Espaço de nomes: microsoft.graph.identityGovernance
Importante
As APIs na versão /beta no Microsoft Graph estão sujeitas a alterações. Não há suporte para o uso dessas APIs em aplicativos de produção. Para determinar se uma API está disponível na v1.0, use o seletor Versão.
Crie um novo objeto de fluxo de trabalho . Pode criar até 100 fluxos de trabalho num inquilino.
Esta API está disponível nas seguintes implementações de cloud nacionais.
| Serviço global |
US Government L4 |
US Government L5 (DOD) |
China operada pela 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permissões
Escolha a permissão ou permissões marcadas como menos privilegiadas para esta API. Utilize uma permissão ou permissões com privilégios mais elevados apenas se a sua aplicação o exigir. Para obter detalhes sobre as permissões delegadas e de aplicação, veja Tipos de permissão. Para saber mais sobre estas permissões, veja a referência de permissões.
| Tipo de permissão |
Permissões com menos privilégios |
Permissões com privilégios superiores |
| Delegado (conta corporativa ou de estudante) |
Ciclo de VidaWorkflows-Workflow.ReadWrite.All |
Ciclo de VidaWorkflows.ReadWrite.All |
| Delegado (conta pessoal da Microsoft) |
Sem suporte. |
Sem suporte. |
| Application |
Ciclo de VidaWorkflows-Workflow.ReadWrite.All |
Ciclo de VidaWorkflows.ReadWrite.All |
Importante
Para acesso delegado através de contas escolares ou profissionais, tem de ser atribuída ao utilizador com sessão iniciada uma função de Microsoft Entra suportada ou uma função personalizada que conceda as permissões necessárias para esta operação.
O Administrador de Fluxos de Trabalho do Ciclo de Vida é a função com menos privilégios suportada para esta operação.
Solicitação HTTP
POST /identityGovernance/lifecycleWorkflows/workflows
| Nome |
Descrição |
| Autorização |
{token} de portador. Obrigatório. Saiba mais sobre autenticação e autorização. |
| Content-Type |
application/json. Obrigatório. |
Corpo da solicitação
No corpo do pedido, forneça uma representação JSON do objeto de fluxo de trabalho .
Pode especificar as seguintes propriedades ao criar um fluxo de trabalho.
| Propriedade |
Tipo |
Descrição |
| category |
microsoft.graph.identityGovernance.lifecycleWorkflowCategory |
A categoria do fluxo de trabalho. Os valores possíveis são: joiner, leaver, unknownFutureValue. Pode ser apenas um valor. Obrigatório. |
| description |
Cadeia de caracteres |
Uma cadeia que descreve a finalidade do fluxo de trabalho para utilização administrativa. |
| displayName |
Cadeia de caracteres |
Uma cadeia exclusiva que identifica o fluxo de trabalho. Obrigatório. |
| executionConditions |
microsoft.graph.identityGovernance.workflowExecutionConditions |
Define para quem e quando um fluxo de trabalho é executado. Obrigatório. |
| id |
Cadeia de caracteres |
Identificador utilizado para abordar individualmente um fluxo de trabalho específico. |
| isEnabled |
Booliano |
Um valor Booleano que indica se o fluxo de trabalho está definido para ser executado ou não. |
| isSchedulingEnabled |
Booliano |
Um valor booleano que indica se o agendamento está ativado ou não. |
| tarefas |
microsoft.graph.identityGovernance.task collection |
Representa as tarefas configuradas a executar e a respetiva sequência de execução no fluxo de trabalho. Obrigatório. |
Resposta
Se for bem-sucedido, este método devolve um 201 Created código de resposta e um objeto microsoft.graph.identityGovernance.workflow no corpo da resposta.
Exemplos
Exemplo 1: Criar um fluxo de trabalho de associador com o acionador baseado no tempo
Solicitação
O exemplo seguinte mostra um pedido que cria um fluxo de trabalho com a seguinte configuração:
- É um fluxo de trabalho "joiner" ativado e agendado para execução.
- É executada para novos utilizadores com base na Austrália, no respetivo colaboradorHireDate, através do acionador de atributo baseado no tempo.
- São realizadas duas tarefas quando o fluxo de trabalho é executado: a conta do utilizador está ativada e é enviado um e-mail "Bem-vindo" ao utilizador.
POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
Content-Type: application/json
{
"category": "joiner",
"description": "Configure new hire tasks for onboarding employees on their first day",
"displayName": "Australia Onboard new hire employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
"rule": "(country eq 'Australia')"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
"timeBasedAttribute": "employeeHireDate",
"offsetInDays": 0
}
},
"tasks": [
{
"continueOnError": false,
"description": "Enable user account in the directory",
"displayName": "Enable User Account",
"isEnabled": true,
"taskDefinitionId": "6fc52c9d-398b-4305-9763-15f42c1676fc",
"arguments": []
},
{
"continueOnError": false,
"description": "Send welcome email to new hire",
"displayName": "Send Welcome Email",
"isEnabled": true,
"taskDefinitionId": "70b29d51-b59a-4773-9280-8841dfd3f2ea",
"arguments": []
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;
var requestBody = new Workflow
{
Category = LifecycleWorkflowCategory.Joiner,
Description = "Configure new hire tasks for onboarding employees on their first day",
DisplayName = "Australia Onboard new hire employee",
IsEnabled = true,
IsSchedulingEnabled = true,
ExecutionConditions = new TriggerAndScopeBasedConditions
{
OdataType = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
Scope = new RuleBasedSubjectSet
{
OdataType = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
Rule = "(country eq 'Australia')",
},
Trigger = new TimeBasedAttributeTrigger
{
OdataType = "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
TimeBasedAttribute = WorkflowTriggerTimeBasedAttribute.EmployeeHireDate,
OffsetInDays = 0,
},
},
Tasks = new List<TaskObject>
{
new TaskObject
{
ContinueOnError = false,
Description = "Enable user account in the directory",
DisplayName = "Enable User Account",
IsEnabled = true,
TaskDefinitionId = "6fc52c9d-398b-4305-9763-15f42c1676fc",
Arguments = new List<KeyValuePair>
{
},
},
new TaskObject
{
ContinueOnError = false,
Description = "Send welcome email to new hire",
DisplayName = "Send Welcome Email",
IsEnabled = true,
TaskDefinitionId = "70b29d51-b59a-4773-9280-8841dfd3f2ea",
Arguments = new List<KeyValuePair>
{
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.JOINER_LIFECYCLEWORKFLOWCATEGORY
requestBody.SetCategory(&category)
description := "Configure new hire tasks for onboarding employees on their first day"
requestBody.SetDescription(&description)
displayName := "Australia Onboard new hire employee"
requestBody.SetDisplayName(&displayName)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
isSchedulingEnabled := true
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled)
executionConditions := graphmodelsidentitygovernance.NewTriggerAndScopeBasedConditions()
scope := graphmodelsidentitygovernance.NewRuleBasedSubjectSet()
rule := "(country eq 'Australia')"
scope.SetRule(&rule)
executionConditions.SetScope(scope)
trigger := graphmodelsidentitygovernance.NewTimeBasedAttributeTrigger()
timeBasedAttribute := graphmodels.EMPLOYEEHIREDATE_WORKFLOWTRIGGERTIMEBASEDATTRIBUTE
trigger.SetTimeBasedAttribute(&timeBasedAttribute)
offsetInDays := int32(0)
trigger.SetOffsetInDays(&offsetInDays)
executionConditions.SetTrigger(trigger)
requestBody.SetExecutionConditions(executionConditions)
task := graphmodelsidentitygovernance.NewTask()
continueOnError := false
task.SetContinueOnError(&continueOnError)
description := "Enable user account in the directory"
task.SetDescription(&description)
displayName := "Enable User Account"
task.SetDisplayName(&displayName)
isEnabled := true
task.SetIsEnabled(&isEnabled)
taskDefinitionId := "6fc52c9d-398b-4305-9763-15f42c1676fc"
task.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task.SetArguments(arguments)
task1 := graphmodelsidentitygovernance.NewTask()
continueOnError := false
task1.SetContinueOnError(&continueOnError)
description := "Send welcome email to new hire"
task1.SetDescription(&description)
displayName := "Send Welcome Email"
task1.SetDisplayName(&displayName)
isEnabled := true
task1.SetIsEnabled(&isEnabled)
taskDefinitionId := "70b29d51-b59a-4773-9280-8841dfd3f2ea"
task1.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task1.SetArguments(arguments)
tasks := []graphmodelsidentitygovernance.Taskable {
task,
task1,
}
requestBody.SetTasks(tasks)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Joiner);
workflow.setDescription("Configure new hire tasks for onboarding employees on their first day");
workflow.setDisplayName("Australia Onboard new hire employee");
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(true);
com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions executionConditions = new com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions");
com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet scope = new com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet();
scope.setOdataType("#microsoft.graph.identityGovernance.ruleBasedSubjectSet");
scope.setRule("(country eq 'Australia')");
executionConditions.setScope(scope);
com.microsoft.graph.beta.models.identitygovernance.TimeBasedAttributeTrigger trigger = new com.microsoft.graph.beta.models.identitygovernance.TimeBasedAttributeTrigger();
trigger.setOdataType("#microsoft.graph.identityGovernance.timeBasedAttributeTrigger");
trigger.setTimeBasedAttribute(com.microsoft.graph.beta.models.identitygovernance.WorkflowTriggerTimeBasedAttribute.EmployeeHireDate);
trigger.setOffsetInDays(0);
executionConditions.setTrigger(trigger);
workflow.setExecutionConditions(executionConditions);
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
task.setContinueOnError(false);
task.setDescription("Enable user account in the directory");
task.setDisplayName("Enable User Account");
task.setIsEnabled(true);
task.setTaskDefinitionId("6fc52c9d-398b-4305-9763-15f42c1676fc");
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
tasks.add(task);
com.microsoft.graph.beta.models.identitygovernance.Task task1 = new com.microsoft.graph.beta.models.identitygovernance.Task();
task1.setContinueOnError(false);
task1.setDescription("Send welcome email to new hire");
task1.setDisplayName("Send Welcome Email");
task1.setIsEnabled(true);
task1.setTaskDefinitionId("70b29d51-b59a-4773-9280-8841dfd3f2ea");
LinkedList<KeyValuePair> arguments1 = new LinkedList<KeyValuePair>();
task1.setArguments(arguments1);
tasks.add(task1);
workflow.setTasks(tasks);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);
const options = {
authProvider,
};
const client = Client.init(options);
const workflow = {
category: 'joiner',
description: 'Configure new hire tasks for onboarding employees on their first day',
displayName: 'Australia Onboard new hire employee',
isEnabled: true,
isSchedulingEnabled: true,
executionConditions: {
'@odata.type': '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions',
scope: {
'@odata.type': '#microsoft.graph.identityGovernance.ruleBasedSubjectSet',
rule: '(country eq \'Australia\')'
},
trigger: {
'@odata.type': '#microsoft.graph.identityGovernance.timeBasedAttributeTrigger',
timeBasedAttribute: 'employeeHireDate',
offsetInDays: 0
}
},
tasks: [
{
continueOnError: false,
description: 'Enable user account in the directory',
displayName: 'Enable User Account',
isEnabled: true,
taskDefinitionId: '6fc52c9d-398b-4305-9763-15f42c1676fc',
arguments: []
},
{
continueOnError: false,
description: 'Send welcome email to new hire',
displayName: 'Send Welcome Email',
isEnabled: true,
taskDefinitionId: '70b29d51-b59a-4773-9280-8841dfd3f2ea',
arguments: []
}
]
};
await client.api('/identityGovernance/lifecycleWorkflows/workflows')
.version('beta')
.post(workflow);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAndScopeBasedConditions;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\RuleBasedSubjectSet;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TimeBasedAttributeTrigger;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\WorkflowTriggerTimeBasedAttribute;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('joiner'));
$requestBody->setDescription('Configure new hire tasks for onboarding employees on their first day');
$requestBody->setDisplayName('Australia Onboard new hire employee');
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(true);
$executionConditions = new TriggerAndScopeBasedConditions();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions');
$executionConditionsScope = new RuleBasedSubjectSet();
$executionConditionsScope->setOdataType('#microsoft.graph.identityGovernance.ruleBasedSubjectSet');
$executionConditionsScope->setRule('(country eq \'Australia\')');
$executionConditions->setScope($executionConditionsScope);
$executionConditionsTrigger = new TimeBasedAttributeTrigger();
$executionConditionsTrigger->setOdataType('#microsoft.graph.identityGovernance.timeBasedAttributeTrigger');
$executionConditionsTrigger->setTimeBasedAttribute(new WorkflowTriggerTimeBasedAttribute('employeeHireDate'));
$executionConditionsTrigger->setOffsetInDays(0);
$executionConditions->setTrigger($executionConditionsTrigger);
$requestBody->setExecutionConditions($executionConditions);
$tasksTask1 = new Task();
$tasksTask1->setContinueOnError(false);
$tasksTask1->setDescription('Enable user account in the directory');
$tasksTask1->setDisplayName('Enable User Account');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setTaskDefinitionId('6fc52c9d-398b-4305-9763-15f42c1676fc');
$tasksTask1->setArguments([ ]);
$tasksArray []= $tasksTask1;
$tasksTask2 = new Task();
$tasksTask2->setContinueOnError(false);
$tasksTask2->setDescription('Send welcome email to new hire');
$tasksTask2->setDisplayName('Send Welcome Email');
$tasksTask2->setIsEnabled(true);
$tasksTask2->setTaskDefinitionId('70b29d51-b59a-4773-9280-8841dfd3f2ea');
$tasksTask2->setArguments([ ]);
$tasksArray []= $tasksTask2;
$requestBody->setTasks($tasksArray);
$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
category = "joiner"
description = "Configure new hire tasks for onboarding employees on their first day"
displayName = "Australia Onboard new hire employee"
isEnabled = $true
isSchedulingEnabled = $true
executionConditions = @{
"@odata.type" = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions"
scope = @{
"@odata.type" = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet"
rule = "(country eq 'Australia')"
}
trigger = @{
"@odata.type" = "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger"
timeBasedAttribute = "employeeHireDate"
offsetInDays =
}
}
tasks = @(
@{
continueOnError = $false
description = "Enable user account in the directory"
displayName = "Enable User Account"
isEnabled = $true
taskDefinitionId = "6fc52c9d-398b-4305-9763-15f42c1676fc"
arguments = @(
)
}
@{
continueOnError = $false
description = "Send welcome email to new hire"
displayName = "Send Welcome Email"
isEnabled = $true
taskDefinitionId = "70b29d51-b59a-4773-9280-8841dfd3f2ea"
arguments = @(
)
}
)
}
New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.trigger_and_scope_based_conditions import TriggerAndScopeBasedConditions
from msgraph_beta.generated.models.identity_governance.rule_based_subject_set import RuleBasedSubjectSet
from msgraph_beta.generated.models.identity_governance.time_based_attribute_trigger import TimeBasedAttributeTrigger
from msgraph_beta.generated.models.workflow_trigger_time_based_attribute import WorkflowTriggerTimeBasedAttribute
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
category = LifecycleWorkflowCategory.Joiner,
description = "Configure new hire tasks for onboarding employees on their first day",
display_name = "Australia Onboard new hire employee",
is_enabled = True,
is_scheduling_enabled = True,
execution_conditions = TriggerAndScopeBasedConditions(
odata_type = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
scope = RuleBasedSubjectSet(
odata_type = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
rule = "(country eq 'Australia')",
),
trigger = TimeBasedAttributeTrigger(
odata_type = "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
time_based_attribute = WorkflowTriggerTimeBasedAttribute.EmployeeHireDate,
offset_in_days = 0,
),
),
tasks = [
Task(
continue_on_error = False,
description = "Enable user account in the directory",
display_name = "Enable User Account",
is_enabled = True,
task_definition_id = "6fc52c9d-398b-4305-9763-15f42c1676fc",
arguments = [
],
),
Task(
continue_on_error = False,
description = "Send welcome email to new hire",
display_name = "Send Welcome Email",
is_enabled = True,
task_definition_id = "70b29d51-b59a-4773-9280-8841dfd3f2ea",
arguments = [
],
),
],
)
result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)
Resposta
O exemplo a seguir mostra a resposta.
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
"category": "joiner",
"description": "Configure new hire tasks for onboarding employees on their first day",
"displayName": "New Zealand new hire",
"lastModifiedDateTime": "2022-08-26T04:51:27.521792Z",
"createdDateTime": "2022-08-26T04:51:27.5217824Z",
"deletedDateTime": null,
"id": "818cd47f-138c-4a83-b3f5-afa92bfcf391",
"isEnabled": true,
"isSchedulingEnabled": false,
"nextScheduleRunDateTime": null,
"version": 1,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
"rule": "(country eq 'New Zealand')"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
"timeBasedAttribute": "employeeHireDate",
"offsetInDays": 0
}
}
}
Exemplo 2: Criar um fluxo de trabalho do mover com o acionador de alterações de atributo
Solicitação
O exemplo seguinte mostra um pedido que cria um fluxo de trabalho com a seguinte configuração:
- É um fluxo de trabalho "mover" ativado e agendado para execução.
- É executado para utilizadores existentes adicionados ao departamento de "Vendas" com o acionador de alterações de atributos.
- É realizada uma tarefa, que consiste em enviar um e-mail para notificar o gestor do utilizador da movimentação.
POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
Content-Type: application/json
Content-length: 631
{
"category": "mover",
"description": "Configure mover tasks for a user when their job profile changes",
"displayName": "Sales contractor moves to full-time employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
"rule": "(department eq 'Sales')"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.attributeChangeTrigger",
"triggerAttributes": [
{
"name": "department"
}
]
}
},
"tasks": [
{
"continueOnError": false,
"description": "Send email to moving employee's manager",
"displayName": "Notify manager of move",
"isEnabled": true,
"taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
"arguments": []
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;
var requestBody = new Workflow
{
Category = LifecycleWorkflowCategory.Mover,
Description = "Configure mover tasks for a user when their job profile changes",
DisplayName = "Sales contractor moves to full-time employee",
IsEnabled = true,
IsSchedulingEnabled = true,
ExecutionConditions = new TriggerAndScopeBasedConditions
{
OdataType = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
Scope = new RuleBasedSubjectSet
{
OdataType = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
Rule = "(department eq 'Sales')",
},
Trigger = new AttributeChangeTrigger
{
OdataType = "#microsoft.graph.identityGovernance.attributeChangeTrigger",
TriggerAttributes = new List<TriggerAttribute>
{
new TriggerAttribute
{
Name = "department",
},
},
},
},
Tasks = new List<TaskObject>
{
new TaskObject
{
ContinueOnError = false,
Description = "Send email to moving employee's manager",
DisplayName = "Notify manager of move",
IsEnabled = true,
TaskDefinitionId = "aab41899-9972-422a-9d97-f626014578b7",
Arguments = new List<KeyValuePair>
{
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.MOVER_LIFECYCLEWORKFLOWCATEGORY
requestBody.SetCategory(&category)
description := "Configure mover tasks for a user when their job profile changes"
requestBody.SetDescription(&description)
displayName := "Sales contractor moves to full-time employee"
requestBody.SetDisplayName(&displayName)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
isSchedulingEnabled := true
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled)
executionConditions := graphmodelsidentitygovernance.NewTriggerAndScopeBasedConditions()
scope := graphmodelsidentitygovernance.NewRuleBasedSubjectSet()
rule := "(department eq 'Sales')"
scope.SetRule(&rule)
executionConditions.SetScope(scope)
trigger := graphmodelsidentitygovernance.NewAttributeChangeTrigger()
triggerAttribute := graphmodelsidentitygovernance.NewTriggerAttribute()
name := "department"
triggerAttribute.SetName(&name)
triggerAttributes := []graphmodelsidentitygovernance.TriggerAttributeable {
triggerAttribute,
}
trigger.SetTriggerAttributes(triggerAttributes)
executionConditions.SetTrigger(trigger)
requestBody.SetExecutionConditions(executionConditions)
task := graphmodelsidentitygovernance.NewTask()
continueOnError := false
task.SetContinueOnError(&continueOnError)
description := "Send email to moving employee's manager"
task.SetDescription(&description)
displayName := "Notify manager of move"
task.SetDisplayName(&displayName)
isEnabled := true
task.SetIsEnabled(&isEnabled)
taskDefinitionId := "aab41899-9972-422a-9d97-f626014578b7"
task.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task.SetArguments(arguments)
tasks := []graphmodelsidentitygovernance.Taskable {
task,
}
requestBody.SetTasks(tasks)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Mover);
workflow.setDescription("Configure mover tasks for a user when their job profile changes");
workflow.setDisplayName("Sales contractor moves to full-time employee");
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(true);
com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions executionConditions = new com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions");
com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet scope = new com.microsoft.graph.beta.models.identitygovernance.RuleBasedSubjectSet();
scope.setOdataType("#microsoft.graph.identityGovernance.ruleBasedSubjectSet");
scope.setRule("(department eq 'Sales')");
executionConditions.setScope(scope);
com.microsoft.graph.beta.models.identitygovernance.AttributeChangeTrigger trigger = new com.microsoft.graph.beta.models.identitygovernance.AttributeChangeTrigger();
trigger.setOdataType("#microsoft.graph.identityGovernance.attributeChangeTrigger");
LinkedList<com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute> triggerAttributes = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute>();
com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute triggerAttribute = new com.microsoft.graph.beta.models.identitygovernance.TriggerAttribute();
triggerAttribute.setName("department");
triggerAttributes.add(triggerAttribute);
trigger.setTriggerAttributes(triggerAttributes);
executionConditions.setTrigger(trigger);
workflow.setExecutionConditions(executionConditions);
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
task.setContinueOnError(false);
task.setDescription("Send email to moving employee's manager");
task.setDisplayName("Notify manager of move");
task.setIsEnabled(true);
task.setTaskDefinitionId("aab41899-9972-422a-9d97-f626014578b7");
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
tasks.add(task);
workflow.setTasks(tasks);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);
const options = {
authProvider,
};
const client = Client.init(options);
const workflow = {
category: 'mover',
description: 'Configure mover tasks for a user when their job profile changes',
displayName: 'Sales contractor moves to full-time employee',
isEnabled: true,
isSchedulingEnabled: true,
executionConditions: {
'@odata.type': '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions',
scope: {
'@odata.type': '#microsoft.graph.identityGovernance.ruleBasedSubjectSet',
rule: '(department eq \'Sales\')'
},
trigger: {
'@odata.type': '#microsoft.graph.identityGovernance.attributeChangeTrigger',
triggerAttributes: [
{
name: 'department'
}
]
}
},
tasks: [
{
continueOnError: false,
description: 'Send email to moving employee\'s manager',
displayName: 'Notify manager of move',
isEnabled: true,
taskDefinitionId: 'aab41899-9972-422a-9d97-f626014578b7',
arguments: []
}
]
};
await client.api('/identityGovernance/lifecycleWorkflows/workflows')
.version('beta')
.post(workflow);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAndScopeBasedConditions;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\RuleBasedSubjectSet;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\AttributeChangeTrigger;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAttribute;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('mover'));
$requestBody->setDescription('Configure mover tasks for a user when their job profile changes');
$requestBody->setDisplayName('Sales contractor moves to full-time employee');
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(true);
$executionConditions = new TriggerAndScopeBasedConditions();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions');
$executionConditionsScope = new RuleBasedSubjectSet();
$executionConditionsScope->setOdataType('#microsoft.graph.identityGovernance.ruleBasedSubjectSet');
$executionConditionsScope->setRule('(department eq \'Sales\')');
$executionConditions->setScope($executionConditionsScope);
$executionConditionsTrigger = new AttributeChangeTrigger();
$executionConditionsTrigger->setOdataType('#microsoft.graph.identityGovernance.attributeChangeTrigger');
$triggerAttributesTriggerAttribute1 = new TriggerAttribute();
$triggerAttributesTriggerAttribute1->setName('department');
$triggerAttributesArray []= $triggerAttributesTriggerAttribute1;
$executionConditionsTrigger->setTriggerAttributes($triggerAttributesArray);
$executionConditions->setTrigger($executionConditionsTrigger);
$requestBody->setExecutionConditions($executionConditions);
$tasksTask1 = new Task();
$tasksTask1->setContinueOnError(false);
$tasksTask1->setDescription('Send email to moving employee\'s manager');
$tasksTask1->setDisplayName('Notify manager of move');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setTaskDefinitionId('aab41899-9972-422a-9d97-f626014578b7');
$tasksTask1->setArguments([]);
$tasksArray []= $tasksTask1;
$requestBody->setTasks($tasksArray);
$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
category = "mover"
description = "Configure mover tasks for a user when their job profile changes"
displayName = "Sales contractor moves to full-time employee"
isEnabled = $true
isSchedulingEnabled = $true
executionConditions = @{
"@odata.type" = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions"
scope = @{
"@odata.type" = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet"
rule = "(department eq 'Sales')"
}
trigger = @{
"@odata.type" = "#microsoft.graph.identityGovernance.attributeChangeTrigger"
triggerAttributes = @(
@{
name = "department"
}
)
}
}
tasks = @(
@{
continueOnError = $false
description = "Send email to moving employee's manager"
displayName = "Notify manager of move"
isEnabled = $true
taskDefinitionId = "aab41899-9972-422a-9d97-f626014578b7"
arguments = @(
)
}
)
}
New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.trigger_and_scope_based_conditions import TriggerAndScopeBasedConditions
from msgraph_beta.generated.models.identity_governance.rule_based_subject_set import RuleBasedSubjectSet
from msgraph_beta.generated.models.identity_governance.attribute_change_trigger import AttributeChangeTrigger
from msgraph_beta.generated.models.identity_governance.trigger_attribute import TriggerAttribute
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
category = LifecycleWorkflowCategory.Mover,
description = "Configure mover tasks for a user when their job profile changes",
display_name = "Sales contractor moves to full-time employee",
is_enabled = True,
is_scheduling_enabled = True,
execution_conditions = TriggerAndScopeBasedConditions(
odata_type = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
scope = RuleBasedSubjectSet(
odata_type = "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
rule = "(department eq 'Sales')",
),
trigger = AttributeChangeTrigger(
odata_type = "#microsoft.graph.identityGovernance.attributeChangeTrigger",
trigger_attributes = [
TriggerAttribute(
name = "department",
),
],
),
),
tasks = [
Task(
continue_on_error = False,
description = "Send email to moving employee's manager",
display_name = "Notify manager of move",
is_enabled = True,
task_definition_id = "aab41899-9972-422a-9d97-f626014578b7",
arguments = [
],
),
],
)
result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)
Resposta
O exemplo a seguir mostra a resposta.
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 200 OK
Content-Type: application/json
{
"category": "mover",
"description": "Configure mover tasks for a user when their job profile changes",
"displayName": "Sales contractor moves to full time employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
"rule": "(department eq 'Sales')"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.attributeChangeTrigger",
"triggerAttributes": [
{
"name": "department"
}
]
}
},
"tasks": [
{
"continueOnError": false,
"description": "Send email to moving employee's manager",
"displayName": "Notify manager of move",
"isEnabled": true,
"taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
"arguments": []
}
]
}
Exemplo 3: criar um fluxo de trabalho leaver com o acionador baseado em grupo
Solicitação
O exemplo seguinte mostra um pedido que cria um fluxo de trabalho com a seguinte configuração:
- É um fluxo de trabalho "leaver" ativado e agendado para execução.
- É executada para os utilizadores que são removidos do grupo Vendas com o acionador baseado no grupo.
- São executadas duas tarefas quando o fluxo de trabalho é executado: Remover utilizador de todas as Equipas, Remover utilizador de todos os grupos.
POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
Content-Type: application/json
{
"category": "leaver",
"description": "Configure offboarding tasks for employees on their last day of work",
"displayName": "Offboard an employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.groupBasedSubjectSet",
"groups": [
{
"id": "668e7540-7f8e-4ca4-a207-b7dffbb6d038"
}
]
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.membershipChangeTrigger",
"changeType": "remove"
}
},
"tasks": [
{
"category": "leaver",
"continueOnError": false,
"description": "Remove user from all Teams memberships",
"displayName": "Remove user from all Teams",
"isEnabled": true,
"taskDefinitionId": "81f7b200-2816-4b3b-8c5d-dc556f07b024",
"arguments": []
},
{
"category": "leaver",
"continueOnError": false,
"description": "Remove user from all Azure AD groups memberships",
"displayName": "Remove user from all groups",
"isEnabled": true,
"taskDefinitionId": "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
"arguments": []
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;
var requestBody = new Workflow
{
Category = LifecycleWorkflowCategory.Leaver,
Description = "Configure offboarding tasks for employees on their last day of work",
DisplayName = "Offboard an employee",
IsEnabled = true,
IsSchedulingEnabled = true,
ExecutionConditions = new TriggerAndScopeBasedConditions
{
OdataType = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
Scope = new GroupBasedSubjectSet
{
OdataType = "#microsoft.graph.identityGovernance.groupBasedSubjectSet",
Groups = new List<Group>
{
new Group
{
Id = "668e7540-7f8e-4ca4-a207-b7dffbb6d038",
},
},
},
Trigger = new MembershipChangeTrigger
{
OdataType = "#microsoft.graph.identityGovernance.membershipChangeTrigger",
ChangeType = MembershipChangeType.Remove,
},
},
Tasks = new List<TaskObject>
{
new TaskObject
{
Category = LifecycleTaskCategory.Leaver,
ContinueOnError = false,
Description = "Remove user from all Teams memberships",
DisplayName = "Remove user from all Teams",
IsEnabled = true,
TaskDefinitionId = "81f7b200-2816-4b3b-8c5d-dc556f07b024",
Arguments = new List<KeyValuePair>
{
},
},
new TaskObject
{
Category = LifecycleTaskCategory.Leaver,
ContinueOnError = false,
Description = "Remove user from all Azure AD groups memberships",
DisplayName = "Remove user from all groups",
IsEnabled = true,
TaskDefinitionId = "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
Arguments = new List<KeyValuePair>
{
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.LEAVER_LIFECYCLEWORKFLOWCATEGORY
requestBody.SetCategory(&category)
description := "Configure offboarding tasks for employees on their last day of work"
requestBody.SetDescription(&description)
displayName := "Offboard an employee"
requestBody.SetDisplayName(&displayName)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
isSchedulingEnabled := true
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled)
executionConditions := graphmodelsidentitygovernance.NewTriggerAndScopeBasedConditions()
scope := graphmodelsidentitygovernance.NewGroupBasedSubjectSet()
group := graphmodels.NewGroup()
id := "668e7540-7f8e-4ca4-a207-b7dffbb6d038"
group.SetId(&id)
groups := []graphmodels.Groupable {
group,
}
scope.SetGroups(groups)
executionConditions.SetScope(scope)
trigger := graphmodelsidentitygovernance.NewMembershipChangeTrigger()
changeType := graphmodels.REMOVE_MEMBERSHIPCHANGETYPE
trigger.SetChangeType(&changeType)
executionConditions.SetTrigger(trigger)
requestBody.SetExecutionConditions(executionConditions)
task := graphmodelsidentitygovernance.NewTask()
category := graphmodels.LEAVER_LIFECYCLETASKCATEGORY
task.SetCategory(&category)
continueOnError := false
task.SetContinueOnError(&continueOnError)
description := "Remove user from all Teams memberships"
task.SetDescription(&description)
displayName := "Remove user from all Teams"
task.SetDisplayName(&displayName)
isEnabled := true
task.SetIsEnabled(&isEnabled)
taskDefinitionId := "81f7b200-2816-4b3b-8c5d-dc556f07b024"
task.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task.SetArguments(arguments)
task1 := graphmodelsidentitygovernance.NewTask()
category := graphmodels.LEAVER_LIFECYCLETASKCATEGORY
task1.SetCategory(&category)
continueOnError := false
task1.SetContinueOnError(&continueOnError)
description := "Remove user from all Azure AD groups memberships"
task1.SetDescription(&description)
displayName := "Remove user from all groups"
task1.SetDisplayName(&displayName)
isEnabled := true
task1.SetIsEnabled(&isEnabled)
taskDefinitionId := "b3a31406-2a15-4c9a-b25b-a658fa5f07fc"
task1.SetTaskDefinitionId(&taskDefinitionId)
arguments := []graphmodels.KeyValuePairable {
}
task1.SetArguments(arguments)
tasks := []graphmodelsidentitygovernance.Taskable {
task,
task1,
}
requestBody.SetTasks(tasks)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Leaver);
workflow.setDescription("Configure offboarding tasks for employees on their last day of work");
workflow.setDisplayName("Offboard an employee");
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(true);
com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions executionConditions = new com.microsoft.graph.beta.models.identitygovernance.TriggerAndScopeBasedConditions();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions");
com.microsoft.graph.beta.models.identitygovernance.GroupBasedSubjectSet scope = new com.microsoft.graph.beta.models.identitygovernance.GroupBasedSubjectSet();
scope.setOdataType("#microsoft.graph.identityGovernance.groupBasedSubjectSet");
LinkedList<Group> groups = new LinkedList<Group>();
Group group = new Group();
group.setId("668e7540-7f8e-4ca4-a207-b7dffbb6d038");
groups.add(group);
scope.setGroups(groups);
executionConditions.setScope(scope);
com.microsoft.graph.beta.models.identitygovernance.MembershipChangeTrigger trigger = new com.microsoft.graph.beta.models.identitygovernance.MembershipChangeTrigger();
trigger.setOdataType("#microsoft.graph.identityGovernance.membershipChangeTrigger");
trigger.setChangeType(com.microsoft.graph.beta.models.identitygovernance.MembershipChangeType.Remove);
executionConditions.setTrigger(trigger);
workflow.setExecutionConditions(executionConditions);
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
task.setCategory(EnumSet.of(com.microsoft.graph.beta.models.identitygovernance.LifecycleTaskCategory.Leaver));
task.setContinueOnError(false);
task.setDescription("Remove user from all Teams memberships");
task.setDisplayName("Remove user from all Teams");
task.setIsEnabled(true);
task.setTaskDefinitionId("81f7b200-2816-4b3b-8c5d-dc556f07b024");
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
tasks.add(task);
com.microsoft.graph.beta.models.identitygovernance.Task task1 = new com.microsoft.graph.beta.models.identitygovernance.Task();
task1.setCategory(EnumSet.of(com.microsoft.graph.beta.models.identitygovernance.LifecycleTaskCategory.Leaver));
task1.setContinueOnError(false);
task1.setDescription("Remove user from all Azure AD groups memberships");
task1.setDisplayName("Remove user from all groups");
task1.setIsEnabled(true);
task1.setTaskDefinitionId("b3a31406-2a15-4c9a-b25b-a658fa5f07fc");
LinkedList<KeyValuePair> arguments1 = new LinkedList<KeyValuePair>();
task1.setArguments(arguments1);
tasks.add(task1);
workflow.setTasks(tasks);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);
const options = {
authProvider,
};
const client = Client.init(options);
const workflow = {
category: 'leaver',
description: 'Configure offboarding tasks for employees on their last day of work',
displayName: 'Offboard an employee',
isEnabled: true,
isSchedulingEnabled: true,
executionConditions: {
'@odata.type': '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions',
scope: {
'@odata.type': '#microsoft.graph.identityGovernance.groupBasedSubjectSet',
groups: [
{
id: '668e7540-7f8e-4ca4-a207-b7dffbb6d038'
}
]
},
trigger: {
'@odata.type': '#microsoft.graph.identityGovernance.membershipChangeTrigger',
changeType: 'remove'
}
},
tasks: [
{
category: 'leaver',
continueOnError: false,
description: 'Remove user from all Teams memberships',
displayName: 'Remove user from all Teams',
isEnabled: true,
taskDefinitionId: '81f7b200-2816-4b3b-8c5d-dc556f07b024',
arguments: []
},
{
category: 'leaver',
continueOnError: false,
description: 'Remove user from all Azure AD groups memberships',
displayName: 'Remove user from all groups',
isEnabled: true,
taskDefinitionId: 'b3a31406-2a15-4c9a-b25b-a658fa5f07fc',
arguments: []
}
]
};
await client.api('/identityGovernance/lifecycleWorkflows/workflows')
.version('beta')
.post(workflow);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\TriggerAndScopeBasedConditions;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\GroupBasedSubjectSet;
use Microsoft\Graph\Beta\Generated\Models\Group;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\MembershipChangeTrigger;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\MembershipChangeType;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleTaskCategory;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('leaver'));
$requestBody->setDescription('Configure offboarding tasks for employees on their last day of work');
$requestBody->setDisplayName('Offboard an employee');
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(true);
$executionConditions = new TriggerAndScopeBasedConditions();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions');
$executionConditionsScope = new GroupBasedSubjectSet();
$executionConditionsScope->setOdataType('#microsoft.graph.identityGovernance.groupBasedSubjectSet');
$groupsGroup1 = new Group();
$groupsGroup1->setId('668e7540-7f8e-4ca4-a207-b7dffbb6d038');
$groupsArray []= $groupsGroup1;
$executionConditionsScope->setGroups($groupsArray);
$executionConditions->setScope($executionConditionsScope);
$executionConditionsTrigger = new MembershipChangeTrigger();
$executionConditionsTrigger->setOdataType('#microsoft.graph.identityGovernance.membershipChangeTrigger');
$executionConditionsTrigger->setChangeType(new MembershipChangeType('remove'));
$executionConditions->setTrigger($executionConditionsTrigger);
$requestBody->setExecutionConditions($executionConditions);
$tasksTask1 = new Task();
$tasksTask1->setCategory(new LifecycleTaskCategory('leaver'));
$tasksTask1->setContinueOnError(false);
$tasksTask1->setDescription('Remove user from all Teams memberships');
$tasksTask1->setDisplayName('Remove user from all Teams');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setTaskDefinitionId('81f7b200-2816-4b3b-8c5d-dc556f07b024');
$tasksTask1->setArguments([]);
$tasksArray []= $tasksTask1;
$tasksTask2 = new Task();
$tasksTask2->setCategory(new LifecycleTaskCategory('leaver'));
$tasksTask2->setContinueOnError(false);
$tasksTask2->setDescription('Remove user from all Azure AD groups memberships');
$tasksTask2->setDisplayName('Remove user from all groups');
$tasksTask2->setIsEnabled(true);
$tasksTask2->setTaskDefinitionId('b3a31406-2a15-4c9a-b25b-a658fa5f07fc');
$tasksTask2->setArguments([]);
$tasksArray []= $tasksTask2;
$requestBody->setTasks($tasksArray);
$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
category = "leaver"
description = "Configure offboarding tasks for employees on their last day of work"
displayName = "Offboard an employee"
isEnabled = $true
isSchedulingEnabled = $true
executionConditions = @{
"@odata.type" = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions"
scope = @{
"@odata.type" = "#microsoft.graph.identityGovernance.groupBasedSubjectSet"
groups = @(
@{
id = "668e7540-7f8e-4ca4-a207-b7dffbb6d038"
}
)
}
trigger = @{
"@odata.type" = "#microsoft.graph.identityGovernance.membershipChangeTrigger"
changeType = "remove"
}
}
tasks = @(
@{
category = "leaver"
continueOnError = $false
description = "Remove user from all Teams memberships"
displayName = "Remove user from all Teams"
isEnabled = $true
taskDefinitionId = "81f7b200-2816-4b3b-8c5d-dc556f07b024"
arguments = @(
)
}
@{
category = "leaver"
continueOnError = $false
description = "Remove user from all Azure AD groups memberships"
displayName = "Remove user from all groups"
isEnabled = $true
taskDefinitionId = "b3a31406-2a15-4c9a-b25b-a658fa5f07fc"
arguments = @(
)
}
)
}
New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.trigger_and_scope_based_conditions import TriggerAndScopeBasedConditions
from msgraph_beta.generated.models.identity_governance.group_based_subject_set import GroupBasedSubjectSet
from msgraph_beta.generated.models.group import Group
from msgraph_beta.generated.models.identity_governance.membership_change_trigger import MembershipChangeTrigger
from msgraph_beta.generated.models.membership_change_type import MembershipChangeType
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.lifecycle_task_category import LifecycleTaskCategory
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
category = LifecycleWorkflowCategory.Leaver,
description = "Configure offboarding tasks for employees on their last day of work",
display_name = "Offboard an employee",
is_enabled = True,
is_scheduling_enabled = True,
execution_conditions = TriggerAndScopeBasedConditions(
odata_type = "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
scope = GroupBasedSubjectSet(
odata_type = "#microsoft.graph.identityGovernance.groupBasedSubjectSet",
groups = [
Group(
id = "668e7540-7f8e-4ca4-a207-b7dffbb6d038",
),
],
),
trigger = MembershipChangeTrigger(
odata_type = "#microsoft.graph.identityGovernance.membershipChangeTrigger",
change_type = MembershipChangeType.Remove,
),
),
tasks = [
Task(
category = LifecycleTaskCategory.Leaver,
continue_on_error = False,
description = "Remove user from all Teams memberships",
display_name = "Remove user from all Teams",
is_enabled = True,
task_definition_id = "81f7b200-2816-4b3b-8c5d-dc556f07b024",
arguments = [
],
),
Task(
category = LifecycleTaskCategory.Leaver,
continue_on_error = False,
description = "Remove user from all Azure AD groups memberships",
display_name = "Remove user from all groups",
is_enabled = True,
task_definition_id = "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
arguments = [
],
),
],
)
result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)
Resposta
O exemplo a seguir mostra a resposta.
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
"category": "leaver",
"description": "Configure offboarding tasks for employees on their last day of work",
"displayName": "Offboard an employee",
"isEnabled": true,
"isSchedulingEnabled": true,
"lastModifiedDateTime": "2024-03-28T20:20:05.6599449Z",
"createdDateTime": "2024-03-28T20:20:05.6599142Z",
"deletedDateTime": null,
"id": "73ed8912-6a04-4f5d-bef8-61fcc94336a7",
"nextScheduleRunDateTime": "2024-03-28T20:37:08Z",
"version": 1,
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
"scope": {
"@odata.type": "#microsoft.graph.identityGovernance.groupBasedSubjectSet"
},
"trigger": {
"@odata.type": "#microsoft.graph.identityGovernance.membershipChangeTrigger",
"changeType": "remove"
}
}
}
Exemplo 4: Criar um fluxo de trabalho de mover com um âmbito de destino definido
Solicitação
O exemplo seguinte mostra um pedido que cria um fluxo de trabalho com a seguinte configuração:
- É um fluxo de trabalho "mover" ativado e definido para ser executado apenas a pedido.
- É executada para utilizadores no âmbito de destino definido das unidades administrativas "4f9dc456-0574-4122-9e55-8b4cc494b27d" e "2c987843-e9b1-4b1a-b924-ff1d2a9b054d".
- É realizada uma tarefa, que consiste em enviar um e-mail para notificar o gestor do utilizador da movimentação.
POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows
{
"category": "mover",
"displayName": "On Demand workflow move",
"description": "Execute real-time tasks for employee job changes",
"tasks": [
{
"arguments": [],
"description": "Send email to notify user’s manager of user move",
"displayName": "Send email to notify manager of user move",
"isEnabled": true,
"continueOnError": false,
"taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
"category": "mover"
}
],
"executionConditions": {
"@odata.type": "#microsoft.graph.identityGovernance.onDemandExecutionOnly"
},
"isEnabled": true,
"isSchedulingEnabled": false,
"administrationScopeTargets": [
{
"@odata.type": "#microsoft.graph.administrativeUnit",
"id": "4f9dc456-0574-4122-9e55-8b4cc494b27d"
},
{
"@odata.type": "#microsoft.graph.administrativeUnit",
"id": "2c987843-e9b1-4b1a-b924-ff1d2a9b054d"
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;
var requestBody = new Workflow
{
Category = LifecycleWorkflowCategory.Mover,
DisplayName = "On Demand workflow move",
Description = "Execute real-time tasks for employee job changes",
Tasks = new List<TaskObject>
{
new TaskObject
{
Arguments = new List<KeyValuePair>
{
},
Description = "Send email to notify user’s manager of user move",
DisplayName = "Send email to notify manager of user move",
IsEnabled = true,
ContinueOnError = false,
TaskDefinitionId = "aab41899-9972-422a-9d97-f626014578b7",
Category = LifecycleTaskCategory.Mover,
},
},
ExecutionConditions = new OnDemandExecutionOnly
{
OdataType = "#microsoft.graph.identityGovernance.onDemandExecutionOnly",
},
IsEnabled = true,
IsSchedulingEnabled = false,
AdministrationScopeTargets = new List<DirectoryObject>
{
new AdministrativeUnit
{
OdataType = "#microsoft.graph.administrativeUnit",
Id = "4f9dc456-0574-4122-9e55-8b4cc494b27d",
},
new AdministrativeUnit
{
OdataType = "#microsoft.graph.administrativeUnit",
Id = "2c987843-e9b1-4b1a-b924-ff1d2a9b054d",
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.Workflows.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodelsidentitygovernance.NewWorkflow()
category := graphmodels.MOVER_LIFECYCLEWORKFLOWCATEGORY
requestBody.SetCategory(&category)
displayName := "On Demand workflow move"
requestBody.SetDisplayName(&displayName)
description := "Execute real-time tasks for employee job changes"
requestBody.SetDescription(&description)
task := graphmodelsidentitygovernance.NewTask()
arguments := []graphmodels.KeyValuePairable {
}
task.SetArguments(arguments)
description := "Send email to notify user’s manager of user move"
task.SetDescription(&description)
displayName := "Send email to notify manager of user move"
task.SetDisplayName(&displayName)
isEnabled := true
task.SetIsEnabled(&isEnabled)
continueOnError := false
task.SetContinueOnError(&continueOnError)
taskDefinitionId := "aab41899-9972-422a-9d97-f626014578b7"
task.SetTaskDefinitionId(&taskDefinitionId)
category := graphmodels.MOVER_LIFECYCLETASKCATEGORY
task.SetCategory(&category)
tasks := []graphmodelsidentitygovernance.Taskable {
task,
}
requestBody.SetTasks(tasks)
executionConditions := graphmodelsidentitygovernance.NewOnDemandExecutionOnly()
requestBody.SetExecutionConditions(executionConditions)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
isSchedulingEnabled := false
requestBody.SetIsSchedulingEnabled(&isSchedulingEnabled)
directoryObject := graphmodels.NewAdministrativeUnit()
id := "4f9dc456-0574-4122-9e55-8b4cc494b27d"
directoryObject.SetId(&id)
directoryObject1 := graphmodels.NewAdministrativeUnit()
id := "2c987843-e9b1-4b1a-b924-ff1d2a9b054d"
directoryObject1.SetId(&id)
administrationScopeTargets := []graphmodels.DirectoryObjectable {
directoryObject,
directoryObject1,
}
requestBody.SetAdministrationScopeTargets(administrationScopeTargets)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
workflows, err := graphClient.IdentityGovernance().LifecycleWorkflows().Workflows().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.identitygovernance.Workflow workflow = new com.microsoft.graph.beta.models.identitygovernance.Workflow();
workflow.setCategory(com.microsoft.graph.beta.models.identitygovernance.LifecycleWorkflowCategory.Mover);
workflow.setDisplayName("On Demand workflow move");
workflow.setDescription("Execute real-time tasks for employee job changes");
LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task> tasks = new LinkedList<com.microsoft.graph.beta.models.identitygovernance.Task>();
com.microsoft.graph.beta.models.identitygovernance.Task task = new com.microsoft.graph.beta.models.identitygovernance.Task();
LinkedList<KeyValuePair> arguments = new LinkedList<KeyValuePair>();
task.setArguments(arguments);
task.setDescription("Send email to notify user’s manager of user move");
task.setDisplayName("Send email to notify manager of user move");
task.setIsEnabled(true);
task.setContinueOnError(false);
task.setTaskDefinitionId("aab41899-9972-422a-9d97-f626014578b7");
task.setCategory(EnumSet.of(com.microsoft.graph.beta.models.identitygovernance.LifecycleTaskCategory.Mover));
tasks.add(task);
workflow.setTasks(tasks);
com.microsoft.graph.beta.models.identitygovernance.OnDemandExecutionOnly executionConditions = new com.microsoft.graph.beta.models.identitygovernance.OnDemandExecutionOnly();
executionConditions.setOdataType("#microsoft.graph.identityGovernance.onDemandExecutionOnly");
workflow.setExecutionConditions(executionConditions);
workflow.setIsEnabled(true);
workflow.setIsSchedulingEnabled(false);
LinkedList<DirectoryObject> administrationScopeTargets = new LinkedList<DirectoryObject>();
AdministrativeUnit directoryObject = new AdministrativeUnit();
directoryObject.setOdataType("#microsoft.graph.administrativeUnit");
directoryObject.setId("4f9dc456-0574-4122-9e55-8b4cc494b27d");
administrationScopeTargets.add(directoryObject);
AdministrativeUnit directoryObject1 = new AdministrativeUnit();
directoryObject1.setOdataType("#microsoft.graph.administrativeUnit");
directoryObject1.setId("2c987843-e9b1-4b1a-b924-ff1d2a9b054d");
administrationScopeTargets.add(directoryObject1);
workflow.setAdministrationScopeTargets(administrationScopeTargets);
com.microsoft.graph.models.identitygovernance.Workflow result = graphClient.identityGovernance().lifecycleWorkflows().workflows().post(workflow);
const options = {
authProvider,
};
const client = Client.init(options);
const workflow = {
category: 'mover',
displayName: 'On Demand workflow move',
description: 'Execute real-time tasks for employee job changes',
tasks: [
{
arguments: [],
description: 'Send email to notify user’s manager of user move',
displayName: 'Send email to notify manager of user move',
isEnabled: true,
continueOnError: false,
taskDefinitionId: 'aab41899-9972-422a-9d97-f626014578b7',
category: 'mover'
}
],
executionConditions: {
'@odata.type': '#microsoft.graph.identityGovernance.onDemandExecutionOnly'
},
isEnabled: true,
isSchedulingEnabled: false,
administrationScopeTargets: [
{
'@odata.type': '#microsoft.graph.administrativeUnit',
id: '4f9dc456-0574-4122-9e55-8b4cc494b27d'
},
{
'@odata.type': '#microsoft.graph.administrativeUnit',
id: '2c987843-e9b1-4b1a-b924-ff1d2a9b054d'
}
]
};
await client.api('/identityGovernance/lifecycleWorkflows/workflows')
.version('beta')
.post(workflow);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Workflow;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleWorkflowCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\Task;
use Microsoft\Graph\Beta\Generated\Models\KeyValuePair;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\LifecycleTaskCategory;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\OnDemandExecutionOnly;
use Microsoft\Graph\Beta\Generated\Models\DirectoryObject;
use Microsoft\Graph\Beta\Generated\Models\AdministrativeUnit;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Workflow();
$requestBody->setCategory(new LifecycleWorkflowCategory('mover'));
$requestBody->setDisplayName('On Demand workflow move');
$requestBody->setDescription('Execute real-time tasks for employee job changes');
$tasksTask1 = new Task();
$tasksTask1->setArguments([ ]);
$tasksTask1->setDescription('Send email to notify user’s manager of user move');
$tasksTask1->setDisplayName('Send email to notify manager of user move');
$tasksTask1->setIsEnabled(true);
$tasksTask1->setContinueOnError(false);
$tasksTask1->setTaskDefinitionId('aab41899-9972-422a-9d97-f626014578b7');
$tasksTask1->setCategory(new LifecycleTaskCategory('mover'));
$tasksArray []= $tasksTask1;
$requestBody->setTasks($tasksArray);
$executionConditions = new OnDemandExecutionOnly();
$executionConditions->setOdataType('#microsoft.graph.identityGovernance.onDemandExecutionOnly');
$requestBody->setExecutionConditions($executionConditions);
$requestBody->setIsEnabled(true);
$requestBody->setIsSchedulingEnabled(false);
$administrationScopeTargetsDirectoryObject1 = new AdministrativeUnit();
$administrationScopeTargetsDirectoryObject1->setOdataType('#microsoft.graph.administrativeUnit');
$administrationScopeTargetsDirectoryObject1->setId('4f9dc456-0574-4122-9e55-8b4cc494b27d');
$administrationScopeTargetsArray []= $administrationScopeTargetsDirectoryObject1;
$administrationScopeTargetsDirectoryObject2 = new AdministrativeUnit();
$administrationScopeTargetsDirectoryObject2->setOdataType('#microsoft.graph.administrativeUnit');
$administrationScopeTargetsDirectoryObject2->setId('2c987843-e9b1-4b1a-b924-ff1d2a9b054d');
$administrationScopeTargetsArray []= $administrationScopeTargetsDirectoryObject2;
$requestBody->setAdministrationScopeTargets($administrationScopeTargetsArray);
$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->workflows()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
category = "mover"
displayName = "On Demand workflow move"
description = "Execute real-time tasks for employee job changes"
tasks = @(
@{
arguments = @(
)
description = "Send email to notify user’s manager of user move"
displayName = "Send email to notify manager of user move"
isEnabled = $true
continueOnError = $false
taskDefinitionId = "aab41899-9972-422a-9d97-f626014578b7"
category = "mover"
}
)
executionConditions = @{
"@odata.type" = "#microsoft.graph.identityGovernance.onDemandExecutionOnly"
}
isEnabled = $true
isSchedulingEnabled = $false
administrationScopeTargets = @(
@{
"@odata.type" = "#microsoft.graph.administrativeUnit"
id = "4f9dc456-0574-4122-9e55-8b4cc494b27d"
}
@{
"@odata.type" = "#microsoft.graph.administrativeUnit"
id = "2c987843-e9b1-4b1a-b924-ff1d2a9b054d"
}
)
}
New-MgBetaIdentityGovernanceLifecycleWorkflow -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.workflow import Workflow
from msgraph_beta.generated.models.lifecycle_workflow_category import LifecycleWorkflowCategory
from msgraph_beta.generated.models.identity_governance.task import Task
from msgraph_beta.generated.models.key_value_pair import KeyValuePair
from msgraph_beta.generated.models.lifecycle_task_category import LifecycleTaskCategory
from msgraph_beta.generated.models.identity_governance.on_demand_execution_only import OnDemandExecutionOnly
from msgraph_beta.generated.models.directory_object import DirectoryObject
from msgraph_beta.generated.models.administrative_unit import AdministrativeUnit
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Workflow(
category = LifecycleWorkflowCategory.Mover,
display_name = "On Demand workflow move",
description = "Execute real-time tasks for employee job changes",
tasks = [
Task(
arguments = [
],
description = "Send email to notify user’s manager of user move",
display_name = "Send email to notify manager of user move",
is_enabled = True,
continue_on_error = False,
task_definition_id = "aab41899-9972-422a-9d97-f626014578b7",
category = LifecycleTaskCategory.Mover,
),
],
execution_conditions = OnDemandExecutionOnly(
odata_type = "#microsoft.graph.identityGovernance.onDemandExecutionOnly",
),
is_enabled = True,
is_scheduling_enabled = False,
administration_scope_targets = [
AdministrativeUnit(
odata_type = "#microsoft.graph.administrativeUnit",
id = "4f9dc456-0574-4122-9e55-8b4cc494b27d",
),
AdministrativeUnit(
odata_type = "#microsoft.graph.administrativeUnit",
id = "2c987843-e9b1-4b1a-b924-ff1d2a9b054d",
),
],
)
result = await graph_client.identity_governance.lifecycle_workflows.workflows.post(request_body)
Resposta
O exemplo a seguir mostra a resposta.
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
"category": "mover",
"description": "Execute real-time tasks for employee job changes",
"displayName": "On Demand workflow move",
"isEnabled": true,
"isSchedulingEnabled": false,
"lastModifiedDateTime": "2025-01-09T15:28:24.0565594Z",
"createdDateTime": "2025-01-09T15:28:24.0565526Z",
"id": "465d0d08-3099-483f-9d93-16aad77bcd22",
"version": 1,
"administrationScopeTargets": [
{
"@odata.type": "#microsoft.graph.administrativeUnit",
"id": "4f9dc456-0574-4122-9e55-8b4cc494b27d"
},
{
"@odata.type": "#microsoft.graph.administrativeUnit",
"id": "2c987843-e9b1-4b1a-b924-ff1d2a9b054d"
}
]
}