I'm trying to add an Azure AD security group (without mail/upn) to a Devops Permission with the rest api.
Is this possible?
In this page https://docs.microsoft.com/en-us/rest/api/azure/devops/graph/users/create?view=azure-devops-rest-6.0#add-an-aad-user-by-oid I see the following
The body of the request must be a derived type of GraphUserCreationContext:
GraphUserMailAddressCreationContext - Create a new user using the mail address as a reference to an existing user from an external AD or AAD backed provider.
GraphUserOriginIdCreationContext - Create a new user using the OriginID as a reference to an existing user from an externalAD or AAD backed provider. GraphUserPrincipalNameCreationContext - Create a new user using the principal name as a reference to an existing user from an external AD or AAD backed provider.
The groups are created as universal security groups on our onprem AD, and synced to Azure AD.
I don't have a mailadress nor a UPN; but I can't find more info on what exactly OriginID is.
Edit; OriginID seems to work for a user, but not for a group.
OriginIDlooks should be theObject Idof the group, navigate to theAzure Active Directoryin the azure portal ->Groups-> find the group ->Properties-> try theObject Id. – Joy Wang