Automating Office 365 Group Access Requests in ADMP with ServiceDesk Integration
Use-Case:
This document describes a typical scenario where an organisation uses an Active Directory Management Platform (ADMP) and a ServiceDesk system to manage access requests for various resources, including Office 365 groups. The current process involves manually creating access requests through the ServiceDesk platform and then adding approved users to the corresponding Office 365 groups using ADMP.
Implementation Plan
Automating the user provisioning process upon request approval to ensure efficiency and accuracy in user addition to Office 365 groups, will be achieved through an integration mechanism established between ServiceDesk and ADMP, enabling seamless data exchange. Once a request is approved in ServiceDesk, the required user details will be automatically passed to ADMP, which will process the incoming data and automatically add the approved users to the designated Office 365 group without requiring manual intervention.
Steps to Configure:
- Download the attached scripts.
- Go to Admin > Developer Space > Custom Function > Global Functions > Copy & Paste the attached ADMP_Configuration.txt and save it with a name.
- We will need the ADMP hosted url, AuthToken and Domain Name for establishing the connection with ADMP and update those at LOC: 1-3 as per your instance.
- Set the return type to "Map" and copy the script from attachment. [FileName - ADMP_Configuration.txt] .
- Storing these informations as a global function will help us re-use these in other scripts as well.
- Refer to the screenshot below.
- Go to Admin > Developer Space > Custom Function > Approval > Copy & paste AddUserToO365Group.txt and save it with a name.
- Update the global function name at LOC: 1 as per your instance
- Updated the Group_matrix at LOC : 9 & APIField names which contain user name and required O_365_GroupName at LOC: 8 & 9 respectively.
- To get Group names and group IDs in ADMP.
- Go to Microsoft 365 >> Reports >> Group Reports >> All groups >> It contains id vs group name
- Provide required group names and group id at the group_matrix.
- Go to Admin > Automation > Custom Triggers > Approval > Configure the created custom function. Refer to the screenshot below.
Conclusion:
The automation of Office 365 group access requests through the integration of ServiceDesk and ADMP presents a significant opportunity for the organisation to optimise their access management workflow. By streamlining the user provisioning process, the organisation can achieve increased efficiency, reduced manual efforts, and improved accuracy in handling access requests, ultimately leading to enhanced user experience and improved IT service management.
New to ADSelfService Plus?
Related Articles
ADMP Integration - Add/Remove users from Groups
Use Case: Adding or Removing a user from a group is quite common. This process entails redundant work for the IT Department and its time consuming. This can be automated with ServiceDesk Plus’ in-product capabilities. Making use of the DRE in ...
ADMP Integration - Auto create User Accounts in AD
Use Case: In many organizations, the employee onboarding process requires the Hiring Manager to send the employee details to the IT team, who will add the employee to the organization's Active Directory. This time-consuming, human error-prone ...
ADMP Integration - Modify User Attributes (Department, Manager)
Use Case: Modifying User Attributes for a user account in AD can be automated with ServiceDesk Plus’ in-product capabilities. Making use of the DRE in ServiceDesk Plus, we can invoke a Deluge script which will unlock the user account in AD using ...
ADMP integration Issues with SDP MSP
Please check the below if you get any errors while doing integration 1) ADMP application must be accessible from the browser of SDP application server. Similarly, SDP application must be accessible from the browser of ADMP application server. This is ...
ADMP Integration - Delete an User
Use Case: While resigning an employee, the HR department sends the employee’s details to the IT department via email. IT department in turn, will delete the employee from the Active Directory. This process entails redundant work, its time ...