d6/groups"
},
"logo": [
{
"name": "medium",
"href": "https://ok12static.oktacdn.com/assets/img/logos/active-directory.9d71e6886192896cd905f4987688d95f.png",
"type": "image/png"
}
],
"users": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaos5uv7zJ6rYTiT5d6/users"
},
"deactivate": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaos5uv7zJ6rYTiT5d6/lifecycle/deactivate"
}
}
},
{
"id": "0oaq6k42oe8mqxv6U5d6",
"name": "oidc_client",
"label": "Test oidc",
"status": "ACTIVE",
"lastUpdated": "2021-05-12T09:10:03.000Z",
"created": "2021-05-12T09:10:03.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": true,
"web": true
},
"appLinks": {
"oidc_client_link": true
}
},
"features": [],
"signOnMode": "OPENID_CONNECT",
"credentials": {
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
},
"signing": {
"kid": "IkFjJtcazvWJdXLGSd1GvPkNZwlwuJFJ9F9mVyyrI6Q"
},
"oauthClient": {
"autoKeyRotation": true,
"client_id": "0oaq6k42oe8mqxv6U5d6",
"token_endpoint_auth_method": "client_secret_basic"
}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"oauthClient": {
"client_uri": null,
"logo_uri": null,
"redirect_uris": [
"http://localhost:8081/login/okta"
],
"post_logout_redirect_uris": [
"http://localhost:8081/logout"
],
"response_types": [
"code"
],
"grant_types": [
"authorization_code"
],
"application_type": "web",
"consent_method": "REQUIRED",
"issuer_mode": "ORG_URL",
"idp_initiated_login": {
"mode": "DISABLED",
"default_scope": []
}
}
},
"_links": {
"uploadLogo": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6k42oe8mqxv6U5d6/logo",
"hints": {
"allow": [
"POST"
]
}
},
"appLinks": [
{
"name": "oidc_client_link",
"href": "https://lyvoc-migration-a.okta.com/home/oidc_client/0oaq6k42oe8mqxv6U5d6/aln177a159h7Zf52X0g8",
"type": "text/html"
}
],
"groups": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6k42oe8mqxv6U5d6/groups"
},
"logo": [
{
"name": "medium",
"href": "https://ok12static.oktacdn.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png",
"type": "image/png"
}
],
"users": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6k42oe8mqxv6U5d6/users"
},
"deactivate": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6k42oe8mqxv6U5d6/lifecycle/deactivate"
}
}
},
{
"id": "0oaq6ke2pd0O9AcKl5d6",
"name": "lyvoc-migration-a_testsaml_1",
"label": "Test SAML",
"status": "ACTIVE",
"lastUpdated": "2021-05-12T09:09:11.000Z",
"created": "2021-05-12T09:09:10.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"lyvoc-migration-a_testsaml_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
},
"signing": {
"kid": "-xBuCdnP9h9UjghnJPgLdfsbV4Uh7HTlQOxJ9yTAu7A"
}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"signOn": {
"defaultRelayState": "http://localhost:8080/app",
"ssoAcsUrl": "http://localhost:8080",
"idpIssuer": "http://www.okta.com/${org.externalKey}",
"audience": "testokta",
"recipient": "http://localhost:8080",
"destination": "http://localhost:8080",
"subjectNameIdTemplate": "${user.userName}",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"spIssuer": null,
"requestCompressed": false,
"attributeStatements": [
{
"type": "EXPRESSION",
"name": "email",
"namespace": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
"values": [
"user.email"
]
}
],
"inlineHooks": [],
"allowMultipleAcsEndpoints": false,
"acsEndpoints": [],
"slo": {
"enabled": false
}
}
},
"_links": {
"help": {
"href": "https://lyvoc-migration-a-admin.okta.com/app/lyvoc-migration-a_testsaml_1/0oaq6ke2pd0O9AcKl5d6/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"metadata": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/sso/saml/metadata",
"type": "application/xml"
},
"uploadLogo": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/logo",
"hints": {
"allow": [
"POST"
]
}
},
"appLinks": [
{
"name": "lyvoc-migration-a_testsaml_1_link",
"href": "https://lyvoc-migration-a.okta.com/home/lyvoc-migration-a_testsaml_1/0oaq6ke2pd0O9AcKl5d6/alnq6n6skv7lKD5DN5d6",
"type": "text/html"
}
],
"groups": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/groups"
},
"logo": [
{
"name": "medium",
"href": "https://ok12static.oktacdn.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png",
"type": "image/png"
}
],
"users": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/users"
},
"deactivate": {
"href": "https://lyvoc-migration-a.okta.com/api/v1/apps/0oaq6ke2pd0O9AcKl5d6/lifecycle/deactivate"
}
}
}
Thanks,
Hugo