Get Organization ID or domain from Azure AD Graph

0
votes

We're developing a multi-tenant SSO integration with Office 365 using the new OpenID implementation.

Once the access token has been retrieved, we call https://graph.windows.net/me?api-version=1.21-preview to get the user's profile information which gives something like the below - great.

{
    "odata.metadata": "https:\/\/graph.windows.net\/myorganization\/$metadata#directoryObjects\/Microsoft.WindowsAzure.ActiveDirectory.User\/@Element",
    "odata.type": "Microsoft.WindowsAzure.ActiveDirectory.User",
    "objectType": "User",
    "objectId": "GUID",
    "accountEnabled": true,
    "assignedLicenses": [

    ],
    "assignedPlans": [

    ],
    "city": null,
    "country": null,
    "department": null,
    "dirSyncEnabled": null,
    "displayName": "Tester A",
    "facsimileTelephoneNumber": null,
    "givenName": "Test",
    "immutableId": null,
    "jobTitle": null,
    "lastDirSyncTime": null,
    "mail": null,
    "mailNickname": "tester-a",
    "mobile": null,
    "otherMails": [

    ],
    "passwordPolicies": "None",
    "passwordProfile": null,
    "physicalDeliveryOfficeName": null,
    "postalCode": null,
    "preferredLanguage": null,
    "provisionedPlans": [

    ],
    "provisioningErrors": [

    ],
    "proxyAddresses": [

    ],
    "state": null,
    "streetAddress": null,
    "surname": "A",
    "telephoneNumber": null,
    "usageLocation": null,
    "userPrincipalName": "tester-a@test.onmicrosoft.com",
    "userType": "Member"
}

However, it doesn't seem to return any identifier or specific domain for the organization - other than the domain contained in the userPrincipalName field. Is there a better way to identify the organization (considering the organization may update test.onmicrosoft.com to a custom domain of test.microsoft.com)?

1
azureactive-directoryoffice365azure-active-directory

1 Answers

1
votes

Indeed. Use the tenantDetails API (https://graph.windows.net/{tenantDomain}/tenantDetails?api-version={version}), to get the display name of the directory and all verified domains associated with it. Documented here: http://msdn.microsoft.com/en-us/library/azure/hh974467.aspx.

Below is the trimmed output for my tenant.

Hope this helps.

  {
"odata.metadata": "https://graph.windows.net/dushyantgill.com/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.TenantDetail",
"value": [
  {
    "odata.type": "Microsoft.WindowsAzure.ActiveDirectory.TenantDetail",
    "objectType": "Company",
    "objectId": "62e173e9-301e-423e-bcd4-29121ec1aa24",
    "assignedPlans": [
      {
        "assignedTimestamp": "2013-09-17T01:01:58Z",
        "capabilityStatus": "Enabled",
        "service": "SharePoint",
        "servicePlanId": "a1f3d0a8-84c0-4ae0-bae4-685917b8ab48"
      } [SNIP]
    ],
    "city": "Redmond",
    "companyLastDirSyncTime": "2014-04-20T17:42:58Z",
    "country": null,
    "countryLetterCode": "US",
    "dirSyncEnabled": true,
    "displayName": "dushyantgill",
    "marketingNotificationEmails": [],
    "postalCode": "98052",
    "preferredLanguage": "en",
    "provisionedPlans": [
      {
        "capabilityStatus": "Enabled",
        "provisioningStatus": "Success",
        "service": "exchange"
      }[SNIP]
    ],
    "provisioningErrors": [],
    "state": "WA",
    "street": "[SNIP]",
    "technicalNotificationMails": [
      "[SNIP]"
    ],
    "telephoneNumber": null,
    "tenantType": null,
    "verifiedDomains": [
      {
        "capabilities": "Email, OfficeCommunicationsOnline",
        "default": false,
        "id": "0005000080186A52",
        "initial": false,
        "name": "dushyantgill.mail.onmicrosoft.com",
        "type": "Managed"
      },
      {
        "capabilities": "Email, OfficeCommunicationsOnline",
        "default": false,
        "id": "00057FFE803C0EDA",
        "initial": false,
        "name": "dushyantgill.org",
        "type": "Federated"
      },
      {
        "capabilities": "Email, OfficeCommunicationsOnline",
        "default": true,
        "id": "00053FFF80232F54",
        "initial": false,
        "name": "dushyantgill.com",
        "type": "Managed"
      }[SNIP]
    ]
  }
]

}