List provisioningObjectSummary
Namespace: microsoft.graph
Get all provisioning events that occurred in your tenant, such as the deletion of a group in a target application or the creation of a user when provisioning user accounts from your HR system.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ❌ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | AuditLog.Read.All and Directory.Read.All |
Delegated (personal Microsoft account) | Not supported |
Application | AuditLog.Read.All and Directory.Read.All |
HTTP request
GET /auditLogs/provisioning
Optional query parameters
This method supports the $filter
(eq
, contains
, gt
, lt
), $orderby
, $top
, $skiptoken
OData query parameters to help customize the response. The filters are all case sensitive. For general information, see OData query parameters.
Request headers
Header | Value |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK
response code and a collection of provisioningObjectSummary objects in the response body.
Examples
Example 1: Successful request
Request
The following example shows a request.
GET https://graph.microsoft.com/v1.0/auditLogs/provisioning
Response
The following is an example of the response for a successful event.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditLogs/provisioning",
"value": [
{
"id": "75b5b0ae-9fc5-8d0e-e0a9-7y6a4728de56",
"activityDateTime": "2019-05-04T03:00:54Z",
"tenantId": "74beb175-3b80-7b63-b9d5-6f0b76082b16",
"jobId": "aws.74beb1753b704b63b8d56f0b76082b16.10a7a801-7101-4c69-ae00-ce9f75f8460a",
"cycleId": "b6502552-018d-79bd-8869-j47194dc65c1",
"changeId": "b6502552-018d-89bd-9969-b49194dc65c1",
"provisioningAction": "create",
"durationInMilliseconds": 3236,
"provisioningStatusInfo": {
"status": "success",
"errorInformation" : null
},
"provisioningSteps": [
{
"name": "EntryImport",
"provisioningStepType": "Import",
"status": "success",
"description": "Retrieved RolesCompound '10a7a801-7101-4c69-ae00-ce9f75f8460a' from Contoso",
"details": {}
},
{
"name": "EntryExportUpdate",
"provisioningStepType": "Export",
"status": "success",
"description": "RolesCompound '60a7a801-7101-4c69-ae00-ce9f75f8460a' was updated in Azure Active Directory",
"details": {
"ReportableIdentifier": "60a7a801-7101-4c69-ae00-ce9f75f8460a"
}
}
],
"modifiedProperties": [
{
"displayName": "appId",
"oldValue": null,
"newValue": "60a7a801-7101-4c69-ae00-ce9f75f8460a"
},
{
"displayName": "Roles",
"oldValue": null,
"newValue": "jaws-prod-role2,jaws-prod-saml2, jayaws-role,jayaws-saml, TestRole,super-saml"
},
{
"displayName": "objectId",
"oldValue": null,
"newValue": "6nn37b93-185a-4485-a519-50c09549f3ad"
},
{
"displayName": "displayName",
"oldValue": null,
"newValue": "Contoso"
},
{
"displayName": "homepage",
"oldValue": null,
"newValue": "https://signin.contoso.com/saml?metadata=contoso|ISV9.1|primary|z"
},
],
"servicePrincipal": {
"id": "6cc35b93-185a-4485-a519-50c09549g3ad",
"displayName": "Contoso"
},
"sourceSystem": {
"id": "d1e090e1-f2f4-4678-be44-6442ffff0621",
"displayName": "Contoso",
"details": {}
},
"targetSystem": {
"id": "e69d4bd2-2da2-483e-bc49-aad4080b91b3",
"displayName": "Azure Active Directory",
"details": {
"ApplicationId": "bcf4d658-ac9f-408d-bf04-e86dc10328fb",
"ServicePrincipalId": "6nn35b93-185a-4485-a519-50c09549f3ad",
"ServicePrincipalDisplayName": "Contoso"
}
},
"initiatedBy": {
"initiatingType": "system",
"id": "",
"displayName": "Azure AD Provisioning Service"
},
"sourceIdentity": {
"identityType": "RolesCompound",
"id": "60a7a801-7101-4c69-ae00-ce9f75f8460a",
"displayName": "",
"details": {}
},
"targetIdentity": {
"identityType": "ServicePrincipal",
"id": "6nn35b93-185a-4485-a519-50c09549f3ad",
"displayName": "",
"details": {}
}
}
]
}
Example 2: Error reponse
Request
The following example shows a request.
GET https://graph.microsoft.com/v1.0/auditLogs/provisioning
Response
The following is an example of the response for a failed provisioning event.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditLogs/provisioning",
"value": [
{
"id": "gc532ff9-r265-ec76-861e-42e2970a8218",
"activityDateTime": "2019-06-24T20:53:08Z",
"tenantId": "7928d5b5-7442-4a97-ne2d-66f9j9972ecn",
"jobId": "ContosoOutDelta.7928d5b574424a97ne2d66f9j9972ecn",
"cycleId": "44576n58-v14b-70fj-8404-3d22tt46ed93",
"changeId": "eaad2f8b-e6e3-409b-83bd-e4e2e57177d5",
"provisioningAction": "create",
"durationInMilliseconds": 2785,
"sourceSystem": {
"id": "0404601d-a9c0-4ec7-bbcd-02660120d8c9",
"displayName": "Azure Active Directory",
"details": {}
},
"targetSystem": {
"id": "cd22f60b-5f2d-1adg-adb4-76ef31db996b",
"displayName": "Contoso",
"details": {
"ApplicationId": "f2764360-e0ec-5676-711e-cd6fc0d4dd61",
"ServicePrincipalId": "chc46a42-966b-47d7-9774-576b1c8bd0b8",
"ServicePrincipalDisplayName": "Contoso"
}
},
"initiatedBy": {
"id": "",
"displayName": "Azure AD Provisioning Service",
"initiatorType": "system"
},
"servicePrincipal": {
"id": "chc46a42-966b-47d7-9774-576b1c8bd0b8",
"displayName": "Contoso"
},
"sourceIdentity": {
"id": "5e6c9rae-ab4d-5239-8ad0-174391d110eb",
"displayName": "Self-service Pilot",
"identityType": "Group",
"details": {}
},
"targetIdentity": {
"id": "",
"displayName": "",
"identityType": "Group",
"details": {}
},
"provisioningStatusInfo": {
"status": "failure",
"errorInformation" : {
"errorCode": "ContosoEntryConflict",
"reason": "Message: Contoso returned an error response with the HTTP status code 409. This response indicates that a user or a group already exisits with the same name. This can be avoided by identifying and removing the conflicting user from Contoso via the Contoso administrative user interface, or removing the current user from the scope of provisioning either by removing their assignment to the Contoso application in Azure Active Directory or adding a scoping filter to exclude the user.",
"additionalDetails": null,
"errorCategory": "nonServiceFailure",
"recommendedAction": null
}
},
"provisioningSteps": [
{
"name": "EntryImportAdd",
"provisioningStepType": "import",
"status": "success",
"description": "Received Group 'Self-service Pilot' change of type (Add) from Azure Active Directory",
"details": {}
},
{
"name": "EntrySynchronizationAdd",
"provisioningStepType": "matching",
"status": "success",
"description": "Group 'Self-service Pilot' will be created in Contoso (Group is active and assigned in Azure Active Directory, but no matching Group was found in Contoso)",
"details": {}
},
{
"name": "EntryExportAdd",
"provisioningStepType": "export",
"status": "failure",
"description": "Failed to create Group 'Self-service Pilot' in Contoso",
"details": {
"ReportableIdentifier": "Self-service Pilot"
}
}
],
"modifiedProperties": [
{
"displayName": "objectId",
"oldValue": null,
"newValue": "5e0c9eae-ad3d-4139-5ad0-174391d110eb"
},
{
"displayName": "displayName",
"oldValue": null,
"newValue": "Self-service Pilot"
},
{
"displayName": "mailEnabled",
"oldValue": null,
"newValue": "False"
},
{
"displayName": "mailNickname",
"oldValue": null,
"newValue": "5ce25n9a-4c5f-45c9-8362-ef3da29c66c5"
},
{
"displayName": "securityEnabled",
"oldValue": null,
"newValue": "True"
},
{
"displayName": "Name",
"oldValue": null,
"newValue": "Self-service Pilot"
}
]
}
]
}
피드백
https://aka.ms/ContentUserFeedback
출시 예정: 2024년 내내 콘텐츠에 대한 피드백 메커니즘으로 GitHub 문제를 단계적으로 폐지하고 이를 새로운 피드백 시스템으로 바꿀 예정입니다. 자세한 내용은 다음을 참조하세요.다음에 대한 사용자 의견 제출 및 보기