This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
rahultamgadge
rahultamgadge
New Member.
‎2018-10-03 19:12
446 views

Setting O365 license without real association

Hi,

In our environment, IDM provisions users to AD and DirSync pushes on-premise AD users into O365 (Synced with Active Directory). We want to use Office 365 driver to assign licenses the these O365 users, but there is currently no user association between O365 driver and O365 account.

It would be good to have association for each O365 user with IDM as a long term solution. Currently because of tight timelines I am trying a quick solution. DirSync runs every 30 mins, so thinking to schedule a job in O365 Driver that will read the email addresses for accounts created in IDM in last 30 mins and run a rule via trigger that can assign the license to user at O365 (assuming the user already exists in O365)

Can we assign user a license at O365 without real association? (like setting destination attribute "License" by writing directly into destination data store). I wrote below trigger. I think I am doing something wrong (mostly syntax) with the destination DN.

<description>Scheduled job for assigning O365 licenses</description>
<conditions>
<and>
<if-xpath op="true">self::trigger[@source='O365 License Update']</if-xpath>
</and>
</conditions>
<actions>
<do-set-local-variable name="targetUPN" scope="policy">
<arg-string>
<token-text xml:space="preserve">Some email address</token-text>
</arg-string>
</do-set-local-variable>
<do-add-dest-attr-value class-name="User" direct="true" name="LicenseAssignment">
<arg-dn>
<token-local-variable name="targetUPN"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">O365-Kiosk-License</token-text>
</arg-value>
</do-add-dest-attr-value>
</actions>
Labels (1)
0 Likes
Reply
Report Inappropriate Content
2 Replies
dgersic
Knowledge Partner
Knowledge Partner
‎2018-10-03 19:49

Re: Setting O365 license without real association

rahultamgadge;2488378 wrote:
Hi,

In our environment, IDM provisions users to AD and DirSync pushes on-premise AD users into O365 (Synced with Active Directory). We want to use Office 365 driver to assign licenses the these O365 users, but there is currently no user association between O365 driver and O365 account.

It would be good to have association for each O365 user with IDM as a long term solution. Currently because of tight timelines I am trying a quick solution. DirSync runs every 30 mins, so thinking to schedule a job in O365 Driver that will read the email addresses for accounts created in IDM in last 30 mins and run a rule via trigger that can assign the license to user at O365 (assuming the user already exists in O365)

Can we assign user a license at O365 without real association? (like setting destination attribute "License" by writing directly into destination data store). I wrote below trigger. I think I am doing something wrong (mostly syntax) with the destination DN.

<description>Scheduled job for assigning O365 licenses</description>
<conditions>
<and>
<if-xpath op="true">self::trigger[@source='O365 License Update']</if-xpath>
</and>
</conditions>
<actions>
<do-set-local-variable name="targetUPN" scope="policy">
<arg-string>
<token-text xml:space="preserve">Some email address</token-text>
</arg-string>
</do-set-local-variable>
<do-add-dest-attr-value class-name="User" direct="true" name="LicenseAssignment">
<arg-dn>
<token-local-variable name="targetUPN"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">O365-Kiosk-License</token-text>
</arg-value>
</do-add-dest-attr-value>
</actions>


Can you? Probably, yes. In the end, the driver shim just needs to know what object to modify, and what changes to make.

But, you probably shouldn't. If you're going to spend time working on it, do it right. The Azure driver supports running with DirSync, so start there, and work out the details of who gets what license and how from there.
0 Likes
Reply
Report Inappropriate Content
al_b
Knowledge Partner
Knowledge Partner
‎2018-10-03 23:09

Re: Setting O365 license without real association

dgersic;2488379 wrote:
Can you? Probably, yes. In the end, the driver shim just needs to know what object to modify, and what changes to make.

But, you probably shouldn't. If you're going to spend time working on it, do it right. The Azure driver supports running with DirSync, so start there, and work out the details of who gets what license and how from there.


Potentially it can work (O365 Driver SHIM just run in background PowerShell script), I agree with David: if you really need this functionality, try to use new Azure AD Driver.
Microsoft removed from public access some modules required for O365 driver and it makes this driver less and less reliable.
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.