Create accessPackageAssignmentPolicy
- Article
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
In Microsoft Entra entitlement management, create a new accessPackageAssignmentPolicy object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ❌ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | EntitlementManagement.ReadWrite.All | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | EntitlementManagement.ReadWrite.All | Not available. |
HTTP request
POST /identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Request headers
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
Request body
In the request body, supply a JSON representation of an accessPackageAssignmentPolicy object.
Response
If successful, this method returns a 200-series response code and a new accessPackageAssignmentPolicy object in the response body.
Examples
Example 1: Create a direct assignment policy
A direct assignment policy is useful when access package assignment requests will only be created by an administrator, not by users themselves.
Request
The following example shows a request to create an access package assignment policy. In this policy, no users can request, no approval is required, and there are no access reviews.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"accessPackageId": "56ff43fd-6b05-48df-9634-956a777fce6d",
"displayName": "direct",
"description": "direct assignments by administrator",
"accessReviewSettings": null,
"requestorSettings": {
"scopeType": "NoSubjects",
"acceptRequests": true,
"allowedRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequired": false,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": false,
"approvalMode": "NoApproval",
"approvalStages": []
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
AccessPackageId = "56ff43fd-6b05-48df-9634-956a777fce6d",
DisplayName = "direct",
Description = "direct assignments by administrator",
AccessReviewSettings = null,
RequestorSettings = new RequestorSettings
{
ScopeType = "NoSubjects",
AcceptRequests = true,
AllowedRequestors = new List<UserSet>
{
},
},
RequestApprovalSettings = new ApprovalSettings
{
IsApprovalRequired = false,
IsApprovalRequiredForExtension = false,
IsRequestorJustificationRequired = false,
ApprovalMode = "NoApproval",
ApprovalStages = new List<ApprovalStage>
{
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-policies create --body '{\
"accessPackageId": "56ff43fd-6b05-48df-9634-956a777fce6d",\
"displayName": "direct",\
"description": "direct assignments by administrator",\
"accessReviewSettings": null,\
"requestorSettings": {\
"scopeType": "NoSubjects",\
"acceptRequests": true,\
"allowedRequestors": []\
},\
"requestApprovalSettings": {\
"isApprovalRequired": false,\
"isApprovalRequiredForExtension": false,\
"isRequestorJustificationRequired": false,\
"approvalMode": "NoApproval",\
"approvalStages": []\
}\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
accessPackageId := "56ff43fd-6b05-48df-9634-956a777fce6d"
requestBody.SetAccessPackageId(&accessPackageId)
displayName := "direct"
requestBody.SetDisplayName(&displayName)
description := "direct assignments by administrator"
requestBody.SetDescription(&description)
accessReviewSettings := null
requestBody.SetAccessReviewSettings(&accessReviewSettings)
requestorSettings := graphmodels.NewRequestorSettings()
scopeType := "NoSubjects"
requestorSettings.SetScopeType(&scopeType)
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests)
allowedRequestors := []graphmodels.UserSetable {
}
requestorSettings.SetAllowedRequestors(allowedRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewApprovalSettings()
isApprovalRequired := false
requestApprovalSettings.SetIsApprovalRequired(&isApprovalRequired)
isApprovalRequiredForExtension := false
requestApprovalSettings.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension)
isRequestorJustificationRequired := false
requestApprovalSettings.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired)
approvalMode := "NoApproval"
requestApprovalSettings.SetApprovalMode(&approvalMode)
approvalStages := []graphmodels.ApprovalStageable {
}
requestApprovalSettings.SetApprovalStages(approvalStages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackageAssignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setAccessPackageId("56ff43fd-6b05-48df-9634-956a777fce6d");
accessPackageAssignmentPolicy.setDisplayName("direct");
accessPackageAssignmentPolicy.setDescription("direct assignments by administrator");
accessPackageAssignmentPolicy.setAccessReviewSettings(null);
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.setScopeType("NoSubjects");
requestorSettings.setAcceptRequests(true);
LinkedList<UserSet> allowedRequestors = new LinkedList<UserSet>();
requestorSettings.setAllowedRequestors(allowedRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
ApprovalSettings requestApprovalSettings = new ApprovalSettings();
requestApprovalSettings.setIsApprovalRequired(false);
requestApprovalSettings.setIsApprovalRequiredForExtension(false);
requestApprovalSettings.setIsRequestorJustificationRequired(false);
requestApprovalSettings.setApprovalMode("NoApproval");
LinkedList<ApprovalStage> approvalStages = new LinkedList<ApprovalStage>();
requestApprovalSettings.setApprovalStages(approvalStages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies().post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
accessPackageId: '56ff43fd-6b05-48df-9634-956a777fce6d',
displayName: 'direct',
description: 'direct assignments by administrator',
accessReviewSettings: null,
requestorSettings: {
scopeType: 'NoSubjects',
acceptRequests: true,
allowedRequestors: []
},
requestApprovalSettings: {
isApprovalRequired: false,
isApprovalRequiredForExtension: false,
isRequestorJustificationRequired: false,
approvalMode: 'NoApproval',
approvalStages: []
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\RequestorSettings;
use Microsoft\Graph\Generated\Models\UserSet;
use Microsoft\Graph\Generated\Models\ApprovalSettings;
use Microsoft\Graph\Generated\Models\ApprovalStage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setAccessPackageId('56ff43fd-6b05-48df-9634-956a777fce6d');
$requestBody->setDisplayName('direct');
$requestBody->setDescription('direct assignments by administrator');
$requestBody->setAccessReviewSettings(null);
$requestorSettings = new RequestorSettings();
$requestorSettings->setScopeType('NoSubjects');
$requestorSettings->setAcceptRequests(true);
$requestorSettings->setAllowedRequestors([ ]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new ApprovalSettings();
$requestApprovalSettings->setIsApprovalRequired(false);
$requestApprovalSettings->setIsApprovalRequiredForExtension(false);
$requestApprovalSettings->setIsRequestorJustificationRequired(false);
$requestApprovalSettings->setApprovalMode('NoApproval');
$requestApprovalSettings->setApprovalStages([ ]);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentPolicies()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
accessPackageId = "56ff43fd-6b05-48df-9634-956a777fce6d"
displayName = "direct"
description = "direct assignments by administrator"
accessReviewSettings = $null
requestorSettings = @{
scopeType = "NoSubjects"
acceptRequests = $true
allowedRequestors = @(
)
}
requestApprovalSettings = @{
isApprovalRequired = $false
isApprovalRequiredForExtension = $false
isRequestorJustificationRequired = $false
approvalMode = "NoApproval"
approvalStages = @(
)
}
}
New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.requestor_settings import RequestorSettings
from msgraph.generated.models.user_set import UserSet
from msgraph.generated.models.approval_settings import ApprovalSettings
from msgraph.generated.models.approval_stage import ApprovalStage
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
access_package_id = "56ff43fd-6b05-48df-9634-956a777fce6d",
display_name = "direct",
description = "direct assignments by administrator",
access_review_settings = None,
requestor_settings = RequestorSettings(
scope_type = "NoSubjects",
accept_requests = True,
allowed_requestors = [
],
),
request_approval_settings = ApprovalSettings(
is_approval_required = False,
is_approval_required_for_extension = False,
is_requestor_justification_required = False,
approval_mode = "NoApproval",
approval_stages = [
],
),
)
result = await graph_client.identity_governance.entitlement_management.access_package_assignment_policies.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "4c02f928-7752-49aa-8fc8-e286d973a965",
"accessPackageId": "56ff43fd-6b05-48df-9634-956a777fce6d",
"displayName": "direct",
"description": "direct assignments by administrator"
}
Example 2: Create a policy for users from other organizations to request
The following example shows a more complex policy with two-stage approvals and access reviews.
Request
The following example shows a request to create an access package assignment policy.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"accessPackageId": "string (identifier)",
"displayName": "Users from connected organizations can request",
"description": "Allow users from configured connected organizations to request and be approved by their sponsors",
"canExtend": false,
"durationInDays": 365,
"expirationDateTime": null,
"requestorSettings": {
"scopeType": "AllExistingConnectedOrganizationSubjects",
"acceptRequests": true,
"allowedRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequired": true,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": true,
"approvalMode": "Serial",
"approvalStages": [
{
"approvalStageTimeOutInDays": 14,
"isApproverJustificationRequired": true,
"isEscalationEnabled": true,
"escalationTimeInMinutes": 11520,
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.groupMembers",
"isBackup": true,
"id": "string (identifier)",
"description": "group for users from connected organizations which have no external sponsor"
},
{
"@odata.type": "#microsoft.graph.externalSponsors",
"isBackup": false
}
],
"escalationApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"isBackup": true,
"id": "string (identifier)",
"description": "user if the external sponsor does not respond"
}
]
},
{
"approvalStageTimeOutInDays": 14,
"isApproverJustificationRequired": true,
"isEscalationEnabled": true,
"escalationTimeInMinutes": 11520,
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.groupMembers",
"isBackup": true,
"id": "string (identifier)",
"description": "group for users from connected organizations which have no internal sponsor"
},
{
"@odata.type": "#microsoft.graph.internalSponsors",
"isBackup": false
}
],
"escalationApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"isBackup": true,
"id": "string (identifier)",
"description": "user if the internal sponsor does not respond"
}
]
}
]
},
"accessReviewSettings": {
"isEnabled": true,
"recurrenceType": "quarterly",
"reviewerType": "Self",
"startDateTime": "2020-04-01T07:59:59.998Z",
"durationInDays": 25,
"reviewers": []
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
AccessPackageId = "string (identifier)",
DisplayName = "Users from connected organizations can request",
Description = "Allow users from configured connected organizations to request and be approved by their sponsors",
CanExtend = false,
DurationInDays = 365,
ExpirationDateTime = null,
RequestorSettings = new RequestorSettings
{
ScopeType = "AllExistingConnectedOrganizationSubjects",
AcceptRequests = true,
AllowedRequestors = new List<UserSet>
{
},
},
RequestApprovalSettings = new ApprovalSettings
{
IsApprovalRequired = true,
IsApprovalRequiredForExtension = false,
IsRequestorJustificationRequired = true,
ApprovalMode = "Serial",
ApprovalStages = new List<ApprovalStage>
{
new ApprovalStage
{
ApprovalStageTimeOutInDays = 14,
IsApproverJustificationRequired = true,
IsEscalationEnabled = true,
EscalationTimeInMinutes = 11520,
PrimaryApprovers = new List<UserSet>
{
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
IsBackup = true,
Id = "string (identifier)",
Description = "group for users from connected organizations which have no external sponsor",
},
new ExternalSponsors
{
OdataType = "#microsoft.graph.externalSponsors",
IsBackup = false,
},
},
EscalationApprovers = new List<UserSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
IsBackup = true,
Id = "string (identifier)",
Description = "user if the external sponsor does not respond",
},
},
},
new ApprovalStage
{
ApprovalStageTimeOutInDays = 14,
IsApproverJustificationRequired = true,
IsEscalationEnabled = true,
EscalationTimeInMinutes = 11520,
PrimaryApprovers = new List<UserSet>
{
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
IsBackup = true,
Id = "string (identifier)",
Description = "group for users from connected organizations which have no internal sponsor",
},
new InternalSponsors
{
OdataType = "#microsoft.graph.internalSponsors",
IsBackup = false,
},
},
EscalationApprovers = new List<UserSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
IsBackup = true,
Id = "string (identifier)",
Description = "user if the internal sponsor does not respond",
},
},
},
},
},
AccessReviewSettings = new AssignmentReviewSettings
{
IsEnabled = true,
RecurrenceType = "quarterly",
ReviewerType = "Self",
StartDateTime = DateTimeOffset.Parse("2020-04-01T07:59:59.998Z"),
DurationInDays = 25,
Reviewers = new List<UserSet>
{
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-policies create --body '{\
"accessPackageId": "string (identifier)",\
"displayName": "Users from connected organizations can request",\
"description": "Allow users from configured connected organizations to request and be approved by their sponsors",\
"canExtend": false,\
"durationInDays": 365,\
"expirationDateTime": null,\
"requestorSettings": {\
"scopeType": "AllExistingConnectedOrganizationSubjects",\
"acceptRequests": true,\
"allowedRequestors": []\
},\
"requestApprovalSettings": {\
"isApprovalRequired": true,\
"isApprovalRequiredForExtension": false,\
"isRequestorJustificationRequired": true,\
"approvalMode": "Serial",\
"approvalStages": [\
{\
"approvalStageTimeOutInDays": 14,\
"isApproverJustificationRequired": true,\
"isEscalationEnabled": true,\
"escalationTimeInMinutes": 11520,\
"primaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.groupMembers",\
"isBackup": true,\
"id": "string (identifier)",\
"description": "group for users from connected organizations which have no external sponsor"\
},\
{\
"@odata.type": "#microsoft.graph.externalSponsors",\
"isBackup": false\
}\
],\
"escalationApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"isBackup": true,\
"id": "string (identifier)",\
"description": "user if the external sponsor does not respond"\
}\
]\
},\
{\
"approvalStageTimeOutInDays": 14,\
"isApproverJustificationRequired": true,\
"isEscalationEnabled": true,\
"escalationTimeInMinutes": 11520,\
"primaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.groupMembers",\
"isBackup": true,\
"id": "string (identifier)",\
"description": "group for users from connected organizations which have no internal sponsor"\
},\
{\
"@odata.type": "#microsoft.graph.internalSponsors",\
"isBackup": false\
}\
],\
"escalationApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"isBackup": true,\
"id": "string (identifier)",\
"description": "user if the internal sponsor does not respond"\
}\
]\
}\
]\
},\
"accessReviewSettings": {\
"isEnabled": true,\
"recurrenceType": "quarterly",\
"reviewerType": "Self",\
"startDateTime": "2020-04-01T07:59:59.998Z",\
"durationInDays": 25,\
"reviewers": []\
}\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
accessPackageId := "string (identifier)"
requestBody.SetAccessPackageId(&accessPackageId)
displayName := "Users from connected organizations can request"
requestBody.SetDisplayName(&displayName)
description := "Allow users from configured connected organizations to request and be approved by their sponsors"
requestBody.SetDescription(&description)
canExtend := false
requestBody.SetCanExtend(&canExtend)
durationInDays := int32(365)
requestBody.SetDurationInDays(&durationInDays)
expirationDateTime := null
requestBody.SetExpirationDateTime(&expirationDateTime)
requestorSettings := graphmodels.NewRequestorSettings()
scopeType := "AllExistingConnectedOrganizationSubjects"
requestorSettings.SetScopeType(&scopeType)
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests)
allowedRequestors := []graphmodels.UserSetable {
}
requestorSettings.SetAllowedRequestors(allowedRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewApprovalSettings()
isApprovalRequired := true
requestApprovalSettings.SetIsApprovalRequired(&isApprovalRequired)
isApprovalRequiredForExtension := false
requestApprovalSettings.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension)
isRequestorJustificationRequired := true
requestApprovalSettings.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired)
approvalMode := "Serial"
requestApprovalSettings.SetApprovalMode(&approvalMode)
approvalStage := graphmodels.NewApprovalStage()
approvalStageTimeOutInDays := int32(14)
approvalStage.SetApprovalStageTimeOutInDays(&approvalStageTimeOutInDays)
isApproverJustificationRequired := true
approvalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := true
approvalStage.SetIsEscalationEnabled(&isEscalationEnabled)
escalationTimeInMinutes := int32(11520)
approvalStage.SetEscalationTimeInMinutes(&escalationTimeInMinutes)
userSet := graphmodels.NewGroupMembers()
isBackup := true
userSet.SetIsBackup(&isBackup)
id := "string (identifier)"
userSet.SetId(&id)
description := "group for users from connected organizations which have no external sponsor"
userSet.SetDescription(&description)
userSet1 := graphmodels.NewExternalSponsors()
isBackup := false
userSet1.SetIsBackup(&isBackup)
primaryApprovers := []graphmodels.UserSetable {
userSet,
userSet1,
}
approvalStage.SetPrimaryApprovers(primaryApprovers)
userSet := graphmodels.NewSingleUser()
isBackup := true
userSet.SetIsBackup(&isBackup)
id := "string (identifier)"
userSet.SetId(&id)
description := "user if the external sponsor does not respond"
userSet.SetDescription(&description)
escalationApprovers := []graphmodels.UserSetable {
userSet,
}
approvalStage.SetEscalationApprovers(escalationApprovers)
approvalStage1 := graphmodels.NewApprovalStage()
approvalStageTimeOutInDays := int32(14)
approvalStage1.SetApprovalStageTimeOutInDays(&approvalStageTimeOutInDays)
isApproverJustificationRequired := true
approvalStage1.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := true
approvalStage1.SetIsEscalationEnabled(&isEscalationEnabled)
escalationTimeInMinutes := int32(11520)
approvalStage1.SetEscalationTimeInMinutes(&escalationTimeInMinutes)
userSet := graphmodels.NewGroupMembers()
isBackup := true
userSet.SetIsBackup(&isBackup)
id := "string (identifier)"
userSet.SetId(&id)
description := "group for users from connected organizations which have no internal sponsor"
userSet.SetDescription(&description)
userSet1 := graphmodels.NewInternalSponsors()
isBackup := false
userSet1.SetIsBackup(&isBackup)
primaryApprovers := []graphmodels.UserSetable {
userSet,
userSet1,
}
approvalStage1.SetPrimaryApprovers(primaryApprovers)
userSet := graphmodels.NewSingleUser()
isBackup := true
userSet.SetIsBackup(&isBackup)
id := "string (identifier)"
userSet.SetId(&id)
description := "user if the internal sponsor does not respond"
userSet.SetDescription(&description)
escalationApprovers := []graphmodels.UserSetable {
userSet,
}
approvalStage1.SetEscalationApprovers(escalationApprovers)
approvalStages := []graphmodels.ApprovalStageable {
approvalStage,
approvalStage1,
}
requestApprovalSettings.SetApprovalStages(approvalStages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessReviewSettings := graphmodels.NewAssignmentReviewSettings()
isEnabled := true
accessReviewSettings.SetIsEnabled(&isEnabled)
recurrenceType := "quarterly"
accessReviewSettings.SetRecurrenceType(&recurrenceType)
reviewerType := "Self"
accessReviewSettings.SetReviewerType(&reviewerType)
startDateTime , err := time.Parse(time.RFC3339, "2020-04-01T07:59:59.998Z")
accessReviewSettings.SetStartDateTime(&startDateTime)
durationInDays := int32(25)
accessReviewSettings.SetDurationInDays(&durationInDays)
reviewers := []graphmodels.UserSetable {
}
accessReviewSettings.SetReviewers(reviewers)
requestBody.SetAccessReviewSettings(accessReviewSettings)
accessPackageAssignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setAccessPackageId("string (identifier)");
accessPackageAssignmentPolicy.setDisplayName("Users from connected organizations can request");
accessPackageAssignmentPolicy.setDescription("Allow users from configured connected organizations to request and be approved by their sponsors");
accessPackageAssignmentPolicy.setCanExtend(false);
accessPackageAssignmentPolicy.setDurationInDays(365);
accessPackageAssignmentPolicy.setExpirationDateTime(null);
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.setScopeType("AllExistingConnectedOrganizationSubjects");
requestorSettings.setAcceptRequests(true);
LinkedList<UserSet> allowedRequestors = new LinkedList<UserSet>();
requestorSettings.setAllowedRequestors(allowedRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
ApprovalSettings requestApprovalSettings = new ApprovalSettings();
requestApprovalSettings.setIsApprovalRequired(true);
requestApprovalSettings.setIsApprovalRequiredForExtension(false);
requestApprovalSettings.setIsRequestorJustificationRequired(true);
requestApprovalSettings.setApprovalMode("Serial");
LinkedList<ApprovalStage> approvalStages = new LinkedList<ApprovalStage>();
ApprovalStage approvalStage = new ApprovalStage();
approvalStage.setApprovalStageTimeOutInDays(14);
approvalStage.setIsApproverJustificationRequired(true);
approvalStage.setIsEscalationEnabled(true);
approvalStage.setEscalationTimeInMinutes(11520);
LinkedList<UserSet> primaryApprovers = new LinkedList<UserSet>();
GroupMembers userSet = new GroupMembers();
userSet.setOdataType("#microsoft.graph.groupMembers");
userSet.setIsBackup(true);
userSet.setId("string (identifier)");
userSet.setDescription("group for users from connected organizations which have no external sponsor");
primaryApprovers.add(userSet);
ExternalSponsors userSet1 = new ExternalSponsors();
userSet1.setOdataType("#microsoft.graph.externalSponsors");
userSet1.setIsBackup(false);
primaryApprovers.add(userSet1);
approvalStage.setPrimaryApprovers(primaryApprovers);
LinkedList<UserSet> escalationApprovers = new LinkedList<UserSet>();
SingleUser userSet2 = new SingleUser();
userSet2.setOdataType("#microsoft.graph.singleUser");
userSet2.setIsBackup(true);
userSet2.setId("string (identifier)");
userSet2.setDescription("user if the external sponsor does not respond");
escalationApprovers.add(userSet2);
approvalStage.setEscalationApprovers(escalationApprovers);
approvalStages.add(approvalStage);
ApprovalStage approvalStage1 = new ApprovalStage();
approvalStage1.setApprovalStageTimeOutInDays(14);
approvalStage1.setIsApproverJustificationRequired(true);
approvalStage1.setIsEscalationEnabled(true);
approvalStage1.setEscalationTimeInMinutes(11520);
LinkedList<UserSet> primaryApprovers1 = new LinkedList<UserSet>();
GroupMembers userSet3 = new GroupMembers();
userSet3.setOdataType("#microsoft.graph.groupMembers");
userSet3.setIsBackup(true);
userSet3.setId("string (identifier)");
userSet3.setDescription("group for users from connected organizations which have no internal sponsor");
primaryApprovers1.add(userSet3);
InternalSponsors userSet4 = new InternalSponsors();
userSet4.setOdataType("#microsoft.graph.internalSponsors");
userSet4.setIsBackup(false);
primaryApprovers1.add(userSet4);
approvalStage1.setPrimaryApprovers(primaryApprovers1);
LinkedList<UserSet> escalationApprovers1 = new LinkedList<UserSet>();
SingleUser userSet5 = new SingleUser();
userSet5.setOdataType("#microsoft.graph.singleUser");
userSet5.setIsBackup(true);
userSet5.setId("string (identifier)");
userSet5.setDescription("user if the internal sponsor does not respond");
escalationApprovers1.add(userSet5);
approvalStage1.setEscalationApprovers(escalationApprovers1);
approvalStages.add(approvalStage1);
requestApprovalSettings.setApprovalStages(approvalStages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AssignmentReviewSettings accessReviewSettings = new AssignmentReviewSettings();
accessReviewSettings.setIsEnabled(true);
accessReviewSettings.setRecurrenceType("quarterly");
accessReviewSettings.setReviewerType("Self");
OffsetDateTime startDateTime = OffsetDateTime.parse("2020-04-01T07:59:59.998Z");
accessReviewSettings.setStartDateTime(startDateTime);
accessReviewSettings.setDurationInDays(25);
LinkedList<UserSet> reviewers = new LinkedList<UserSet>();
accessReviewSettings.setReviewers(reviewers);
accessPackageAssignmentPolicy.setAccessReviewSettings(accessReviewSettings);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies().post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
accessPackageId: 'string (identifier)',
displayName: 'Users from connected organizations can request',
description: 'Allow users from configured connected organizations to request and be approved by their sponsors',
canExtend: false,
durationInDays: 365,
expirationDateTime: null,
requestorSettings: {
scopeType: 'AllExistingConnectedOrganizationSubjects',
acceptRequests: true,
allowedRequestors: []
},
requestApprovalSettings: {
isApprovalRequired: true,
isApprovalRequiredForExtension: false,
isRequestorJustificationRequired: true,
approvalMode: 'Serial',
approvalStages: [
{
approvalStageTimeOutInDays: 14,
isApproverJustificationRequired: true,
isEscalationEnabled: true,
escalationTimeInMinutes: 11520,
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.groupMembers',
isBackup: true,
id: 'string (identifier)',
description: 'group for users from connected organizations which have no external sponsor'
},
{
'@odata.type': '#microsoft.graph.externalSponsors',
isBackup: false
}
],
escalationApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
isBackup: true,
id: 'string (identifier)',
description: 'user if the external sponsor does not respond'
}
]
},
{
approvalStageTimeOutInDays: 14,
isApproverJustificationRequired: true,
isEscalationEnabled: true,
escalationTimeInMinutes: 11520,
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.groupMembers',
isBackup: true,
id: 'string (identifier)',
description: 'group for users from connected organizations which have no internal sponsor'
},
{
'@odata.type': '#microsoft.graph.internalSponsors',
isBackup: false
}
],
escalationApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
isBackup: true,
id: 'string (identifier)',
description: 'user if the internal sponsor does not respond'
}
]
}
]
},
accessReviewSettings: {
isEnabled: true,
recurrenceType: 'quarterly',
reviewerType: 'Self',
startDateTime: '2020-04-01T07:59:59.998Z',
durationInDays: 25,
reviewers: []
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\RequestorSettings;
use Microsoft\Graph\Generated\Models\UserSet;
use Microsoft\Graph\Generated\Models\ApprovalSettings;
use Microsoft\Graph\Generated\Models\ApprovalStage;
use Microsoft\Graph\Generated\Models\GroupMembers;
use Microsoft\Graph\Generated\Models\ExternalSponsors;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\InternalSponsors;
use Microsoft\Graph\Generated\Models\AssignmentReviewSettings;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setAccessPackageId('string (identifier)');
$requestBody->setDisplayName('Users from connected organizations can request');
$requestBody->setDescription('Allow users from configured connected organizations to request and be approved by their sponsors');
$requestBody->setCanExtend(false);
$requestBody->setDurationInDays(365);
$requestBody->setExpirationDateTime(null);
$requestorSettings = new RequestorSettings();
$requestorSettings->setScopeType('AllExistingConnectedOrganizationSubjects');
$requestorSettings->setAcceptRequests(true);
$requestorSettings->setAllowedRequestors([ ]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new ApprovalSettings();
$requestApprovalSettings->setIsApprovalRequired(true);
$requestApprovalSettings->setIsApprovalRequiredForExtension(false);
$requestApprovalSettings->setIsRequestorJustificationRequired(true);
$requestApprovalSettings->setApprovalMode('Serial');
$approvalStagesApprovalStage1 = new ApprovalStage();
$approvalStagesApprovalStage1->setApprovalStageTimeOutInDays(14);
$approvalStagesApprovalStage1->setIsApproverJustificationRequired(true);
$approvalStagesApprovalStage1->setIsEscalationEnabled(true);
$approvalStagesApprovalStage1->setEscalationTimeInMinutes(11520);
$primaryApproversUserSet1 = new GroupMembers();
$primaryApproversUserSet1->setOdataType('#microsoft.graph.groupMembers');
$primaryApproversUserSet1->setIsBackup(true);
$primaryApproversUserSet1->setId('string (identifier)');
$primaryApproversUserSet1->setDescription('group for users from connected organizations which have no external sponsor');
$primaryApproversArray []= $primaryApproversUserSet1;
$primaryApproversUserSet2 = new ExternalSponsors();
$primaryApproversUserSet2->setOdataType('#microsoft.graph.externalSponsors');
$primaryApproversUserSet2->setIsBackup(false);
$primaryApproversArray []= $primaryApproversUserSet2;
$approvalStagesApprovalStage1->setPrimaryApprovers($primaryApproversArray);
$escalationApproversUserSet1 = new SingleUser();
$escalationApproversUserSet1->setOdataType('#microsoft.graph.singleUser');
$escalationApproversUserSet1->setIsBackup(true);
$escalationApproversUserSet1->setId('string (identifier)');
$escalationApproversUserSet1->setDescription('user if the external sponsor does not respond');
$escalationApproversArray []= $escalationApproversUserSet1;
$approvalStagesApprovalStage1->setEscalationApprovers($escalationApproversArray);
$approvalStagesArray []= $approvalStagesApprovalStage1;
$approvalStagesApprovalStage2 = new ApprovalStage();
$approvalStagesApprovalStage2->setApprovalStageTimeOutInDays(14);
$approvalStagesApprovalStage2->setIsApproverJustificationRequired(true);
$approvalStagesApprovalStage2->setIsEscalationEnabled(true);
$approvalStagesApprovalStage2->setEscalationTimeInMinutes(11520);
$primaryApproversUserSet1 = new GroupMembers();
$primaryApproversUserSet1->setOdataType('#microsoft.graph.groupMembers');
$primaryApproversUserSet1->setIsBackup(true);
$primaryApproversUserSet1->setId('string (identifier)');
$primaryApproversUserSet1->setDescription('group for users from connected organizations which have no internal sponsor');
$primaryApproversArray []= $primaryApproversUserSet1;
$primaryApproversUserSet2 = new InternalSponsors();
$primaryApproversUserSet2->setOdataType('#microsoft.graph.internalSponsors');
$primaryApproversUserSet2->setIsBackup(false);
$primaryApproversArray []= $primaryApproversUserSet2;
$approvalStagesApprovalStage2->setPrimaryApprovers($primaryApproversArray);
$escalationApproversUserSet1 = new SingleUser();
$escalationApproversUserSet1->setOdataType('#microsoft.graph.singleUser');
$escalationApproversUserSet1->setIsBackup(true);
$escalationApproversUserSet1->setId('string (identifier)');
$escalationApproversUserSet1->setDescription('user if the internal sponsor does not respond');
$escalationApproversArray []= $escalationApproversUserSet1;
$approvalStagesApprovalStage2->setEscalationApprovers($escalationApproversArray);
$approvalStagesArray []= $approvalStagesApprovalStage2;
$requestApprovalSettings->setApprovalStages($approvalStagesArray);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$accessReviewSettings = new AssignmentReviewSettings();
$accessReviewSettings->setIsEnabled(true);
$accessReviewSettings->setRecurrenceType('quarterly');
$accessReviewSettings->setReviewerType('Self');
$accessReviewSettings->setStartDateTime(new \DateTime('2020-04-01T07:59:59.998Z'));
$accessReviewSettings->setDurationInDays(25);
$accessReviewSettings->setReviewers([]);
$requestBody->setAccessReviewSettings($accessReviewSettings);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentPolicies()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
accessPackageId = "string (identifier)"
displayName = "Users from connected organizations can request"
description = "Allow users from configured connected organizations to request and be approved by their sponsors"
canExtend = $false
durationInDays = 365
expirationDateTime = $null
requestorSettings = @{
scopeType = "AllExistingConnectedOrganizationSubjects"
acceptRequests = $true
allowedRequestors = @(
)
}
requestApprovalSettings = @{
isApprovalRequired = $true
isApprovalRequiredForExtension = $false
isRequestorJustificationRequired = $true
approvalMode = "Serial"
approvalStages = @(
@{
approvalStageTimeOutInDays = 14
isApproverJustificationRequired = $true
isEscalationEnabled = $true
escalationTimeInMinutes = 11520
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.groupMembers"
isBackup = $true
id = "string (identifier)"
description = "group for users from connected organizations which have no external sponsor"
}
@{
"@odata.type" = "#microsoft.graph.externalSponsors"
isBackup = $false
}
)
escalationApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
isBackup = $true
id = "string (identifier)"
description = "user if the external sponsor does not respond"
}
)
}
@{
approvalStageTimeOutInDays = 14
isApproverJustificationRequired = $true
isEscalationEnabled = $true
escalationTimeInMinutes = 11520
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.groupMembers"
isBackup = $true
id = "string (identifier)"
description = "group for users from connected organizations which have no internal sponsor"
}
@{
"@odata.type" = "#microsoft.graph.internalSponsors"
isBackup = $false
}
)
escalationApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
isBackup = $true
id = "string (identifier)"
description = "user if the internal sponsor does not respond"
}
)
}
)
}
accessReviewSettings = @{
isEnabled = $true
recurrenceType = "quarterly"
reviewerType = "Self"
startDateTime = [System.DateTime]::Parse("2020-04-01T07:59:59.998Z")
durationInDays = 25
reviewers = @(
)
}
}
New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.requestor_settings import RequestorSettings
from msgraph.generated.models.user_set import UserSet
from msgraph.generated.models.approval_settings import ApprovalSettings
from msgraph.generated.models.approval_stage import ApprovalStage
from msgraph.generated.models.group_members import GroupMembers
from msgraph.generated.models.external_sponsors import ExternalSponsors
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.internal_sponsors import InternalSponsors
from msgraph.generated.models.assignment_review_settings import AssignmentReviewSettings
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
access_package_id = "string (identifier)",
display_name = "Users from connected organizations can request",
description = "Allow users from configured connected organizations to request and be approved by their sponsors",
can_extend = False,
duration_in_days = 365,
expiration_date_time = None,
requestor_settings = RequestorSettings(
scope_type = "AllExistingConnectedOrganizationSubjects",
accept_requests = True,
allowed_requestors = [
],
),
request_approval_settings = ApprovalSettings(
is_approval_required = True,
is_approval_required_for_extension = False,
is_requestor_justification_required = True,
approval_mode = "Serial",
approval_stages = [
ApprovalStage(
approval_stage_time_out_in_days = 14,
is_approver_justification_required = True,
is_escalation_enabled = True,
escalation_time_in_minutes = 11520,
primary_approvers = [
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
is_backup = True,
id = "string (identifier)",
description = "group for users from connected organizations which have no external sponsor",
),
ExternalSponsors(
odata_type = "#microsoft.graph.externalSponsors",
is_backup = False,
),
],
escalation_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
is_backup = True,
id = "string (identifier)",
description = "user if the external sponsor does not respond",
),
],
),
ApprovalStage(
approval_stage_time_out_in_days = 14,
is_approver_justification_required = True,
is_escalation_enabled = True,
escalation_time_in_minutes = 11520,
primary_approvers = [
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
is_backup = True,
id = "string (identifier)",
description = "group for users from connected organizations which have no internal sponsor",
),
InternalSponsors(
odata_type = "#microsoft.graph.internalSponsors",
is_backup = False,
),
],
escalation_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
is_backup = True,
id = "string (identifier)",
description = "user if the internal sponsor does not respond",
),
],
),
],
),
access_review_settings = AssignmentReviewSettings(
is_enabled = True,
recurrence_type = "quarterly",
reviewer_type = "Self",
start_date_time = "2020-04-01T07:59:59.998Z",
duration_in_days = 25,
reviewers = [
],
),
)
result = await graph_client.identity_governance.entitlement_management.access_package_assignment_policies.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "4c02f928-7752-49aa-8fc8-e286d973a965",
"accessPackageId": "string (identifier)",
"displayName": "Users from connected organizations can request",
"description": "Allow users from configured connected organizations to request and be approved by their sponsors"
}
Example 3: Create assignment policy with questions
Questions configured in an assignment policy will be asked to requestors in scope of the policy. Their answers will be shown to their approvers. Question IDs are read-only and are included in the response by default.
Request
The following example shows a request to create an access package assignment policy.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"accessPackageId": "b2eba9a1-b357-42ee-83a8-336522ed6cbf",
"displayName": "Users from connected organizations can request",
"description": "Allow users from configured connected organizations to request and be approved by their sponsors",
"canExtend": false,
"durationInDays": 365,
"expirationDateTime": null,
"requestorSettings": {
"scopeType": "AllExistingConnectedOrganizationSubjects",
"acceptRequests": true
},
"requestApprovalSettings": {
"isApprovalRequired": true,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": true,
"approvalMode": "SingleStage",
"approvalStages": [{
"approvalStageTimeOutInDays": 14,
"isApproverJustificationRequired": true,
"isEscalationEnabled": false,
"escalationTimeInMinutes": 11520,
"primaryApprovers": [{
"@odata.type": "#microsoft.graph.groupMembers",
"isBackup": true,
"id": "d2dcb9a1-a445-42ee-83a8-476522ed6cbf",
"description": "group for users from connected organizations which have no external sponsor"
},
{
"@odata.type": "#microsoft.graph.externalSponsors",
"isBackup": false
}
]
}
]
},
"questions": [{
"isRequired": false,
"text": {
"defaultText": "what state are you from?",
"localizedTexts": [{
"text": "¿De qué estado eres?",
"languageCode": "es"
}]
},
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",
"choices": [{
"actualValue": "AZ",
"displayValue": {
"localizedTexts": [{
"text": "Arizona",
"languageCode": "es"
}]
}
}, {
"actualValue": "CA",
"displayValue": {
"localizedTexts": [{
"text": "California",
"languageCode": "es"
}]
}
}, {
"actualValue": "OH",
"displayValue": {
"localizedTexts": [{
"text": "Ohio",
"languageCode": "es"
}]
}
}],
"allowsMultipleSelection": false
}, {
"isRequired": false,
"text": {
"defaultText": "Who is your manager?",
"localizedTexts": [{
"text": "por qué necesita acceso a este paquete",
"languageCode": "es"
}]
},
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
"isSingleLineQuestion": false
}]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
AccessPackageId = "b2eba9a1-b357-42ee-83a8-336522ed6cbf",
DisplayName = "Users from connected organizations can request",
Description = "Allow users from configured connected organizations to request and be approved by their sponsors",
CanExtend = false,
DurationInDays = 365,
ExpirationDateTime = null,
RequestorSettings = new RequestorSettings
{
ScopeType = "AllExistingConnectedOrganizationSubjects",
AcceptRequests = true,
},
RequestApprovalSettings = new ApprovalSettings
{
IsApprovalRequired = true,
IsApprovalRequiredForExtension = false,
IsRequestorJustificationRequired = true,
ApprovalMode = "SingleStage",
ApprovalStages = new List<ApprovalStage>
{
new ApprovalStage
{
ApprovalStageTimeOutInDays = 14,
IsApproverJustificationRequired = true,
IsEscalationEnabled = false,
EscalationTimeInMinutes = 11520,
PrimaryApprovers = new List<UserSet>
{
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
IsBackup = true,
Id = "d2dcb9a1-a445-42ee-83a8-476522ed6cbf",
Description = "group for users from connected organizations which have no external sponsor",
},
new ExternalSponsors
{
OdataType = "#microsoft.graph.externalSponsors",
IsBackup = false,
},
},
},
},
},
Questions = new List<AccessPackageQuestion>
{
new AccessPackageMultipleChoiceQuestion
{
IsRequired = false,
Text = new AccessPackageLocalizedContent
{
DefaultText = "what state are you from?",
LocalizedTexts = new List<AccessPackageLocalizedText>
{
new AccessPackageLocalizedText
{
Text = "¿De qué estado eres?",
LanguageCode = "es",
},
},
},
OdataType = "#microsoft.graph.accessPackageMultipleChoiceQuestion",
Choices = new List<AccessPackageAnswerChoice>
{
new AccessPackageAnswerChoice
{
ActualValue = "AZ",
DisplayValue = new AccessPackageLocalizedContent
{
LocalizedTexts = new List<AccessPackageLocalizedText>
{
new AccessPackageLocalizedText
{
Text = "Arizona",
LanguageCode = "es",
},
},
},
},
new AccessPackageAnswerChoice
{
ActualValue = "CA",
DisplayValue = new AccessPackageLocalizedContent
{
LocalizedTexts = new List<AccessPackageLocalizedText>
{
new AccessPackageLocalizedText
{
Text = "California",
LanguageCode = "es",
},
},
},
},
new AccessPackageAnswerChoice
{
ActualValue = "OH",
DisplayValue = new AccessPackageLocalizedContent
{
LocalizedTexts = new List<AccessPackageLocalizedText>
{
new AccessPackageLocalizedText
{
Text = "Ohio",
LanguageCode = "es",
},
},
},
},
},
AllowsMultipleSelection = false,
},
new AccessPackageTextInputQuestion
{
IsRequired = false,
Text = new AccessPackageLocalizedContent
{
DefaultText = "Who is your manager?",
LocalizedTexts = new List<AccessPackageLocalizedText>
{
new AccessPackageLocalizedText
{
Text = "por qué necesita acceso a este paquete",
LanguageCode = "es",
},
},
},
OdataType = "#microsoft.graph.accessPackageTextInputQuestion",
IsSingleLineQuestion = false,
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-policies create --body '{\
"accessPackageId": "b2eba9a1-b357-42ee-83a8-336522ed6cbf",\
"displayName": "Users from connected organizations can request",\
"description": "Allow users from configured connected organizations to request and be approved by their sponsors",\
"canExtend": false,\
"durationInDays": 365,\
"expirationDateTime": null,\
"requestorSettings": {\
"scopeType": "AllExistingConnectedOrganizationSubjects",\
"acceptRequests": true\
},\
"requestApprovalSettings": {\
"isApprovalRequired": true,\
"isApprovalRequiredForExtension": false,\
"isRequestorJustificationRequired": true,\
"approvalMode": "SingleStage",\
"approvalStages": [{\
"approvalStageTimeOutInDays": 14,\
"isApproverJustificationRequired": true,\
"isEscalationEnabled": false,\
"escalationTimeInMinutes": 11520,\
"primaryApprovers": [{\
"@odata.type": "#microsoft.graph.groupMembers",\
"isBackup": true,\
"id": "d2dcb9a1-a445-42ee-83a8-476522ed6cbf",\
"description": "group for users from connected organizations which have no external sponsor"\
},\
{\
"@odata.type": "#microsoft.graph.externalSponsors",\
"isBackup": false\
}\
]\
}\
]\
},\
"questions": [{\
"isRequired": false,\
"text": {\
"defaultText": "what state are you from?",\
"localizedTexts": [{\
"text": "¿De qué estado eres?",\
"languageCode": "es"\
}]\
},\
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",\
"choices": [{\
"actualValue": "AZ",\
"displayValue": {\
"localizedTexts": [{\
"text": "Arizona",\
"languageCode": "es"\
}]\
}\
}, {\
"actualValue": "CA",\
"displayValue": {\
"localizedTexts": [{\
"text": "California",\
"languageCode": "es"\
}]\
}\
}, {\
"actualValue": "OH",\
"displayValue": {\
"localizedTexts": [{\
"text": "Ohio",\
"languageCode": "es"\
}]\
}\
}],\
"allowsMultipleSelection": false\
}, {\
"isRequired": false,\
"text": {\
"defaultText": "Who is your manager?",\
"localizedTexts": [{\
"text": "por qué necesita acceso a este paquete",\
"languageCode": "es"\
}]\
},\
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",\
"isSingleLineQuestion": false\
}]\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
accessPackageId := "b2eba9a1-b357-42ee-83a8-336522ed6cbf"
requestBody.SetAccessPackageId(&accessPackageId)
displayName := "Users from connected organizations can request"
requestBody.SetDisplayName(&displayName)
description := "Allow users from configured connected organizations to request and be approved by their sponsors"
requestBody.SetDescription(&description)
canExtend := false
requestBody.SetCanExtend(&canExtend)
durationInDays := int32(365)
requestBody.SetDurationInDays(&durationInDays)
expirationDateTime := null
requestBody.SetExpirationDateTime(&expirationDateTime)
requestorSettings := graphmodels.NewRequestorSettings()
scopeType := "AllExistingConnectedOrganizationSubjects"
requestorSettings.SetScopeType(&scopeType)
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewApprovalSettings()
isApprovalRequired := true
requestApprovalSettings.SetIsApprovalRequired(&isApprovalRequired)
isApprovalRequiredForExtension := false
requestApprovalSettings.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension)
isRequestorJustificationRequired := true
requestApprovalSettings.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired)
approvalMode := "SingleStage"
requestApprovalSettings.SetApprovalMode(&approvalMode)
approvalStage := graphmodels.NewApprovalStage()
approvalStageTimeOutInDays := int32(14)
approvalStage.SetApprovalStageTimeOutInDays(&approvalStageTimeOutInDays)
isApproverJustificationRequired := true
approvalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
approvalStage.SetIsEscalationEnabled(&isEscalationEnabled)
escalationTimeInMinutes := int32(11520)
approvalStage.SetEscalationTimeInMinutes(&escalationTimeInMinutes)
userSet := graphmodels.NewGroupMembers()
isBackup := true
userSet.SetIsBackup(&isBackup)
id := "d2dcb9a1-a445-42ee-83a8-476522ed6cbf"
userSet.SetId(&id)
description := "group for users from connected organizations which have no external sponsor"
userSet.SetDescription(&description)
userSet1 := graphmodels.NewExternalSponsors()
isBackup := false
userSet1.SetIsBackup(&isBackup)
primaryApprovers := []graphmodels.UserSetable {
userSet,
userSet1,
}
approvalStage.SetPrimaryApprovers(primaryApprovers)
approvalStages := []graphmodels.ApprovalStageable {
approvalStage,
}
requestApprovalSettings.SetApprovalStages(approvalStages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackageQuestion := graphmodels.NewAccessPackageMultipleChoiceQuestion()
isRequired := false
accessPackageQuestion.SetIsRequired(&isRequired)
text := graphmodels.NewAccessPackageLocalizedContent()
defaultText := "what state are you from?"
text.SetDefaultText(&defaultText)
accessPackageLocalizedText := graphmodels.NewAccessPackageLocalizedText()
text := "¿De qué estado eres?"
accessPackageLocalizedText.SetText(&text)
languageCode := "es"
accessPackageLocalizedText.SetLanguageCode(&languageCode)
localizedTexts := []graphmodels.AccessPackageLocalizedTextable {
accessPackageLocalizedText,
}
text.SetLocalizedTexts(localizedTexts)
accessPackageQuestion.SetText(text)
accessPackageAnswerChoice := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "AZ"
accessPackageAnswerChoice.SetActualValue(&actualValue)
displayValue := graphmodels.NewAccessPackageLocalizedContent()
accessPackageLocalizedText := graphmodels.NewAccessPackageLocalizedText()
text := "Arizona"
accessPackageLocalizedText.SetText(&text)
languageCode := "es"
accessPackageLocalizedText.SetLanguageCode(&languageCode)
localizedTexts := []graphmodels.AccessPackageLocalizedTextable {
accessPackageLocalizedText,
}
displayValue.SetLocalizedTexts(localizedTexts)
accessPackageAnswerChoice.SetDisplayValue(displayValue)
accessPackageAnswerChoice1 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "CA"
accessPackageAnswerChoice1.SetActualValue(&actualValue)
displayValue := graphmodels.NewAccessPackageLocalizedContent()
accessPackageLocalizedText := graphmodels.NewAccessPackageLocalizedText()
text := "California"
accessPackageLocalizedText.SetText(&text)
languageCode := "es"
accessPackageLocalizedText.SetLanguageCode(&languageCode)
localizedTexts := []graphmodels.AccessPackageLocalizedTextable {
accessPackageLocalizedText,
}
displayValue.SetLocalizedTexts(localizedTexts)
accessPackageAnswerChoice1.SetDisplayValue(displayValue)
accessPackageAnswerChoice2 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "OH"
accessPackageAnswerChoice2.SetActualValue(&actualValue)
displayValue := graphmodels.NewAccessPackageLocalizedContent()
accessPackageLocalizedText := graphmodels.NewAccessPackageLocalizedText()
text := "Ohio"
accessPackageLocalizedText.SetText(&text)
languageCode := "es"
accessPackageLocalizedText.SetLanguageCode(&languageCode)
localizedTexts := []graphmodels.AccessPackageLocalizedTextable {
accessPackageLocalizedText,
}
displayValue.SetLocalizedTexts(localizedTexts)
accessPackageAnswerChoice2.SetDisplayValue(displayValue)
choices := []graphmodels.AccessPackageAnswerChoiceable {
accessPackageAnswerChoice,
accessPackageAnswerChoice1,
accessPackageAnswerChoice2,
}
accessPackageQuestion.SetChoices(choices)
allowsMultipleSelection := false
accessPackageQuestion.SetAllowsMultipleSelection(&allowsMultipleSelection)
accessPackageQuestion1 := graphmodels.NewAccessPackageTextInputQuestion()
isRequired := false
accessPackageQuestion1.SetIsRequired(&isRequired)
text := graphmodels.NewAccessPackageLocalizedContent()
defaultText := "Who is your manager?"
text.SetDefaultText(&defaultText)
accessPackageLocalizedText := graphmodels.NewAccessPackageLocalizedText()
text := "por qué necesita acceso a este paquete"
accessPackageLocalizedText.SetText(&text)
languageCode := "es"
accessPackageLocalizedText.SetLanguageCode(&languageCode)
localizedTexts := []graphmodels.AccessPackageLocalizedTextable {
accessPackageLocalizedText,
}
text.SetLocalizedTexts(localizedTexts)
accessPackageQuestion1.SetText(text)
isSingleLineQuestion := false
accessPackageQuestion1.SetIsSingleLineQuestion(&isSingleLineQuestion)
questions := []graphmodels.AccessPackageQuestionable {
accessPackageQuestion,
accessPackageQuestion1,
}
requestBody.SetQuestions(questions)
accessPackageAssignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setAccessPackageId("b2eba9a1-b357-42ee-83a8-336522ed6cbf");
accessPackageAssignmentPolicy.setDisplayName("Users from connected organizations can request");
accessPackageAssignmentPolicy.setDescription("Allow users from configured connected organizations to request and be approved by their sponsors");
accessPackageAssignmentPolicy.setCanExtend(false);
accessPackageAssignmentPolicy.setDurationInDays(365);
accessPackageAssignmentPolicy.setExpirationDateTime(null);
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.setScopeType("AllExistingConnectedOrganizationSubjects");
requestorSettings.setAcceptRequests(true);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
ApprovalSettings requestApprovalSettings = new ApprovalSettings();
requestApprovalSettings.setIsApprovalRequired(true);
requestApprovalSettings.setIsApprovalRequiredForExtension(false);
requestApprovalSettings.setIsRequestorJustificationRequired(true);
requestApprovalSettings.setApprovalMode("SingleStage");
LinkedList<ApprovalStage> approvalStages = new LinkedList<ApprovalStage>();
ApprovalStage approvalStage = new ApprovalStage();
approvalStage.setApprovalStageTimeOutInDays(14);
approvalStage.setIsApproverJustificationRequired(true);
approvalStage.setIsEscalationEnabled(false);
approvalStage.setEscalationTimeInMinutes(11520);
LinkedList<UserSet> primaryApprovers = new LinkedList<UserSet>();
GroupMembers userSet = new GroupMembers();
userSet.setOdataType("#microsoft.graph.groupMembers");
userSet.setIsBackup(true);
userSet.setId("d2dcb9a1-a445-42ee-83a8-476522ed6cbf");
userSet.setDescription("group for users from connected organizations which have no external sponsor");
primaryApprovers.add(userSet);
ExternalSponsors userSet1 = new ExternalSponsors();
userSet1.setOdataType("#microsoft.graph.externalSponsors");
userSet1.setIsBackup(false);
primaryApprovers.add(userSet1);
approvalStage.setPrimaryApprovers(primaryApprovers);
approvalStages.add(approvalStage);
requestApprovalSettings.setApprovalStages(approvalStages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
LinkedList<AccessPackageQuestion> questions = new LinkedList<AccessPackageQuestion>();
AccessPackageMultipleChoiceQuestion accessPackageQuestion = new AccessPackageMultipleChoiceQuestion();
accessPackageQuestion.setIsRequired(false);
AccessPackageLocalizedContent text = new AccessPackageLocalizedContent();
text.setDefaultText("what state are you from?");
LinkedList<AccessPackageLocalizedText> localizedTexts = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText accessPackageLocalizedText = new AccessPackageLocalizedText();
accessPackageLocalizedText.setText("¿De qué estado eres?");
accessPackageLocalizedText.setLanguageCode("es");
localizedTexts.add(accessPackageLocalizedText);
text.setLocalizedTexts(localizedTexts);
accessPackageQuestion.setText(text);
accessPackageQuestion.setOdataType("#microsoft.graph.accessPackageMultipleChoiceQuestion");
LinkedList<AccessPackageAnswerChoice> choices = new LinkedList<AccessPackageAnswerChoice>();
AccessPackageAnswerChoice accessPackageAnswerChoice = new AccessPackageAnswerChoice();
accessPackageAnswerChoice.setActualValue("AZ");
AccessPackageLocalizedContent displayValue = new AccessPackageLocalizedContent();
LinkedList<AccessPackageLocalizedText> localizedTexts1 = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText accessPackageLocalizedText1 = new AccessPackageLocalizedText();
accessPackageLocalizedText1.setText("Arizona");
accessPackageLocalizedText1.setLanguageCode("es");
localizedTexts1.add(accessPackageLocalizedText1);
displayValue.setLocalizedTexts(localizedTexts1);
accessPackageAnswerChoice.setDisplayValue(displayValue);
choices.add(accessPackageAnswerChoice);
AccessPackageAnswerChoice accessPackageAnswerChoice1 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice1.setActualValue("CA");
AccessPackageLocalizedContent displayValue1 = new AccessPackageLocalizedContent();
LinkedList<AccessPackageLocalizedText> localizedTexts2 = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText accessPackageLocalizedText2 = new AccessPackageLocalizedText();
accessPackageLocalizedText2.setText("California");
accessPackageLocalizedText2.setLanguageCode("es");
localizedTexts2.add(accessPackageLocalizedText2);
displayValue1.setLocalizedTexts(localizedTexts2);
accessPackageAnswerChoice1.setDisplayValue(displayValue1);
choices.add(accessPackageAnswerChoice1);
AccessPackageAnswerChoice accessPackageAnswerChoice2 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice2.setActualValue("OH");
AccessPackageLocalizedContent displayValue2 = new AccessPackageLocalizedContent();
LinkedList<AccessPackageLocalizedText> localizedTexts3 = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText accessPackageLocalizedText3 = new AccessPackageLocalizedText();
accessPackageLocalizedText3.setText("Ohio");
accessPackageLocalizedText3.setLanguageCode("es");
localizedTexts3.add(accessPackageLocalizedText3);
displayValue2.setLocalizedTexts(localizedTexts3);
accessPackageAnswerChoice2.setDisplayValue(displayValue2);
choices.add(accessPackageAnswerChoice2);
accessPackageQuestion.setChoices(choices);
accessPackageQuestion.setAllowsMultipleSelection(false);
questions.add(accessPackageQuestion);
AccessPackageTextInputQuestion accessPackageQuestion1 = new AccessPackageTextInputQuestion();
accessPackageQuestion1.setIsRequired(false);
AccessPackageLocalizedContent text5 = new AccessPackageLocalizedContent();
text5.setDefaultText("Who is your manager?");
LinkedList<AccessPackageLocalizedText> localizedTexts4 = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText accessPackageLocalizedText4 = new AccessPackageLocalizedText();
accessPackageLocalizedText4.setText("por qué necesita acceso a este paquete");
accessPackageLocalizedText4.setLanguageCode("es");
localizedTexts4.add(accessPackageLocalizedText4);
text5.setLocalizedTexts(localizedTexts4);
accessPackageQuestion1.setText(text5);
accessPackageQuestion1.setOdataType("#microsoft.graph.accessPackageTextInputQuestion");
accessPackageQuestion1.setIsSingleLineQuestion(false);
questions.add(accessPackageQuestion1);
accessPackageAssignmentPolicy.setQuestions(questions);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies().post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
accessPackageId: 'b2eba9a1-b357-42ee-83a8-336522ed6cbf',
displayName: 'Users from connected organizations can request',
description: 'Allow users from configured connected organizations to request and be approved by their sponsors',
canExtend: false,
durationInDays: 365,
expirationDateTime: null,
requestorSettings: {
scopeType: 'AllExistingConnectedOrganizationSubjects',
acceptRequests: true
},
requestApprovalSettings: {
isApprovalRequired: true,
isApprovalRequiredForExtension: false,
isRequestorJustificationRequired: true,
approvalMode: 'SingleStage',
approvalStages: [{
approvalStageTimeOutInDays: 14,
isApproverJustificationRequired: true,
isEscalationEnabled: false,
escalationTimeInMinutes: 11520,
primaryApprovers: [{
'@odata.type': '#microsoft.graph.groupMembers',
isBackup: true,
id: 'd2dcb9a1-a445-42ee-83a8-476522ed6cbf',
description: 'group for users from connected organizations which have no external sponsor'
},
{
'@odata.type': '#microsoft.graph.externalSponsors',
isBackup: false
}
]
}
]
},
questions: [{
isRequired: false,
text: {
defaultText: 'what state are you from?',
localizedTexts: [{
text: '¿De qué estado eres?',
languageCode: 'es'
}]
},
'@odata.type': '#microsoft.graph.accessPackageMultipleChoiceQuestion',
choices: [{
actualValue: 'AZ',
displayValue: {
localizedTexts: [{
text: 'Arizona',
languageCode: 'es'
}]
}
}, {
actualValue: 'CA',
displayValue: {
localizedTexts: [{
text: 'California',
languageCode: 'es'
}]
}
}, {
actualValue: 'OH',
displayValue: {
localizedTexts: [{
text: 'Ohio',
languageCode: 'es'
}]
}
}],
allowsMultipleSelection: false
}, {
isRequired: false,
text: {
defaultText: 'Who is your manager?',
localizedTexts: [{
text: 'por qué necesita acceso a este paquete',
languageCode: 'es'
}]
},
'@odata.type': '#microsoft.graph.accessPackageTextInputQuestion',
isSingleLineQuestion: false
}]
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\RequestorSettings;
use Microsoft\Graph\Generated\Models\ApprovalSettings;
use Microsoft\Graph\Generated\Models\ApprovalStage;
use Microsoft\Graph\Generated\Models\UserSet;
use Microsoft\Graph\Generated\Models\GroupMembers;
use Microsoft\Graph\Generated\Models\ExternalSponsors;
use Microsoft\Graph\Generated\Models\AccessPackageQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageMultipleChoiceQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageLocalizedContent;
use Microsoft\Graph\Generated\Models\AccessPackageLocalizedText;
use Microsoft\Graph\Generated\Models\AccessPackageAnswerChoice;
use Microsoft\Graph\Generated\Models\AccessPackageTextInputQuestion;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setAccessPackageId('b2eba9a1-b357-42ee-83a8-336522ed6cbf');
$requestBody->setDisplayName('Users from connected organizations can request');
$requestBody->setDescription('Allow users from configured connected organizations to request and be approved by their sponsors');
$requestBody->setCanExtend(false);
$requestBody->setDurationInDays(365);
$requestBody->setExpirationDateTime(null);
$requestorSettings = new RequestorSettings();
$requestorSettings->setScopeType('AllExistingConnectedOrganizationSubjects');
$requestorSettings->setAcceptRequests(true);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new ApprovalSettings();
$requestApprovalSettings->setIsApprovalRequired(true);
$requestApprovalSettings->setIsApprovalRequiredForExtension(false);
$requestApprovalSettings->setIsRequestorJustificationRequired(true);
$requestApprovalSettings->setApprovalMode('SingleStage');
$approvalStagesApprovalStage1 = new ApprovalStage();
$approvalStagesApprovalStage1->setApprovalStageTimeOutInDays(14);
$approvalStagesApprovalStage1->setIsApproverJustificationRequired(true);
$approvalStagesApprovalStage1->setIsEscalationEnabled(false);
$approvalStagesApprovalStage1->setEscalationTimeInMinutes(11520);
$primaryApproversUserSet1 = new GroupMembers();
$primaryApproversUserSet1->setOdataType('#microsoft.graph.groupMembers');
$primaryApproversUserSet1->setIsBackup(true);
$primaryApproversUserSet1->setId('d2dcb9a1-a445-42ee-83a8-476522ed6cbf');
$primaryApproversUserSet1->setDescription('group for users from connected organizations which have no external sponsor');
$primaryApproversArray []= $primaryApproversUserSet1;
$primaryApproversUserSet2 = new ExternalSponsors();
$primaryApproversUserSet2->setOdataType('#microsoft.graph.externalSponsors');
$primaryApproversUserSet2->setIsBackup(false);
$primaryApproversArray []= $primaryApproversUserSet2;
$approvalStagesApprovalStage1->setPrimaryApprovers($primaryApproversArray);
$approvalStagesArray []= $approvalStagesApprovalStage1;
$requestApprovalSettings->setApprovalStages($approvalStagesArray);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$questionsAccessPackageQuestion1 = new AccessPackageMultipleChoiceQuestion();
$questionsAccessPackageQuestion1->setIsRequired(false);
$questionsAccessPackageQuestion1Text = new AccessPackageLocalizedContent();
$questionsAccessPackageQuestion1Text->setDefaultText('what state are you from?');
$localizedTextsAccessPackageLocalizedText1 = new AccessPackageLocalizedText();
$localizedTextsAccessPackageLocalizedText1->setText('¿De qué estado eres?');
$localizedTextsAccessPackageLocalizedText1->setLanguageCode('es');
$localizedTextsArray []= $localizedTextsAccessPackageLocalizedText1;
$questionsAccessPackageQuestion1Text->setLocalizedTexts($localizedTextsArray);
$questionsAccessPackageQuestion1->setText($questionsAccessPackageQuestion1Text);
$questionsAccessPackageQuestion1->setOdataType('#microsoft.graph.accessPackageMultipleChoiceQuestion');
$choicesAccessPackageAnswerChoice1 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice1->setActualValue('AZ');
$choicesAccessPackageAnswerChoice1DisplayValue = new AccessPackageLocalizedContent();
$localizedTextsAccessPackageLocalizedText1 = new AccessPackageLocalizedText();
$localizedTextsAccessPackageLocalizedText1->setText('Arizona');
$localizedTextsAccessPackageLocalizedText1->setLanguageCode('es');
$localizedTextsArray []= $localizedTextsAccessPackageLocalizedText1;
$choicesAccessPackageAnswerChoice1DisplayValue->setLocalizedTexts($localizedTextsArray);
$choicesAccessPackageAnswerChoice1->setDisplayValue($choicesAccessPackageAnswerChoice1DisplayValue);
$choicesArray []= $choicesAccessPackageAnswerChoice1;
$choicesAccessPackageAnswerChoice2 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice2->setActualValue('CA');
$choicesAccessPackageAnswerChoice2DisplayValue = new AccessPackageLocalizedContent();
$localizedTextsAccessPackageLocalizedText1 = new AccessPackageLocalizedText();
$localizedTextsAccessPackageLocalizedText1->setText('California');
$localizedTextsAccessPackageLocalizedText1->setLanguageCode('es');
$localizedTextsArray []= $localizedTextsAccessPackageLocalizedText1;
$choicesAccessPackageAnswerChoice2DisplayValue->setLocalizedTexts($localizedTextsArray);
$choicesAccessPackageAnswerChoice2->setDisplayValue($choicesAccessPackageAnswerChoice2DisplayValue);
$choicesArray []= $choicesAccessPackageAnswerChoice2;
$choicesAccessPackageAnswerChoice3 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice3->setActualValue('OH');
$choicesAccessPackageAnswerChoice3DisplayValue = new AccessPackageLocalizedContent();
$localizedTextsAccessPackageLocalizedText1 = new AccessPackageLocalizedText();
$localizedTextsAccessPackageLocalizedText1->setText('Ohio');
$localizedTextsAccessPackageLocalizedText1->setLanguageCode('es');
$localizedTextsArray []= $localizedTextsAccessPackageLocalizedText1;
$choicesAccessPackageAnswerChoice3DisplayValue->setLocalizedTexts($localizedTextsArray);
$choicesAccessPackageAnswerChoice3->setDisplayValue($choicesAccessPackageAnswerChoice3DisplayValue);
$choicesArray []= $choicesAccessPackageAnswerChoice3;
$questionsAccessPackageQuestion1->setChoices($choicesArray);
$questionsAccessPackageQuestion1->setAllowsMultipleSelection(false);
$questionsArray []= $questionsAccessPackageQuestion1;
$questionsAccessPackageQuestion2 = new AccessPackageTextInputQuestion();
$questionsAccessPackageQuestion2->setIsRequired(false);
$questionsAccessPackageQuestion2Text = new AccessPackageLocalizedContent();
$questionsAccessPackageQuestion2Text->setDefaultText('Who is your manager?');
$localizedTextsAccessPackageLocalizedText1 = new AccessPackageLocalizedText();
$localizedTextsAccessPackageLocalizedText1->setText('por qué necesita acceso a este paquete');
$localizedTextsAccessPackageLocalizedText1->setLanguageCode('es');
$localizedTextsArray []= $localizedTextsAccessPackageLocalizedText1;
$questionsAccessPackageQuestion2Text->setLocalizedTexts($localizedTextsArray);
$questionsAccessPackageQuestion2->setText($questionsAccessPackageQuestion2Text);
$questionsAccessPackageQuestion2->setOdataType('#microsoft.graph.accessPackageTextInputQuestion');
$questionsAccessPackageQuestion2->setIsSingleLineQuestion(false);
$questionsArray []= $questionsAccessPackageQuestion2;
$requestBody->setQuestions($questionsArray);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentPolicies()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
accessPackageId = "b2eba9a1-b357-42ee-83a8-336522ed6cbf"
displayName = "Users from connected organizations can request"
description = "Allow users from configured connected organizations to request and be approved by their sponsors"
canExtend = $false
durationInDays = 365
expirationDateTime = $null
requestorSettings = @{
scopeType = "AllExistingConnectedOrganizationSubjects"
acceptRequests = $true
}
requestApprovalSettings = @{
isApprovalRequired = $true
isApprovalRequiredForExtension = $false
isRequestorJustificationRequired = $true
approvalMode = "SingleStage"
approvalStages = @(
@{
approvalStageTimeOutInDays = 14
isApproverJustificationRequired = $true
isEscalationEnabled = $false
escalationTimeInMinutes = 11520
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.groupMembers"
isBackup = $true
id = "d2dcb9a1-a445-42ee-83a8-476522ed6cbf"
description = "group for users from connected organizations which have no external sponsor"
}
@{
"@odata.type" = "#microsoft.graph.externalSponsors"
isBackup = $false
}
)
}
)
}
questions = @(
@{
isRequired = $false
text = @{
defaultText = "what state are you from?"
localizedTexts = @(
@{
text = "¿De qué estado eres?"
languageCode = "es"
}
)
}
"@odata.type" = "#microsoft.graph.accessPackageMultipleChoiceQuestion"
choices = @(
@{
actualValue = "AZ"
displayValue = @{
localizedTexts = @(
@{
text = "Arizona"
languageCode = "es"
}
)
}
}
@{
actualValue = "CA"
displayValue = @{
localizedTexts = @(
@{
text = "California"
languageCode = "es"
}
)
}
}
@{
actualValue = "OH"
displayValue = @{
localizedTexts = @(
@{
text = "Ohio"
languageCode = "es"
}
)
}
}
)
allowsMultipleSelection = $false
}
@{
isRequired = $false
text = @{
defaultText = "Who is your manager?"
localizedTexts = @(
@{
text = "por qué necesita acceso a este paquete"
languageCode = "es"
}
)
}
"@odata.type" = "#microsoft.graph.accessPackageTextInputQuestion"
isSingleLineQuestion = $false
}
)
}
New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.requestor_settings import RequestorSettings
from msgraph.generated.models.approval_settings import ApprovalSettings
from msgraph.generated.models.approval_stage import ApprovalStage
from msgraph.generated.models.user_set import UserSet
from msgraph.generated.models.group_members import GroupMembers
from msgraph.generated.models.external_sponsors import ExternalSponsors
from msgraph.generated.models.access_package_question import AccessPackageQuestion
from msgraph.generated.models.access_package_multiple_choice_question import AccessPackageMultipleChoiceQuestion
from msgraph.generated.models.access_package_localized_content import AccessPackageLocalizedContent
from msgraph.generated.models.access_package_localized_text import AccessPackageLocalizedText
from msgraph.generated.models.access_package_answer_choice import AccessPackageAnswerChoice
from msgraph.generated.models.access_package_text_input_question import AccessPackageTextInputQuestion
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
access_package_id = "b2eba9a1-b357-42ee-83a8-336522ed6cbf",
display_name = "Users from connected organizations can request",
description = "Allow users from configured connected organizations to request and be approved by their sponsors",
can_extend = False,
duration_in_days = 365,
expiration_date_time = None,
requestor_settings = RequestorSettings(
scope_type = "AllExistingConnectedOrganizationSubjects",
accept_requests = True,
),
request_approval_settings = ApprovalSettings(
is_approval_required = True,
is_approval_required_for_extension = False,
is_requestor_justification_required = True,
approval_mode = "SingleStage",
approval_stages = [
ApprovalStage(
approval_stage_time_out_in_days = 14,
is_approver_justification_required = True,
is_escalation_enabled = False,
escalation_time_in_minutes = 11520,
primary_approvers = [
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
is_backup = True,
id = "d2dcb9a1-a445-42ee-83a8-476522ed6cbf",
description = "group for users from connected organizations which have no external sponsor",
),
ExternalSponsors(
odata_type = "#microsoft.graph.externalSponsors",
is_backup = False,
),
],
),
],
),
questions = [
AccessPackageMultipleChoiceQuestion(
is_required = False,
text = AccessPackageLocalizedContent(
default_text = "what state are you from?",
localized_texts = [
AccessPackageLocalizedText(
text = "¿De qué estado eres?",
language_code = "es",
),
],
),
odata_type = "#microsoft.graph.accessPackageMultipleChoiceQuestion",
choices = [
AccessPackageAnswerChoice(
actual_value = "AZ",
display_value = AccessPackageLocalizedContent(
localized_texts = [
AccessPackageLocalizedText(
text = "Arizona",
language_code = "es",
),
],
),
),
AccessPackageAnswerChoice(
actual_value = "CA",
display_value = AccessPackageLocalizedContent(
localized_texts = [
AccessPackageLocalizedText(
text = "California",
language_code = "es",
),
],
),
),
AccessPackageAnswerChoice(
actual_value = "OH",
display_value = AccessPackageLocalizedContent(
localized_texts = [
AccessPackageLocalizedText(
text = "Ohio",
language_code = "es",
),
],
),
),
],
allows_multiple_selection = False,
),
AccessPackageTextInputQuestion(
is_required = False,
text = AccessPackageLocalizedContent(
default_text = "Who is your manager?",
localized_texts = [
AccessPackageLocalizedText(
text = "por qué necesita acceso a este paquete",
language_code = "es",
),
],
),
odata_type = "#microsoft.graph.accessPackageTextInputQuestion",
is_single_line_question = False,
),
],
)
result = await graph_client.identity_governance.entitlement_management.access_package_assignment_policies.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "4c02f928-7752-49aa-8fc8-e286d973a965",
"accessPackageId": "string (identifier)",
"displayName": "Users from connected organizations can request",
"description": "Allow users from configured connected organizations to request and be approved by their sponsors",
"questions": [{
"id" : "BD3F6B95-458D-4BC8-A9A6-8D4B29F64F3D",
"isRequired": false,
"text": {
"defaultText": "what state are you from?",
"localizedTexts": [{
"text": "¿De qué estado eres?",
"languageCode": "es"
}]
},
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",
"choices": [{
"actualValue": "AZ",
"displayValue": {
"localizedTexts": [{
"text": "Arizona?",
"languageCode": "es"
}]
}
}, {
"actualValue": "CA",
"displayValue": {
"localizedTexts": [{
"text": "California",
"languageCode": "es"
}]
}
}, {
"actualValue": "OH",
"displayValue": {
"localizedTexts": [{
"text": "Ohio",
"languageCode": "es"
}]
}
}],
"allowsMultipleSelection": false
}, {
"id" : "F652C13C-A660-4E4C-A1E0-CE9FEC6EE57A",
"isRequired": false,
"text": {
"defaultText": "Who is your manager?",
"localizedTexts": [{
"text": "por qué necesita acceso a este paquete",
"languageCode": "es"
}]
},
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
"isSingleLineQuestion": false
}]
}
Example 4: Create a policy and specify the stages to trigger pre-defined custom workflow extensions
Request
In the following example, the pre-defined customAccessPackageWorkflowExtension object is triggered when an access package assigned request is created and when it's granted. The identifier provided within the customExtension field is the customAccessPackageWorkflowExtension object's ID.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"displayName": "extension-policy",
"description": "test",
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"expiration": {
"type": "afterDuration",
"duration": "P365D"
},
"canExtend": false,
"requestApprovalSettings": null,
"requestorSettings": {
"acceptRequests": true,
"scopeType": "AllExistingDirectorySubjects",
"allowedRequestors": [],
"isOnBehalfAllowed": false
},
"accessReviewSettings": null,
"questions": [],
"customExtensionHandlers": [
{
"stage": "assignmentRequestCreated",
"customExtension": {
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8"
}
},
{
"stage": "assignmentRequestGranted",
"customExtension": {
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8"
}
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "extension-policy",
Description = "test",
AccessPackageId = "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
CanExtend = false,
RequestApprovalSettings = null,
RequestorSettings = new RequestorSettings
{
AcceptRequests = true,
ScopeType = "AllExistingDirectorySubjects",
AllowedRequestors = new List<UserSet>
{
},
AdditionalData = new Dictionary<string, object>
{
{
"isOnBehalfAllowed" , false
},
},
},
AccessReviewSettings = null,
Questions = new List<AccessPackageQuestion>
{
},
CustomExtensionHandlers = new List<CustomExtensionHandler>
{
new CustomExtensionHandler
{
Stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
CustomExtension = new CustomAccessPackageWorkflowExtension
{
Id = "219f57b6-7983-45a1-be01-2c228b7a43f8",
},
},
new CustomExtensionHandler
{
Stage = AccessPackageCustomExtensionStage.AssignmentRequestGranted,
CustomExtension = new CustomAccessPackageWorkflowExtension
{
Id = "219f57b6-7983-45a1-be01-2c228b7a43f8",
},
},
},
AdditionalData = new Dictionary<string, object>
{
{
"expiration" , new
{
Type = "afterDuration",
Duration = "P365D",
}
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-policies create --body '{\
"displayName": "extension-policy",\
"description": "test",\
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",\
"expiration": {\
"type": "afterDuration",\
"duration": "P365D"\
},\
"canExtend": false,\
"requestApprovalSettings": null,\
"requestorSettings": {\
"acceptRequests": true,\
"scopeType": "AllExistingDirectorySubjects",\
"allowedRequestors": [],\
"isOnBehalfAllowed": false\
},\
"accessReviewSettings": null,\
"questions": [],\
"customExtensionHandlers": [\
{\
"stage": "assignmentRequestCreated",\
"customExtension": {\
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8"\
}\
},\
{\
"stage": "assignmentRequestGranted",\
"customExtension": {\
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8"\
}\
}\
]\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "extension-policy"
requestBody.SetDisplayName(&displayName)
description := "test"
requestBody.SetDescription(&description)
accessPackageId := "ba5807c7-2aa9-4c8a-907e-4a17ee587500"
requestBody.SetAccessPackageId(&accessPackageId)
canExtend := false
requestBody.SetCanExtend(&canExtend)
requestApprovalSettings := null
requestBody.SetRequestApprovalSettings(&requestApprovalSettings)
requestorSettings := graphmodels.NewRequestorSettings()
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests)
scopeType := "AllExistingDirectorySubjects"
requestorSettings.SetScopeType(&scopeType)
allowedRequestors := []graphmodels.UserSetable {
}
requestorSettings.SetAllowedRequestors(allowedRequestors)
additionalData := map[string]interface{}{
isOnBehalfAllowed := false
requestorSettings.SetIsOnBehalfAllowed(&isOnBehalfAllowed)
}
requestorSettings.SetAdditionalData(additionalData)
requestBody.SetRequestorSettings(requestorSettings)
accessReviewSettings := null
requestBody.SetAccessReviewSettings(&accessReviewSettings)
questions := []graphmodels.AccessPackageQuestionable {
}
requestBody.SetQuestions(questions)
customExtensionHandler := graphmodels.NewCustomExtensionHandler()
stage := graphmodels.ASSIGNMENTREQUESTCREATED_ACCESSPACKAGECUSTOMEXTENSIONSTAGE
customExtensionHandler.SetStage(&stage)
customExtension := graphmodels.NewCustomAccessPackageWorkflowExtension()
id := "219f57b6-7983-45a1-be01-2c228b7a43f8"
customExtension.SetId(&id)
customExtensionHandler.SetCustomExtension(customExtension)
customExtensionHandler1 := graphmodels.NewCustomExtensionHandler()
stage := graphmodels.ASSIGNMENTREQUESTGRANTED_ACCESSPACKAGECUSTOMEXTENSIONSTAGE
customExtensionHandler1.SetStage(&stage)
customExtension := graphmodels.NewCustomAccessPackageWorkflowExtension()
id := "219f57b6-7983-45a1-be01-2c228b7a43f8"
customExtension.SetId(&id)
customExtensionHandler1.SetCustomExtension(customExtension)
customExtensionHandlers := []graphmodels.CustomExtensionHandlerable {
customExtensionHandler,
customExtensionHandler1,
}
requestBody.SetCustomExtensionHandlers(customExtensionHandlers)
additionalData := map[string]interface{}{
expiration := graphmodels.New()
type := "afterDuration"
expiration.SetType(&type)
duration := "P365D"
expiration.SetDuration(&duration)
requestBody.SetExpiration(expiration)
}
requestBody.SetAdditionalData(additionalData)
accessPackageAssignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("extension-policy");
accessPackageAssignmentPolicy.setDescription("test");
accessPackageAssignmentPolicy.setAccessPackageId("ba5807c7-2aa9-4c8a-907e-4a17ee587500");
accessPackageAssignmentPolicy.setCanExtend(false);
accessPackageAssignmentPolicy.setRequestApprovalSettings(null);
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.setAcceptRequests(true);
requestorSettings.setScopeType("AllExistingDirectorySubjects");
LinkedList<UserSet> allowedRequestors = new LinkedList<UserSet>();
requestorSettings.setAllowedRequestors(allowedRequestors);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("isOnBehalfAllowed", false);
requestorSettings.setAdditionalData(additionalData);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
accessPackageAssignmentPolicy.setAccessReviewSettings(null);
LinkedList<AccessPackageQuestion> questions = new LinkedList<AccessPackageQuestion>();
accessPackageAssignmentPolicy.setQuestions(questions);
LinkedList<CustomExtensionHandler> customExtensionHandlers = new LinkedList<CustomExtensionHandler>();
CustomExtensionHandler customExtensionHandler = new CustomExtensionHandler();
customExtensionHandler.setStage(AccessPackageCustomExtensionStage.AssignmentRequestCreated);
CustomAccessPackageWorkflowExtension customExtension = new CustomAccessPackageWorkflowExtension();
customExtension.setId("219f57b6-7983-45a1-be01-2c228b7a43f8");
customExtensionHandler.setCustomExtension(customExtension);
customExtensionHandlers.add(customExtensionHandler);
CustomExtensionHandler customExtensionHandler1 = new CustomExtensionHandler();
customExtensionHandler1.setStage(AccessPackageCustomExtensionStage.AssignmentRequestGranted);
CustomAccessPackageWorkflowExtension customExtension1 = new CustomAccessPackageWorkflowExtension();
customExtension1.setId("219f57b6-7983-45a1-be01-2c228b7a43f8");
customExtensionHandler1.setCustomExtension(customExtension1);
customExtensionHandlers.add(customExtensionHandler1);
accessPackageAssignmentPolicy.setCustomExtensionHandlers(customExtensionHandlers);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
expiration = new ();
expiration.setType("afterDuration");
expiration.setDuration("P365D");
additionalData1.put("expiration", expiration);
accessPackageAssignmentPolicy.setAdditionalData(additionalData1);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies().post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'extension-policy',
description: 'test',
accessPackageId: 'ba5807c7-2aa9-4c8a-907e-4a17ee587500',
expiration: {
type: 'afterDuration',
duration: 'P365D'
},
canExtend: false,
requestApprovalSettings: null,
requestorSettings: {
acceptRequests: true,
scopeType: 'AllExistingDirectorySubjects',
allowedRequestors: [],
isOnBehalfAllowed: false
},
accessReviewSettings: null,
questions: [],
customExtensionHandlers: [
{
stage: 'assignmentRequestCreated',
customExtension: {
id: '219f57b6-7983-45a1-be01-2c228b7a43f8'
}
},
{
stage: 'assignmentRequestGranted',
customExtension: {
id: '219f57b6-7983-45a1-be01-2c228b7a43f8'
}
}
]
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\RequestorSettings;
use Microsoft\Graph\Generated\Models\UserSet;
use Microsoft\Graph\Generated\Models\AccessPackageQuestion;
use Microsoft\Graph\Generated\Models\CustomExtensionHandler;
use Microsoft\Graph\Generated\Models\CustomAccessPackageWorkflowExtension;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('extension-policy');
$requestBody->setDescription('test');
$requestBody->setAccessPackageId('ba5807c7-2aa9-4c8a-907e-4a17ee587500');
$requestBody->setCanExtend(false);
$requestBody->setRequestApprovalSettings(null);
$requestorSettings = new RequestorSettings();
$requestorSettings->setAcceptRequests(true);
$requestorSettings->setScopeType('AllExistingDirectorySubjects');
$requestorSettings->setAllowedRequestors([ ]);
$additionalData = [
'isOnBehalfAllowed' => false,
];
$requestorSettings->setAdditionalData($additionalData);
$requestBody->setRequestorSettings($requestorSettings);
$requestBody->setAccessReviewSettings(null);
$requestBody->setQuestions([ ]);
$customExtensionHandlersCustomExtensionHandler1 = new CustomExtensionHandler();
$customExtensionHandlersCustomExtensionHandler1->setStage(new AccessPackageCustomExtensionStage('assignmentRequestCreated'));
$customExtensionHandlersCustomExtensionHandler1CustomExtension = new CustomAccessPackageWorkflowExtension();
$customExtensionHandlersCustomExtensionHandler1CustomExtension->setId('219f57b6-7983-45a1-be01-2c228b7a43f8');
$customExtensionHandlersCustomExtensionHandler1->setCustomExtension($customExtensionHandlersCustomExtensionHandler1CustomExtension);
$customExtensionHandlersArray []= $customExtensionHandlersCustomExtensionHandler1;
$customExtensionHandlersCustomExtensionHandler2 = new CustomExtensionHandler();
$customExtensionHandlersCustomExtensionHandler2->setStage(new AccessPackageCustomExtensionStage('assignmentRequestGranted'));
$customExtensionHandlersCustomExtensionHandler2CustomExtension = new CustomAccessPackageWorkflowExtension();
$customExtensionHandlersCustomExtensionHandler2CustomExtension->setId('219f57b6-7983-45a1-be01-2c228b7a43f8');
$customExtensionHandlersCustomExtensionHandler2->setCustomExtension($customExtensionHandlersCustomExtensionHandler2CustomExtension);
$customExtensionHandlersArray []= $customExtensionHandlersCustomExtensionHandler2;
$requestBody->setCustomExtensionHandlers($customExtensionHandlersArray);
$additionalData = [
'expiration' => [
'type' => 'afterDuration',
'duration' => 'P365D',
],
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentPolicies()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
displayName = "extension-policy"
description = "test"
accessPackageId = "ba5807c7-2aa9-4c8a-907e-4a17ee587500"
expiration = @{
type = "afterDuration"
duration = "P365D"
}
canExtend = $false
requestApprovalSettings = $null
requestorSettings = @{
acceptRequests = $true
scopeType = "AllExistingDirectorySubjects"
allowedRequestors = @(
)
isOnBehalfAllowed = $false
}
accessReviewSettings = $null
questions = @(
)
customExtensionHandlers = @(
@{
stage = "assignmentRequestCreated"
customExtension = @{
id = "219f57b6-7983-45a1-be01-2c228b7a43f8"
}
}
@{
stage = "assignmentRequestGranted"
customExtension = @{
id = "219f57b6-7983-45a1-be01-2c228b7a43f8"
}
}
)
}
New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.requestor_settings import RequestorSettings
from msgraph.generated.models.user_set import UserSet
from msgraph.generated.models.access_package_question import AccessPackageQuestion
from msgraph.generated.models.custom_extension_handler import CustomExtensionHandler
from msgraph.generated.models.custom_access_package_workflow_extension import CustomAccessPackageWorkflowExtension
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
display_name = "extension-policy",
description = "test",
access_package_id = "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
can_extend = False,
request_approval_settings = None,
requestor_settings = RequestorSettings(
accept_requests = True,
scope_type = "AllExistingDirectorySubjects",
allowed_requestors = [
],
additional_data = {
"is_on_behalf_allowed" : False,
}
),
access_review_settings = None,
questions = [
],
custom_extension_handlers = [
CustomExtensionHandler(
stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
custom_extension = CustomAccessPackageWorkflowExtension(
id = "219f57b6-7983-45a1-be01-2c228b7a43f8",
),
),
CustomExtensionHandler(
stage = AccessPackageCustomExtensionStage.AssignmentRequestGranted,
custom_extension = CustomAccessPackageWorkflowExtension(
id = "219f57b6-7983-45a1-be01-2c228b7a43f8",
),
),
],
additional_data = {
"expiration" : {
"type" : "afterDuration",
"duration" : "P365D",
},
}
)
result = await graph_client.identity_governance.entitlement_management.access_package_assignment_policies.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response. The customExtensionHandlers object isn't returned by default. To retrieve this object, use the GET method with $expand. For more information, see Retrieve the custom extension handlers for a policy
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "d0324cbb-24a2-4edb-acca-fee5384c6a5e",
"displayName": "extension-policy",
"description": "test",
"canExtend": false,
"durationInDays": 0,
"expirationDateTime": null,
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"accessReviewSettings": null,
"questions": [],
"requestorSettings": {
"scopeType": "AllExistingDirectorySubjects",
"acceptRequests": true,
"allowedRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequired": false,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": false,
"approvalMode": "NoApproval",
"approvalStages": []
}
}
Example 5: Create a policy and specify the stages to trigger pre-defined access package custom extensions
Request
In the following example, the pre-defined accessPackageCustomWorkflowExtension object is triggered when an access package assignment request is created and when it's granted. The identifier provided within the customExtension field is the accessPackageCustomWorkflowExtension object's ID.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"displayName": "extension-policy",
"description": "test",
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"expiration": {
"type": "afterDuration",
"duration": "P365D"
},
"canExtend": false,
"requestApprovalSettings": null,
"requestorSettings": {
"acceptRequests": true,
"scopeType": "AllExistingDirectorySubjects",
"allowedRequestors": [],
"isOnBehalfAllowed": false
},
"accessReviewSettings": null,
"questions": [],
"customExtensionStageSettings": [
{
"stage": "assignmentRequestCreated",
"customExtension": {
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8"
}
},
{
"stage": "assignmentRequestGranted",
"customExtension": {
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8"
}
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "extension-policy",
Description = "test",
AccessPackageId = "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
CanExtend = false,
RequestApprovalSettings = null,
RequestorSettings = new RequestorSettings
{
AcceptRequests = true,
ScopeType = "AllExistingDirectorySubjects",
AllowedRequestors = new List<UserSet>
{
},
AdditionalData = new Dictionary<string, object>
{
{
"isOnBehalfAllowed" , false
},
},
},
AccessReviewSettings = null,
Questions = new List<AccessPackageQuestion>
{
},
CustomExtensionStageSettings = new List<CustomExtensionStageSetting>
{
new CustomExtensionStageSetting
{
Stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
CustomExtension = new CustomCalloutExtension
{
Id = "219f57b6-7983-45a1-be01-2c228b7a43f8",
},
},
new CustomExtensionStageSetting
{
Stage = AccessPackageCustomExtensionStage.AssignmentRequestGranted,
CustomExtension = new CustomCalloutExtension
{
Id = "219f57b6-7983-45a1-be01-2c228b7a43f8",
},
},
},
AdditionalData = new Dictionary<string, object>
{
{
"expiration" , new
{
Type = "afterDuration",
Duration = "P365D",
}
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-policies create --body '{\
"displayName": "extension-policy",\
"description": "test",\
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",\
"expiration": {\
"type": "afterDuration",\
"duration": "P365D"\
},\
"canExtend": false,\
"requestApprovalSettings": null,\
"requestorSettings": {\
"acceptRequests": true,\
"scopeType": "AllExistingDirectorySubjects",\
"allowedRequestors": [],\
"isOnBehalfAllowed": false\
},\
"accessReviewSettings": null,\
"questions": [],\
"customExtensionStageSettings": [\
{\
"stage": "assignmentRequestCreated",\
"customExtension": {\
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8"\
}\
},\
{\
"stage": "assignmentRequestGranted",\
"customExtension": {\
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8"\
}\
}\
]\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "extension-policy"
requestBody.SetDisplayName(&displayName)
description := "test"
requestBody.SetDescription(&description)
accessPackageId := "ba5807c7-2aa9-4c8a-907e-4a17ee587500"
requestBody.SetAccessPackageId(&accessPackageId)
canExtend := false
requestBody.SetCanExtend(&canExtend)
requestApprovalSettings := null
requestBody.SetRequestApprovalSettings(&requestApprovalSettings)
requestorSettings := graphmodels.NewRequestorSettings()
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests)
scopeType := "AllExistingDirectorySubjects"
requestorSettings.SetScopeType(&scopeType)
allowedRequestors := []graphmodels.UserSetable {
}
requestorSettings.SetAllowedRequestors(allowedRequestors)
additionalData := map[string]interface{}{
isOnBehalfAllowed := false
requestorSettings.SetIsOnBehalfAllowed(&isOnBehalfAllowed)
}
requestorSettings.SetAdditionalData(additionalData)
requestBody.SetRequestorSettings(requestorSettings)
accessReviewSettings := null
requestBody.SetAccessReviewSettings(&accessReviewSettings)
questions := []graphmodels.AccessPackageQuestionable {
}
requestBody.SetQuestions(questions)
customExtensionStageSetting := graphmodels.NewCustomExtensionStageSetting()
stage := graphmodels.ASSIGNMENTREQUESTCREATED_ACCESSPACKAGECUSTOMEXTENSIONSTAGE
customExtensionStageSetting.SetStage(&stage)
customExtension := graphmodels.NewCustomCalloutExtension()
id := "219f57b6-7983-45a1-be01-2c228b7a43f8"
customExtension.SetId(&id)
customExtensionStageSetting.SetCustomExtension(customExtension)
customExtensionStageSetting1 := graphmodels.NewCustomExtensionStageSetting()
stage := graphmodels.ASSIGNMENTREQUESTGRANTED_ACCESSPACKAGECUSTOMEXTENSIONSTAGE
customExtensionStageSetting1.SetStage(&stage)
customExtension := graphmodels.NewCustomCalloutExtension()
id := "219f57b6-7983-45a1-be01-2c228b7a43f8"
customExtension.SetId(&id)
customExtensionStageSetting1.SetCustomExtension(customExtension)
customExtensionStageSettings := []graphmodels.CustomExtensionStageSettingable {
customExtensionStageSetting,
customExtensionStageSetting1,
}
requestBody.SetCustomExtensionStageSettings(customExtensionStageSettings)
additionalData := map[string]interface{}{
expiration := graphmodels.New()
type := "afterDuration"
expiration.SetType(&type)
duration := "P365D"
expiration.SetDuration(&duration)
requestBody.SetExpiration(expiration)
}
requestBody.SetAdditionalData(additionalData)
accessPackageAssignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("extension-policy");
accessPackageAssignmentPolicy.setDescription("test");
accessPackageAssignmentPolicy.setAccessPackageId("ba5807c7-2aa9-4c8a-907e-4a17ee587500");
accessPackageAssignmentPolicy.setCanExtend(false);
accessPackageAssignmentPolicy.setRequestApprovalSettings(null);
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.setAcceptRequests(true);
requestorSettings.setScopeType("AllExistingDirectorySubjects");
LinkedList<UserSet> allowedRequestors = new LinkedList<UserSet>();
requestorSettings.setAllowedRequestors(allowedRequestors);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("isOnBehalfAllowed", false);
requestorSettings.setAdditionalData(additionalData);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
accessPackageAssignmentPolicy.setAccessReviewSettings(null);
LinkedList<AccessPackageQuestion> questions = new LinkedList<AccessPackageQuestion>();
accessPackageAssignmentPolicy.setQuestions(questions);
LinkedList<CustomExtensionStageSetting> customExtensionStageSettings = new LinkedList<CustomExtensionStageSetting>();
CustomExtensionStageSetting customExtensionStageSetting = new CustomExtensionStageSetting();
customExtensionStageSetting.setStage(AccessPackageCustomExtensionStage.AssignmentRequestCreated);
CustomCalloutExtension customExtension = new CustomCalloutExtension();
customExtension.setId("219f57b6-7983-45a1-be01-2c228b7a43f8");
customExtensionStageSetting.setCustomExtension(customExtension);
customExtensionStageSettings.add(customExtensionStageSetting);
CustomExtensionStageSetting customExtensionStageSetting1 = new CustomExtensionStageSetting();
customExtensionStageSetting1.setStage(AccessPackageCustomExtensionStage.AssignmentRequestGranted);
CustomCalloutExtension customExtension1 = new CustomCalloutExtension();
customExtension1.setId("219f57b6-7983-45a1-be01-2c228b7a43f8");
customExtensionStageSetting1.setCustomExtension(customExtension1);
customExtensionStageSettings.add(customExtensionStageSetting1);
accessPackageAssignmentPolicy.setCustomExtensionStageSettings(customExtensionStageSettings);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
expiration = new ();
expiration.setType("afterDuration");
expiration.setDuration("P365D");
additionalData1.put("expiration", expiration);
accessPackageAssignmentPolicy.setAdditionalData(additionalData1);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies().post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'extension-policy',
description: 'test',
accessPackageId: 'ba5807c7-2aa9-4c8a-907e-4a17ee587500',
expiration: {
type: 'afterDuration',
duration: 'P365D'
},
canExtend: false,
requestApprovalSettings: null,
requestorSettings: {
acceptRequests: true,
scopeType: 'AllExistingDirectorySubjects',
allowedRequestors: [],
isOnBehalfAllowed: false
},
accessReviewSettings: null,
questions: [],
customExtensionStageSettings: [
{
stage: 'assignmentRequestCreated',
customExtension: {
id: '219f57b6-7983-45a1-be01-2c228b7a43f8'
}
},
{
stage: 'assignmentRequestGranted',
customExtension: {
id: '219f57b6-7983-45a1-be01-2c228b7a43f8'
}
}
]
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\RequestorSettings;
use Microsoft\Graph\Generated\Models\UserSet;
use Microsoft\Graph\Generated\Models\AccessPackageQuestion;
use Microsoft\Graph\Generated\Models\CustomExtensionStageSetting;
use Microsoft\Graph\Generated\Models\CustomCalloutExtension;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('extension-policy');
$requestBody->setDescription('test');
$requestBody->setAccessPackageId('ba5807c7-2aa9-4c8a-907e-4a17ee587500');
$requestBody->setCanExtend(false);
$requestBody->setRequestApprovalSettings(null);
$requestorSettings = new RequestorSettings();
$requestorSettings->setAcceptRequests(true);
$requestorSettings->setScopeType('AllExistingDirectorySubjects');
$requestorSettings->setAllowedRequestors([ ]);
$additionalData = [
'isOnBehalfAllowed' => false,
];
$requestorSettings->setAdditionalData($additionalData);
$requestBody->setRequestorSettings($requestorSettings);
$requestBody->setAccessReviewSettings(null);
$requestBody->setQuestions([ ]);
$customExtensionStageSettingsCustomExtensionStageSetting1 = new CustomExtensionStageSetting();
$customExtensionStageSettingsCustomExtensionStageSetting1->setStage(new AccessPackageCustomExtensionStage('assignmentRequestCreated'));
$customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension = new CustomCalloutExtension();
$customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension->setId('219f57b6-7983-45a1-be01-2c228b7a43f8');
$customExtensionStageSettingsCustomExtensionStageSetting1->setCustomExtension($customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension);
$customExtensionStageSettingsArray []= $customExtensionStageSettingsCustomExtensionStageSetting1;
$customExtensionStageSettingsCustomExtensionStageSetting2 = new CustomExtensionStageSetting();
$customExtensionStageSettingsCustomExtensionStageSetting2->setStage(new AccessPackageCustomExtensionStage('assignmentRequestGranted'));
$customExtensionStageSettingsCustomExtensionStageSetting2CustomExtension = new CustomCalloutExtension();
$customExtensionStageSettingsCustomExtensionStageSetting2CustomExtension->setId('219f57b6-7983-45a1-be01-2c228b7a43f8');
$customExtensionStageSettingsCustomExtensionStageSetting2->setCustomExtension($customExtensionStageSettingsCustomExtensionStageSetting2CustomExtension);
$customExtensionStageSettingsArray []= $customExtensionStageSettingsCustomExtensionStageSetting2;
$requestBody->setCustomExtensionStageSettings($customExtensionStageSettingsArray);
$additionalData = [
'expiration' => [
'type' => 'afterDuration',
'duration' => 'P365D',
],
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentPolicies()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
displayName = "extension-policy"
description = "test"
accessPackageId = "ba5807c7-2aa9-4c8a-907e-4a17ee587500"
expiration = @{
type = "afterDuration"
duration = "P365D"
}
canExtend = $false
requestApprovalSettings = $null
requestorSettings = @{
acceptRequests = $true
scopeType = "AllExistingDirectorySubjects"
allowedRequestors = @(
)
isOnBehalfAllowed = $false
}
accessReviewSettings = $null
questions = @(
)
customExtensionStageSettings = @(
@{
stage = "assignmentRequestCreated"
customExtension = @{
id = "219f57b6-7983-45a1-be01-2c228b7a43f8"
}
}
@{
stage = "assignmentRequestGranted"
customExtension = @{
id = "219f57b6-7983-45a1-be01-2c228b7a43f8"
}
}
)
}
New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.requestor_settings import RequestorSettings
from msgraph.generated.models.user_set import UserSet
from msgraph.generated.models.access_package_question import AccessPackageQuestion
from msgraph.generated.models.custom_extension_stage_setting import CustomExtensionStageSetting
from msgraph.generated.models.custom_callout_extension import CustomCalloutExtension
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
display_name = "extension-policy",
description = "test",
access_package_id = "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
can_extend = False,
request_approval_settings = None,
requestor_settings = RequestorSettings(
accept_requests = True,
scope_type = "AllExistingDirectorySubjects",
allowed_requestors = [
],
additional_data = {
"is_on_behalf_allowed" : False,
}
),
access_review_settings = None,
questions = [
],
custom_extension_stage_settings = [
CustomExtensionStageSetting(
stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
custom_extension = CustomCalloutExtension(
id = "219f57b6-7983-45a1-be01-2c228b7a43f8",
),
),
CustomExtensionStageSetting(
stage = AccessPackageCustomExtensionStage.AssignmentRequestGranted,
custom_extension = CustomCalloutExtension(
id = "219f57b6-7983-45a1-be01-2c228b7a43f8",
),
),
],
additional_data = {
"expiration" : {
"type" : "afterDuration",
"duration" : "P365D",
},
}
)
result = await graph_client.identity_governance.entitlement_management.access_package_assignment_policies.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response. The customExtensionStageSettings object isn't returned by default. To retrieve this object, use the GET method with $expand. For more information, see Retrieve the custom extension stage settings for a policy
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "d0324cbb-24a2-4edb-acca-fee5384c6a5e",
"displayName": "extension-policy",
"description": "test",
"canExtend": false,
"durationInDays": 0,
"expirationDateTime": null,
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"accessReviewSettings": null,
"questions": [],
"requestorSettings": {
"scopeType": "AllExistingDirectorySubjects",
"acceptRequests": true,
"allowedRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequired": false,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": false,
"approvalMode": "NoApproval",
"approvalStages": []
}
}
Example 6: Create a policy with a verifiable credential requirement
Request
The following example shows how to create an access package policy with a verifiable credential requirement.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"displayName": "policy-with-verified-id",
"description": "test",
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"expiration": {
"type": "afterDuration",
"duration": "P365D"
},
"canExtend": false,
"requestApprovalSettings": null,
"requestorSettings": {
"acceptRequests": true,
"scopeType": "AllExistingDirectorySubjects",
"allowedRequestors": [],
"isOnBehalfAllowed": false
},
"accessReviewSettings": null,
"questions": [],
"customExtensionHandlers": [],
"verifiableCredentialSettings":
{
"credentialTypes":[{
"issuers": ["did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>..."],
"credentialType": "VerifiedCredentialExpert"
}]
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "policy-with-verified-id",
Description = "test",
AccessPackageId = "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
CanExtend = false,
RequestApprovalSettings = null,
RequestorSettings = new RequestorSettings
{
AcceptRequests = true,
ScopeType = "AllExistingDirectorySubjects",
AllowedRequestors = new List<UserSet>
{
},
AdditionalData = new Dictionary<string, object>
{
{
"isOnBehalfAllowed" , false
},
},
},
AccessReviewSettings = null,
Questions = new List<AccessPackageQuestion>
{
},
CustomExtensionHandlers = new List<CustomExtensionHandler>
{
},
VerifiableCredentialSettings = new VerifiableCredentialSettings
{
CredentialTypes = new List<VerifiableCredentialType>
{
new VerifiableCredentialType
{
Issuers = new List<string>
{
"did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>...",
},
CredentialType = "VerifiedCredentialExpert",
},
},
},
AdditionalData = new Dictionary<string, object>
{
{
"expiration" , new
{
Type = "afterDuration",
Duration = "P365D",
}
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-policies create --body '{\
"displayName": "policy-with-verified-id",\
"description": "test",\
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",\
"expiration": {\
"type": "afterDuration",\
"duration": "P365D"\
},\
"canExtend": false,\
"requestApprovalSettings": null,\
"requestorSettings": {\
"acceptRequests": true,\
"scopeType": "AllExistingDirectorySubjects",\
"allowedRequestors": [],\
"isOnBehalfAllowed": false\
},\
"accessReviewSettings": null,\
"questions": [],\
"customExtensionHandlers": [],\
"verifiableCredentialSettings":\
{\
"credentialTypes":[{\
"issuers": ["did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>..."],\
"credentialType": "VerifiedCredentialExpert"\
}]\
}\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "policy-with-verified-id"
requestBody.SetDisplayName(&displayName)
description := "test"
requestBody.SetDescription(&description)
accessPackageId := "ba5807c7-2aa9-4c8a-907e-4a17ee587500"
requestBody.SetAccessPackageId(&accessPackageId)
canExtend := false
requestBody.SetCanExtend(&canExtend)
requestApprovalSettings := null
requestBody.SetRequestApprovalSettings(&requestApprovalSettings)
requestorSettings := graphmodels.NewRequestorSettings()
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests)
scopeType := "AllExistingDirectorySubjects"
requestorSettings.SetScopeType(&scopeType)
allowedRequestors := []graphmodels.UserSetable {
}
requestorSettings.SetAllowedRequestors(allowedRequestors)
additionalData := map[string]interface{}{
isOnBehalfAllowed := false
requestorSettings.SetIsOnBehalfAllowed(&isOnBehalfAllowed)
}
requestorSettings.SetAdditionalData(additionalData)
requestBody.SetRequestorSettings(requestorSettings)
accessReviewSettings := null
requestBody.SetAccessReviewSettings(&accessReviewSettings)
questions := []graphmodels.AccessPackageQuestionable {
}
requestBody.SetQuestions(questions)
customExtensionHandlers := []graphmodels.CustomExtensionHandlerable {
}
requestBody.SetCustomExtensionHandlers(customExtensionHandlers)
verifiableCredentialSettings := graphmodels.NewVerifiableCredentialSettings()
verifiableCredentialType := graphmodels.NewVerifiableCredentialType()
issuers := []string {
"did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>...",
}
verifiableCredentialType.SetIssuers(issuers)
credentialType := "VerifiedCredentialExpert"
verifiableCredentialType.SetCredentialType(&credentialType)
credentialTypes := []graphmodels.VerifiableCredentialTypeable {
verifiableCredentialType,
}
verifiableCredentialSettings.SetCredentialTypes(credentialTypes)
requestBody.SetVerifiableCredentialSettings(verifiableCredentialSettings)
additionalData := map[string]interface{}{
expiration := graphmodels.New()
type := "afterDuration"
expiration.SetType(&type)
duration := "P365D"
expiration.SetDuration(&duration)
requestBody.SetExpiration(expiration)
}
requestBody.SetAdditionalData(additionalData)
accessPackageAssignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(context.Background(), requestBody, nil)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("policy-with-verified-id");
accessPackageAssignmentPolicy.setDescription("test");
accessPackageAssignmentPolicy.setAccessPackageId("ba5807c7-2aa9-4c8a-907e-4a17ee587500");
accessPackageAssignmentPolicy.setCanExtend(false);
accessPackageAssignmentPolicy.setRequestApprovalSettings(null);
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.setAcceptRequests(true);
requestorSettings.setScopeType("AllExistingDirectorySubjects");
LinkedList<UserSet> allowedRequestors = new LinkedList<UserSet>();
requestorSettings.setAllowedRequestors(allowedRequestors);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("isOnBehalfAllowed", false);
requestorSettings.setAdditionalData(additionalData);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
accessPackageAssignmentPolicy.setAccessReviewSettings(null);
LinkedList<AccessPackageQuestion> questions = new LinkedList<AccessPackageQuestion>();
accessPackageAssignmentPolicy.setQuestions(questions);
LinkedList<CustomExtensionHandler> customExtensionHandlers = new LinkedList<CustomExtensionHandler>();
accessPackageAssignmentPolicy.setCustomExtensionHandlers(customExtensionHandlers);
VerifiableCredentialSettings verifiableCredentialSettings = new VerifiableCredentialSettings();
LinkedList<VerifiableCredentialType> credentialTypes = new LinkedList<VerifiableCredentialType>();
VerifiableCredentialType verifiableCredentialType = new VerifiableCredentialType();
LinkedList<String> issuers = new LinkedList<String>();
issuers.add("did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>...");
verifiableCredentialType.setIssuers(issuers);
verifiableCredentialType.setCredentialType("VerifiedCredentialExpert");
credentialTypes.add(verifiableCredentialType);
verifiableCredentialSettings.setCredentialTypes(credentialTypes);
accessPackageAssignmentPolicy.setVerifiableCredentialSettings(verifiableCredentialSettings);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
expiration = new ();
expiration.setType("afterDuration");
expiration.setDuration("P365D");
additionalData1.put("expiration", expiration);
accessPackageAssignmentPolicy.setAdditionalData(additionalData1);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies().post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'policy-with-verified-id',
description: 'test',
accessPackageId: 'ba5807c7-2aa9-4c8a-907e-4a17ee587500',
expiration: {
type: 'afterDuration',
duration: 'P365D'
},
canExtend: false,
requestApprovalSettings: null,
requestorSettings: {
acceptRequests: true,
scopeType: 'AllExistingDirectorySubjects',
allowedRequestors: [],
isOnBehalfAllowed: false
},
accessReviewSettings: null,
questions: [],
customExtensionHandlers: [],
verifiableCredentialSettings:
{
credentialTypes: [{
issuers: ['did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>...'],
credentialType: 'VerifiedCredentialExpert'
}]
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\RequestorSettings;
use Microsoft\Graph\Generated\Models\UserSet;
use Microsoft\Graph\Generated\Models\AccessPackageQuestion;
use Microsoft\Graph\Generated\Models\CustomExtensionHandler;
use Microsoft\Graph\Generated\Models\VerifiableCredentialSettings;
use Microsoft\Graph\Generated\Models\VerifiableCredentialType;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('policy-with-verified-id');
$requestBody->setDescription('test');
$requestBody->setAccessPackageId('ba5807c7-2aa9-4c8a-907e-4a17ee587500');
$requestBody->setCanExtend(false);
$requestBody->setRequestApprovalSettings(null);
$requestorSettings = new RequestorSettings();
$requestorSettings->setAcceptRequests(true);
$requestorSettings->setScopeType('AllExistingDirectorySubjects');
$requestorSettings->setAllowedRequestors([ ]);
$additionalData = [
'isOnBehalfAllowed' => false,
];
$requestorSettings->setAdditionalData($additionalData);
$requestBody->setRequestorSettings($requestorSettings);
$requestBody->setAccessReviewSettings(null);
$requestBody->setQuestions([ ]);
$requestBody->setCustomExtensionHandlers([ ]);
$verifiableCredentialSettings = new VerifiableCredentialSettings();
$credentialTypesVerifiableCredentialType1 = new VerifiableCredentialType();
$credentialTypesVerifiableCredentialType1->setIssuers(['did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>...', ]);
$credentialTypesVerifiableCredentialType1->setCredentialType('VerifiedCredentialExpert');
$credentialTypesArray []= $credentialTypesVerifiableCredentialType1;
$verifiableCredentialSettings->setCredentialTypes($credentialTypesArray);
$requestBody->setVerifiableCredentialSettings($verifiableCredentialSettings);
$additionalData = [
'expiration' => [
'type' => 'afterDuration',
'duration' => 'P365D',
],
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentPolicies()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
displayName = "policy-with-verified-id"
description = "test"
accessPackageId = "ba5807c7-2aa9-4c8a-907e-4a17ee587500"
expiration = @{
type = "afterDuration"
duration = "P365D"
}
canExtend = $false
requestApprovalSettings = $null
requestorSettings = @{
acceptRequests = $true
scopeType = "AllExistingDirectorySubjects"
allowedRequestors = @(
)
isOnBehalfAllowed = $false
}
accessReviewSettings = $null
questions = @(
)
customExtensionHandlers = @(
)
verifiableCredentialSettings = @{
credentialTypes = @(
@{
issuers = @(
"did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>..."
)
credentialType = "VerifiedCredentialExpert"
}
)
}
}
New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.requestor_settings import RequestorSettings
from msgraph.generated.models.user_set import UserSet
from msgraph.generated.models.access_package_question import AccessPackageQuestion
from msgraph.generated.models.custom_extension_handler import CustomExtensionHandler
from msgraph.generated.models.verifiable_credential_settings import VerifiableCredentialSettings
from msgraph.generated.models.verifiable_credential_type import VerifiableCredentialType
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
display_name = "policy-with-verified-id",
description = "test",
access_package_id = "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
can_extend = False,
request_approval_settings = None,
requestor_settings = RequestorSettings(
accept_requests = True,
scope_type = "AllExistingDirectorySubjects",
allowed_requestors = [
],
additional_data = {
"is_on_behalf_allowed" : False,
}
),
access_review_settings = None,
questions = [
],
custom_extension_handlers = [
],
verifiable_credential_settings = VerifiableCredentialSettings(
credential_types = [
VerifiableCredentialType(
issuers = [
"did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>...",
],
credential_type = "VerifiedCredentialExpert",
),
],
),
additional_data = {
"expiration" : {
"type" : "afterDuration",
"duration" : "P365D",
},
}
)
result = await graph_client.identity_governance.entitlement_management.access_package_assignment_policies.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "d0324cbb-24a2-4edb-acca-fee5384c6a5e",
"displayName": "extension-policy",
"description": "test",
"canExtend": false,
"durationInDays": 0,
"expirationDateTime": null,
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"accessReviewSettings": null,
"questions": [],
"requestorSettings": {
"scopeType": "AllExistingDirectorySubjects",
"acceptRequests": true,
"allowedRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequired": false,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": false,
"approvalMode": "NoApproval",
"approvalStages": []
},
"customExtensionHandlers": [],
"verifiableCredentialSettings": {
"credentialTypes":[{
"issuers": ["did:ion:EiAlrenrtD3Lsw0GlbzS1O2YFdy3Xtu8yo35W<SNIP>..."],
"credentialType": "VerifiedCredentialExpert"
}]
}
}
Feedback
Was this page helpful?
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for