Povratne informacije Uredi

Find identity object IDs for authentication configuration for Azure API for FHIR

  • Članak
  • 2 min. za čitanje

In this article, you'll learn how to find identity object IDs needed when configuring the Azure API for FHIR to use an external or secondary Active Directory tenant for data plane.

Find user object ID

If you have a user with user name myuser@contoso.com, you can locate the users ObjectId using the following PowerShell command:

$(Get-AzureADUser -Filter "UserPrincipalName eq 'myuser@contoso.com'").ObjectId

or you can use the Azure CLI:

az ad user show --id myuser@contoso.com --query objectId --out tsv

Find service principal object ID

Suppose you've registered a service client app and you would like to allow this service client to access the Azure API for FHIR, you can find the object ID for the client service principal with the following PowerShell command:

$(Get-AzureADServicePrincipal -Filter "AppId eq 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'").ObjectId

where XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX is the service client application ID. Alternatively, you can use the DisplayName of the service client:

$(Get-AzureADServicePrincipal -Filter "DisplayName eq 'testapp'").ObjectId

If you're using the Azure CLI, you can use:

az ad sp show --id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --query objectId --out tsv

Find a security group object ID

If you would like to locate the object ID of a security group, you can use the following PowerShell command:

$(Get-AzureADGroup -Filter "DisplayName eq 'mygroup'").ObjectId

Where mygroup is the name of the group you're interested in.

If you're using the Azure CLI, you can use:

az ad group show --group "mygroup" --query objectId --out tsv

Next steps

In this article, you've learned how to find identity object IDs needed to configure the Azure API for FHIR to use an external or secondary Azure Active Directory tenant. Next read about how to use the object IDs to configure local RBAC settings:

Configure local RBAC settings

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.