{
    "componentChunkName": "component---src-templates-docs-js",
    "path": "/connectorconfig/microsoft/14-psgraph",
    "result": {"data":{"site":{"siteMetadata":{"title":"OpenIAM Documentation v2026.5.2 | OpenIAM","docsLocation":""}},"mdx":{"fields":{"id":"6802e22d-934c-516a-8a40-3555a1557299","title":"Microsoft Graph PowerShell connector","slug":"/connectorconfig/microsoft/14-psgraph"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"Microsoft Graph PowerShell connector\",\n  \"metaTitle\": \"Microsoft Graph PowerShell connector\",\n  \"metaDescription\": \"This page describes how to install and configure Microsoft Graph PowerShell connector in OpenIAM.\"\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"p\", null, \"Microsoft PS Graph OpenIAM connector is an agent that allows managing Entra ID identities from OpenIAM by running Microsoft Graph PowerShell module. More on this module can be found in the respective \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://learn.microsoft.com/en-us/powershell/microsoftgraph/?view=graph-powershell-1.0\"\n  }, \"Microsoft Graph PowerShell documentation\"), \".\"), mdx(\"div\", {\n    style: {\n      \"border\": \"1px solid #169998\",\n      \"marginTop\": \"15px\",\n      \"marginBottom\": \"15px\",\n      \"paddingTop\": \"10px\",\n      \"paddingBottom\": \"10px\",\n      \"paddingLeft\": \"5px\",\n      \"paddingRight\": \"5px\"\n    }\n  }, mdx(\"span\", {\n    style: {\n      \"color\": \"#169998\",\n      \"fontWeight\": \"bold\"\n    }\n  }, \"Note:\"), \" Entra ID is previously known as Azure AD.\"), mdx(\"p\", null, \"Connector is provided as a template that allows to use most common operations such as:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Creating and modifying users in Entra ID (formerly known as \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"Azure AD\"), \").\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"License management for end users (adding, removing, setting granular permissions for products within license packages).\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Resetting passwords.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Suspending/resuming users.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Removing users.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Synchronize users from Entra to OpenIAM.\")), mdx(\"p\", null, \"Connector business logic is an open source and could be easily customized. So, above list of actions is just a list of most typical actions that are required in majority of environments. However, one can easily adjust connector to work with other entities by using other cmdlets of \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://learn.microsoft.com/en-us/powershell/microsoftgraph/?view=graph-powershell-1.0\"\n  }, \"Microsoft Graph PowerShell documentation\"), \".\"), mdx(\"h2\", null, \"Prerequisites\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Windows Server 2016 or upper OS (from the 'server' family).\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \".NET 4.8 or any newer version from a 'Classic' .NET family.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Microsoft Graph PowerShell module should be installed (see 'Preparing Environment' section for more details).\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Connector machines should have internet connection enabled to be able to connect to Azure tenant via Microsoft Graph PowerShell module.\")), mdx(\"h2\", null, \"Preparing environment\"), mdx(\"p\", null, \"In this scenario we assume that you run installation on a \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"clean instance of Windows Server 2016\"), \" (which is a minimum required version of Windows Server to run a connector). To prepare the environment follow the steps below. \"), mdx(\"h3\", null, \"Installing .NET 4.8\"), mdx(\"p\", null, \"You can check \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://learn.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies\"\n  }, \"Microsoft documentation\"), \" to check what .NET Framework version is installed by default on your OS version.\"), mdx(\"p\", null, \"Like mentioned earlier in our installation scenario Windows Server 2016 is used, so .NET 4.8 is not available out of the box. To install it you need to go to official Microsoft download page \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://dotnet.microsoft.com/en-us/download/dotnet-framework/net48\"\n  }, \"Download .NET Framework 4.8\"), \" (this link is valid as at the time of writing of this article - February 2024; if it is not available - please search official Microsoft resource for downloading .NET 4.8) download installation Runtime installation package and install it.\"), mdx(\"h3\", null, \"Installing Microsoft Graph PowerShell module\"), mdx(\"p\", null, \"Before installing a module it is possible to check if it is already installed. You can open PowerShell console and run:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-Module Microsoft.Graph -ListAvailable\\n\")), mdx(\"p\", null, \"If you would have an empty result like below - the module is not installed.\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"730px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/1f9fe5b28e1dfe8122e7a5cde7227b4a/e9beb/14-psgraph-01-available-response.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"10.424710424710423%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAACCAYAAABYBvyLAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAl0lEQVQI10XDOQ/BYACAYUd1aEinUneEHnEPaB0lwthYnJ8BQ0sQYvPzX6MneSLd1ZesG2Iu3pS9O5XZk+r8he6cyY98ihOf3NBH61/Q3Su6E6C7IelBgGTuSbWOJJsCtX1EqQsixvKD2jlRnj7IOAGF8Y2Sd0frXVAaW2R7jWxvkKw9si2QrAMJS5CwBdHajrjxHzN2/AAR3EFAknhjswAAAABJRU5ErkJggg==')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Command response\",\n    \"title\": \"Command response\",\n    \"src\": \"/docs-2026.5.2/static/1f9fe5b28e1dfe8122e7a5cde7227b4a/e9beb/14-psgraph-01-available-response.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/1f9fe5b28e1dfe8122e7a5cde7227b4a/a2ead/14-psgraph-01-available-response.png 259w\", \"/docs-2026.5.2/static/1f9fe5b28e1dfe8122e7a5cde7227b4a/6b9fd/14-psgraph-01-available-response.png 518w\", \"/docs-2026.5.2/static/1f9fe5b28e1dfe8122e7a5cde7227b4a/e9beb/14-psgraph-01-available-response.png 730w\"],\n    \"sizes\": \"(max-width: 730px) 100vw, 730px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"If the output is different and you get details about a module that is already installed - you can skip this step.\"), mdx(\"p\", null, \"To install Microsoft.Graph module run the following command.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Install-Module Microsoft.Graph -Scope AllUsers\\n\")), mdx(\"p\", null, \"Once a module is installed you can verify installation using the command listed at the beginning of this step. The output should be similar to one depicted below (versions may vary).\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"891px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/83fc30235949c2c6e1b8b0fbaf37c78f/b7877/14-psgraph-02-connector-version.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"20.077220077220076%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAECAYAAACOXx+WAAAACXBIWXMAABYlAAAWJQFJUiTwAAAA6UlEQVQY0y2QS2+CUBCFr4+kRqtI8FHUtKaKTRXxrWibLrpu0qQKGiAGFKUb///ymBlYfLk3mZlz5oyoLs6oL0M0NxFU8wLVjFCZ79D++kFj84v6KoBqXkF91FPQXRR1ByXDhWS4yGh7JtW1GSHaWxSNIwq6h2zvgNLoCGkcID/wIY3PUGYnKLOAKU981JYh5GkAmhMvf/FLdKxYsLG+guBNVyFyfQdP5gWPQw+prhVv0EtI/mnNRnV+4kS0Nc1n3w4sKrTvG54//9mdig/vDp+g9RFBnvpsQiLi1YoHEvK6x8koEUFmVLsDqHx/WcU4oDgAAAAASUVORK5CYII=')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Connector version\",\n    \"title\": \"Connector version\",\n    \"src\": \"/docs-2026.5.2/static/83fc30235949c2c6e1b8b0fbaf37c78f/b7877/14-psgraph-02-connector-version.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/83fc30235949c2c6e1b8b0fbaf37c78f/a2ead/14-psgraph-02-connector-version.png 259w\", \"/docs-2026.5.2/static/83fc30235949c2c6e1b8b0fbaf37c78f/6b9fd/14-psgraph-02-connector-version.png 518w\", \"/docs-2026.5.2/static/83fc30235949c2c6e1b8b0fbaf37c78f/b7877/14-psgraph-02-connector-version.png 891w\"],\n    \"sizes\": \"(max-width: 891px) 100vw, 891px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Troubleshooting tip #1\")), mdx(\"p\", null, \"If you run the command above and got the following error\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/6ed8200beba06c3721e1a77230015d07/b1584/14-psgraph-03-error.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"71.04247104247105%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAOCAYAAAAvxDzwAAAACXBIWXMAABYlAAAWJQFJUiTwAAADaklEQVQ4yz2S32tbdRiHvzZJ0yQnJ+ec5JwkJ/me5OTXyc+mabM2zVo3iLZdUaxUunZ01GHnWrtN8UIE2ZVWmRPWbuBExjYLXkzQOrHMf8C/65GE4sXDBz4XL+/78oiHL/7h+PlfHD//m4fPfufRL7/y9LdTHp+c8ejkNUcvzvjh6Ssen7zm+59fcfjjH3z75PR/Dp+c8t1Pf3Lv6CUvz/5FTK5+QeHyp+Qv3cV763Pcy3dwFg/ILd7GuvAxmf4+mf4nI+Izu6R6e8S7NzGmd4k0d4hN3UBpbiOc91nfv4+Y39il8+4tpt+5RX/9gNn39mgtf8Tkyi7N5RtUBx9SurSNu3gNe+4q2fmryP4muYVrOBe3yfZ3SPb3GKtus/XZEWK5rtLPBph2DDqlBG03QVPGKWbjtPIGDalTyeiUszGKaY1qVqXpKFTsKLbpYMQKJBNtxMQkGwf3EdVghKoQ1MZCNH0K02MRur4IU75hKvT8yqiv+RRmfGFKQYuU1kRqDfTkRWLZtzGcAWPRWbb2DxFpJUYtoJCbMJDjKkZUYutVpFbB0j2Smkda8zC1CnasjJnoYKXmMVM9UslZTLNLOj1HMFjl+s2vEJ24xFMcSnqFqlbG08oUtTKOVsbVyuTOkVqZglYmHyvgqi6umsNKtNFSfUy7j4jOsXH7AUIGw7jDk4VgSgi6QjAvBLPndM/76fO+4lOx1Spu1CNqD/AX1okU1xDGgM3hD3P5DNIukZINVFlHkXVsWSdtV7GlRzLjYWc9MlmPtO2RkTVyTh1H1rFyM2jpC+jOAKH22Nr7GjHwDOaTAbrJIL10gDeTAdrmOCU7QTNnUXMsGtKi6lh4mWGaVFyLsmORlG1i9jyR4cD4Eh/cPUY4gSBtIagLQVH4aQk/0yJA3a9RDxhUAvoIN2DQ8muklSKatUDcWhidHHKuEMuvIGJ9Nve/QWR1m/q4Tj5WJGp2CJsdLLMzcstKTJKMt0aY8RapIYn2CJlo48Rb2EYDx2yj+vNc3/0S0VUMJsdClMIpKmqBiuoiVZdSNI/Ua0w4q6Mtos4qEecKqlwiLJeIyCUUuUzYWSHkriJiC2zdeYAw3xhjciS2D8sfwvJPUPOHqPmCuOMqll4jrddGblpGAz3VG6kyzFB2gCis4S+tIcwlVnfu8R/N16vZLMqRXAAAAABJRU5ErkJggg==')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Error\",\n    \"title\": \"Error\",\n    \"src\": \"/docs-2026.5.2/static/6ed8200beba06c3721e1a77230015d07/e3189/14-psgraph-03-error.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/6ed8200beba06c3721e1a77230015d07/a2ead/14-psgraph-03-error.png 259w\", \"/docs-2026.5.2/static/6ed8200beba06c3721e1a77230015d07/6b9fd/14-psgraph-03-error.png 518w\", \"/docs-2026.5.2/static/6ed8200beba06c3721e1a77230015d07/e3189/14-psgraph-03-error.png 1035w\", \"/docs-2026.5.2/static/6ed8200beba06c3721e1a77230015d07/b1584/14-psgraph-03-error.png 1342w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"This most probably means that you are not using at least TLS 1.2 and you need to configure it for your session. So, run the following commands.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"[System.Net.ServicePointManager]::SecurityProtocol =\\n[System.Net.SecurityProtocolType]::Tls12\\n\")), mdx(\"p\", null, \"And repeat the installation command.\"), mdx(\"h3\", null, \"Registering connector application\"), mdx(\"p\", null, \"Microsoft Graph PowerShell module is designed to be used either by end users in the interactive mode or automated scripts/applications. In this case OpenIAM connector is a standalone application and should be registered as such inside Entra tenant. Unlike several older Microsoft PowerShell modules for Entra where it was enough to authenticate using just username and password, this module (while running in app-only mode) requires a bit more complex steps that include certificate generation and application registration. Despite some one-time configuration efforts, this approach is a lot more secure.\"), mdx(\"h3\", null, \"Generating application certificate\"), mdx(\"p\", null, \"First, you need to generate a self-signed certificate - this certificate will be used for application registration.\\nRun below commands in PowerShell, but set your own certificate name that makes sense for your environment. Also, in the example below a 10-year certificate with a key length of 2048 was created, an exportable one. You may adjust settings if needed. \"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"$certname = \\\"OIAM_Test1\\\" #Give your certificate name\\nNew-SelfSignedCertificate -Subject \\\"CN=$certname\\\" -CertStoreLocation \\n\\\"Cert:\\\\LocalMachine\\\\My\\\" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -\\nKeyAlgorithm RSA -HashAlgorithm SHA256 -NotAfter (Get-Date).AddYears(10)\\n\")), mdx(\"p\", null, \"After executing the command above you will see the output that proves that certificate is created.\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/1008f34149e4bd78209d7fc735b93a8e/b1001/14-psgraph-04-certificate.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"18.532818532818535%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAECAYAAACOXx+WAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAzklEQVQY032NywsBURjFr8hjPEdKVl5DHmNmDCUbxJaSvJ8zkoXXiuKvP/ruDGVjcTq/ft3vXFYfPtEYvaD1H9AGD95q/w7yqfaZR+pekWydkO5YnOvdLN+7cSafaB4RVLdgnuISvvIK1N7SEoLNH++X1wgqGwSUDQR5/X3nLix4UzzFBVz5OVh2AiZ1LxCrBkTdQLRmIlbfI6ztkGqdEG8cEKhYQ+ToA5Yeg2UoE7tt5mNTMDqisUjVQEjdcqaRqG5C1E0487OfQ4c0/Zs3C7mB65ghOVMAAAAASUVORK5CYII=')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Certificate created\",\n    \"title\": \"Certificate created\",\n    \"src\": \"/docs-2026.5.2/static/1008f34149e4bd78209d7fc735b93a8e/e3189/14-psgraph-04-certificate.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/1008f34149e4bd78209d7fc735b93a8e/a2ead/14-psgraph-04-certificate.png 259w\", \"/docs-2026.5.2/static/1008f34149e4bd78209d7fc735b93a8e/6b9fd/14-psgraph-04-certificate.png 518w\", \"/docs-2026.5.2/static/1008f34149e4bd78209d7fc735b93a8e/e3189/14-psgraph-04-certificate.png 1035w\", \"/docs-2026.5.2/static/1008f34149e4bd78209d7fc735b93a8e/b1001/14-psgraph-04-certificate.png 1380w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \"), \" \"), mdx(\"h3\", null, \"Running registration script\"), mdx(\"p\", null, \"When certificate is created, go to official Microsoft documentation page to take a registration script to run \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://learn.microsoft.com/en-us/powershell/microsoftgraph/app-only?view=graph-powershell-1.0\"\n  }, \"Use app-only authentication with the Microsoft Graph PowerShell SDK\"), \". This link is valid at the time of writing of this article (February 2024), if link is no longer available - please search for the respective section at the official \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://learn.microsoft.com/en-us/\"\n  }, \"Microsoft documentation portal\"), \".\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/0f9304f95f29a2c966dea72ed4dc0657/280a1/14-psgraph-05-registering.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"42.471042471042466%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAABYlAAAWJQFJUiTwAAABUUlEQVQoz21SW26EMAzk3r1Nj9Bqd0+y/enPUh7JkpIXEEJ4TGVTkCrV0siO5Yw9TrKUEsZxRAgBMcYTxnlo62FdB2sdrLVwzqHrOnjvuX6aprN+WRas64rsINq2jRPkqQFdMr8kFJM3xpxEVPufZUdXmvToJEQNISrkeY6qqiCEwOPx4LPWmmuIdJoS36N4npedkKRQZypMaeYJ+z7C2BmOZOsW1hi0bQvvHTcdx4AQBsQ4ckwgYmBDNs8zCEeCLMVPePGC4C4I7obBkr9isFdYdYFRN3T6HaO7YHRXRvRv2OYcGckl7BIi1g1YkkRTvMLZJ/o+oO/78zH+omPQ2rQ2vIqsrmtIKTEMAye2bWXSryKgKAWkELzDRjW8Ft22O3S7n7XmdSilWCU/yiH7MNpjVRW4f9whyhJNWeJbSlilYJ5PaCmhm2b/Rr/TkgKa8AdekmQZwjvdfAAAAABJRU5ErkJggg==')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Registering\",\n    \"title\": \"Registering\",\n    \"src\": \"/docs-2026.5.2/static/0f9304f95f29a2c966dea72ed4dc0657/e3189/14-psgraph-05-registering.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/0f9304f95f29a2c966dea72ed4dc0657/a2ead/14-psgraph-05-registering.png 259w\", \"/docs-2026.5.2/static/0f9304f95f29a2c966dea72ed4dc0657/6b9fd/14-psgraph-05-registering.png 518w\", \"/docs-2026.5.2/static/0f9304f95f29a2c966dea72ed4dc0657/e3189/14-psgraph-05-registering.png 1035w\", \"/docs-2026.5.2/static/0f9304f95f29a2c966dea72ed4dc0657/280a1/14-psgraph-05-registering.png 1545w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"Follow Microsoft documentation guidelines and save the script for executing. To prepare for executing the script you will need to export the certificate (not the public key, just a certificate) that you've just created on the previous step. To do this you need to go to the certificate console, select the certificate and press \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"Export\"), \" like shown below.\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/614d9101372c391dd2bcf8aa657c6fb6/76a99/14-psgraph-06-exporting.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"45.55984555984556%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAJCAYAAAAywQxIAAAACXBIWXMAABYlAAAWJQFJUiTwAAABnUlEQVQoz32Sa4vTQBSG8/vVr11/igviZVdZsVgvaN2mZpM07WSYXGaaW625PZLB4IKsAw+HcxhezuV1xO13siwn1waVZMgkQ6U5WZ5jdI7WmuPxiDGGoizp+p626+i6zsaZOXe8jU+SxgQHSZIb0nCHkoK7ncDfK7rzT4auZeh+wdACPYwT3V/mGj1OLAOi0CeI9uiyxqiEqiyQqeaju0fkFbFuEPrEWjYsfyhWfso3eeKLqPkaN3zwc967gpuNxKkLTaZCxOFAVZU0pxN9P3A8Gvvp9SZhuSu58TQXbySL65iL6wOPX+x59DziyUvB4q1i8WrH03c5zrS/MAyI45g4liil7E7LwvA5yHh2teZqtWMZVnZ0GP6M3t1jroGTpim+71s8z2O73SKEoKwqTJ4hN7dUsaCuStv5CP8wjHMccaZruq7LxnWt4HTRoihs1MbgBSEySSjLSbC3XYzj+CBOsloRXl6i1mvSySKTPWZBrdlHEVmW2dp9wYeeU/t3qE9XRJ6HHwTWb8MwUDcNbdtyPp+t0OSzWeh/gr8BalSnW383rv4AAAAASUVORK5CYII=')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Exporting\",\n    \"title\": \"Exporting\",\n    \"src\": \"/docs-2026.5.2/static/614d9101372c391dd2bcf8aa657c6fb6/e3189/14-psgraph-06-exporting.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/614d9101372c391dd2bcf8aa657c6fb6/a2ead/14-psgraph-06-exporting.png 259w\", \"/docs-2026.5.2/static/614d9101372c391dd2bcf8aa657c6fb6/6b9fd/14-psgraph-06-exporting.png 518w\", \"/docs-2026.5.2/static/614d9101372c391dd2bcf8aa657c6fb6/e3189/14-psgraph-06-exporting.png 1035w\", \"/docs-2026.5.2/static/614d9101372c391dd2bcf8aa657c6fb6/76a99/14-psgraph-06-exporting.png 1117w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \"), \"\\n\", mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"802px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/1a62f7407873c9083f2285f91dea9015/5a6dd/14-psgraph-06-exporting2.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"60.61776061776062%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAMCAYAAABiDJ37AAAACXBIWXMAABYlAAAWJQFJUiTwAAABa0lEQVQoz42T6W7CMBCEef9HA3EI8YtTgGgSx4QjLXF8TTUODgRaCUuj9SF9O7ub9LT10BYwHrAArH+otg61+UzKWBRlhV6tanz/XJDnAmmaQogMuRCQeQ7vHJrlP5LSFj1jDLTRqOsaVaWglMLtdguy1sI515G17u2O8t6jIpD5nfMBaK0BE3yyCHjsm8jSA5CwxWKB6XSK8XgMIQTyPA9iG6SUQTwnSYLL5dJCozrAeBEftW5aEOPzvqqqsH8Fsj2hhxFWliUOh0Nwl2VZcMZIR3TGe+p0OrVuo45FEepWdBiBLGM+n2O/32O322Gz2WC73WK1WrXn5XIZktAlxQFSdN6WHIF8ODM7s7KHd6ciy1Ber8FZURTBJcv7a7UOI/RclkikRHY8IpUSX0KEqJ8m+jzl16G8AY/rNZJ+H6fZDNloBDmZIB0OkQ4G0OwTQfdv7nWYHSAbGq5YilJdsT9KwRvT/A//uI3AX4nXpG+eevswAAAAAElFTkSuQmCC')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Exporting2\",\n    \"title\": \"Exporting2\",\n    \"src\": \"/docs-2026.5.2/static/1a62f7407873c9083f2285f91dea9015/5a6dd/14-psgraph-06-exporting2.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/1a62f7407873c9083f2285f91dea9015/a2ead/14-psgraph-06-exporting2.png 259w\", \"/docs-2026.5.2/static/1a62f7407873c9083f2285f91dea9015/6b9fd/14-psgraph-06-exporting2.png 518w\", \"/docs-2026.5.2/static/1a62f7407873c9083f2285f91dea9015/5a6dd/14-psgraph-06-exporting2.png 802w\"],\n    \"sizes\": \"(max-width: 802px) 100vw, 802px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"You will need the certificate path for executing a script. Run the script that was saved on a previous step. To do this you can open PowerShell console and run the command\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \".\\\\[SCRIPT_NAME] -AppName [NAME_YOU_GIVE_AN_APPLICATION] -CertPath [PATH_TO_EXPORTED_CERTIFICATE]\\n\")), mdx(\"p\", null, \"After specifying those parameters, the script will open a browser window for authentication. You should have sufficient permissions to register applications inside your Entra tenant. If everything is fine you will see the summary of registration similarly as below.\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/da7659b588f29aae06f4d380a348b5e1/60a1a/14-psgraph-07-authentication.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"59.84555984555985%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAMCAYAAABiDJ37AAAACXBIWXMAABYlAAAWJQFJUiTwAAACV0lEQVQoz42SWVMTQRSFG9BsxJiEzaApWQLZlwlbkBASAQGl3FgmG5lJhjWEoGAhvuiL+rc/a2YQodAqH07de6u6T5++54jYmwv8hSajqx8ILJ3gy+xiixfxTm3SO71Fz/Q2nrSMK1GlZ6LOw5RiwB6tYAnKdAVlRKhIR6hoVDFf/MrQ/BHBpTbxl+fEVs+IrpwxvviRwcwhrqSKLVKlO7aDM1Gjc0xGDG8gRrYQoyY6btb468/0ZvbwF1o8njsgkD9meKFJ32Qdd6qGR1JwRCtGfz9YNIg6x7bpCPwdwrlxiZhvIgptRLaJSNURkQoiqZq91DB7HXofKiFGNk11ukq9v4X1Gs7kBu6ETO+kjFuSeZCQ8UgmXEkZr7SN92p2REpYg8Vr2CNlrOE/EDPlL4y8OKIvp+HLawzkGgxkNQYXNHwLGv05jcG8CX32PNvHkz3EPbOLe3afnpldvGl9PQquZA0ReHVBf7ZJf+6YgVwLx4SGJaFgTapYUnXs6Qb2tMa9uEJXvIYlpWKbbGBNKVgkFWusij1SwRYpY9HXkS99wyspCP9bxNB7Qott0uufGCu0GF1oElw8Ibzcxiup2MPmd/VqC5Wwh8vGl3Uyw319r0vKd4LLp0RXz3iU2ePJ3AFDuabhuFtSjcPduopo1cyeThStYNWJoroyU13XuGy6vNb4SeB56zqs/uwhoeVTnuaaBrlvdt94SL8ohn+7u3nX4assipX6D6bfXeKRVCOweu2b0gxyg+DGhX9l71YOo2vn+DJ7uJIKzviOQeaIVQ2SO4f/g/QXh0ODJ4q6HrgAAAAASUVORK5CYII=')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Authentication\",\n    \"title\": \"Authentication\",\n    \"src\": \"/docs-2026.5.2/static/da7659b588f29aae06f4d380a348b5e1/e3189/14-psgraph-07-authentication.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/da7659b588f29aae06f4d380a348b5e1/a2ead/14-psgraph-07-authentication.png 259w\", \"/docs-2026.5.2/static/da7659b588f29aae06f4d380a348b5e1/6b9fd/14-psgraph-07-authentication.png 518w\", \"/docs-2026.5.2/static/da7659b588f29aae06f4d380a348b5e1/e3189/14-psgraph-07-authentication.png 1035w\", \"/docs-2026.5.2/static/da7659b588f29aae06f4d380a348b5e1/60a1a/14-psgraph-07-authentication.png 1321w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \"), \" \"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Troubleshooting tip #2\")), mdx(\"p\", null, \"If you get below error message while trying to run the registration script\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"906px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/6e1da511d3a4acd316d3538555b47c47/6029f/14-psgraph-08-error.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"66.02316602316603%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAANCAYAAACpUE5eAAAACXBIWXMAABYlAAAWJQFJUiTwAAADBElEQVQ4y32RXUxTZxjH31rxYguiojKDGRR7ihKgLRYq2YTVjhk3vuRzlAIiTPdh1Tk/trgF58Xutqtdb/FOE7ddLfFu2Rc3kmzOj5iJCmuhh0MR7GkHLYf9zHnLUGPiSf553uefnN/7f55X3JuIMzMbR9cTUjMP5lC1GSnTn32oM/swsSx9RQ/mdObiiWckOkJf4Q9+ji8wRF3vearbzuKqP4Wn+QwVjafxtnwi+9J9J3A3nGZnU8avbP4Yhz+E7bUjFPpCFPmOSAmb7z1ynH1sqhwgd+dBtlQfIru8F2tJF5bSAFnl3axx97DaGZQ1yxVkjSuItSyAKO5EKK2stu9HKG2IghZE/eAXKP6jMoXzrZOU7P2Qbb4Qij9EQc37FNcdw1l/Ul60zn2ADRX9ZHsGeMHZR76jBcXeyAalFYvSySqlMwMsf/MjbLUf4Gk6g7InxIulQZlyrbOXda4+sst65HltWQ+WHd3YC/bhffl1NtqaEEXtCHsHlm2ZKioaT5HnHWS9+wBbX3lXplL8xyisNXcSYsfeE9j3HGX7G8dl+txdh6lyNLC7uIFVJUGsxV0SZjGhJnBz1QCisDUTt6CFHFc/l678yvDIX/w+cpPfrl5n5PodbtwJS90aDXNtdIJrf4cZj2ic//o7RH4zVqUzAzTTCVurNExgnvcdIlqcRQNSi7CQhvkUsk8bsJACw4Dk/BLmd/HHYcRLDVgdy8Cc8m65h/8Tbq4a5Pa9KBPqDJFojH8mNKnI5DSRyRhjYY3w5DR3x1XgPy788AtiS+Nj4EZPP8LWtpxwP3m7DvHnjduM3b/L1JTK1FSUaHRSnqenNTRNJRbTiEajGOkk337/89PAPHOHT4y8qXKQ+2GVf5NJFg2DpaUlDONJGdJfSKXlyN9c/un5wFzPQcYiKunUPPF4nISeka7HSSZ0xtUYV2+OMvzHLUYjKl9euILIb3r8KOvdvXJk2RS1k7W9i+r2T6kNnKMmMETNSh2S3qtvD1Hd8RnetrPsDpzDUXd85X+T8QgDJ28g59YhEwAAAABJRU5ErkJggg==')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Error\",\n    \"title\": \"Error\",\n    \"src\": \"/docs-2026.5.2/static/6e1da511d3a4acd316d3538555b47c47/6029f/14-psgraph-08-error.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/6e1da511d3a4acd316d3538555b47c47/a2ead/14-psgraph-08-error.png 259w\", \"/docs-2026.5.2/static/6e1da511d3a4acd316d3538555b47c47/6b9fd/14-psgraph-08-error.png 518w\", \"/docs-2026.5.2/static/6e1da511d3a4acd316d3538555b47c47/6029f/14-psgraph-08-error.png 906w\"],\n    \"sizes\": \"(max-width: 906px) 100vw, 906px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"Before running the registration script, try setting TLS 1.2 protocol for this session as follows.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"[System.Net.ServicePointManager]::SecurityProtocol = \\n[System.Net.SecurityProtocolType]::Tls12\\n\")), mdx(\"h2\", null, \"Granting admin consent and adjusting application permissions\"), mdx(\"h3\", null, \"Granting admin consent\"), mdx(\"p\", null, \"First, log into Azure portal and navigate to App registrations \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade\"\n  }, \"https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade\")), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/25316aa0f804f3aba7faa887c8f77980/bf8c1/14-psgraph-09-app-registration.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"48.64864864864865%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAKCAYAAAC0VX7mAAAACXBIWXMAABYlAAAWJQFJUiTwAAABpElEQVQoz42SW28aMRBG9/eCgCfUvpBnflEa2tImaR9bKWqlchMgCCW7YZfsxfbaezvVmgKRykM/62hmPntGsmXnx8MD8/VvPM9js9mw3W5ZrVaMRiOm0ynj8fjEbDZjuVyyWCz+ofZrnO6bt/R6PXpXV7TbbZrNJq1Wi06nQ6PRoN/vM/z4gXfX1wxubng/GPBpOOT+7pa72898/XJv97rdru1xRqMJ88mE+XjM43qN7/sEQWCjv9sRhiFGa3SaorUmVcrWxhhb17H26vO73Q7HBAHx5hHheqRCUKssCirOyvKcLC/JM2N9k2U2vyRHZhCrjEQXRNIQS02UpEQiJRb6L3VtrCfTnEQZhDKkpjih9AHnOcxwfYHnJ3iBwA0S3GPun3NvL3kKFEFszkTaxv0rz4mE5HkfY7IcISW6fhtjSIQgzw9Xz4qSquK/5PgyZ/siCWV2QOWWF3XIo7RgFwqUzmxDVVUnLg6MXRfvyUXmJeWpgROvdRxyjEop+wukEBRFYXHM92/EP38R+SEyCKnqVZYHqpKyvEw99DgwSRKEELb+A/R87CSEjQ87AAAAAElFTkSuQmCC')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Apps registration\",\n    \"title\": \"Apps registration\",\n    \"src\": \"/docs-2026.5.2/static/25316aa0f804f3aba7faa887c8f77980/e3189/14-psgraph-09-app-registration.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/25316aa0f804f3aba7faa887c8f77980/a2ead/14-psgraph-09-app-registration.png 259w\", \"/docs-2026.5.2/static/25316aa0f804f3aba7faa887c8f77980/6b9fd/14-psgraph-09-app-registration.png 518w\", \"/docs-2026.5.2/static/25316aa0f804f3aba7faa887c8f77980/e3189/14-psgraph-09-app-registration.png 1035w\", \"/docs-2026.5.2/static/25316aa0f804f3aba7faa887c8f77980/44d59/14-psgraph-09-app-registration.png 1553w\", \"/docs-2026.5.2/static/25316aa0f804f3aba7faa887c8f77980/bf8c1/14-psgraph-09-app-registration.png 1722w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"Here, you will be able to find the application that you have just created on the Step-3. In this case it has a name \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"Graph_Documentation\"), \". You can go to the application page and select \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"API Permissions\"), \".\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/a303e9f69f6fbf37491ae33a85c4cf87/6274f/14-psgraph-10-api-permissions.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"37.83783783783784%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAABYlAAAWJQFJUiTwAAABI0lEQVQoz52R227kMAxD8/9/uPvaTptMknHiq+TYPkU83WCBog+tAEIQLBKmOLxMK++L4XZfeZs3Nuvw3pNzprX2YwwxBFQElYRIJEnCh8CRld/UEEK4hj1WNq/sHdK7DRkXv8Nx9efewWCt6/bOMk6YFstifBd8WMHGg5AK7kT8h+MLfCp4qQzmYS7BbTPcp5F1XdisZQsJ4yPGRVxIZBVUhZy1n0T7rIgIrZan5fs8E2OE1vAhsqwrft9x44gdJ9aXV7Io9dxuz9OcAikl9OSdn6m1P/VQxr9/CPvWQ1E9MP6glEpOCb9vOGPIqleKtVY0Zw7vSNMb0RhknqmfLgf5L5TaGpJrJ56kEGPH6aCUcgmWWqn7jr6/Eh8P5HajiXTBD0isb8LeJXDOAAAAAElFTkSuQmCC')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"API permissions\",\n    \"title\": \"API permissions\",\n    \"src\": \"/docs-2026.5.2/static/a303e9f69f6fbf37491ae33a85c4cf87/e3189/14-psgraph-10-api-permissions.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/a303e9f69f6fbf37491ae33a85c4cf87/a2ead/14-psgraph-10-api-permissions.png 259w\", \"/docs-2026.5.2/static/a303e9f69f6fbf37491ae33a85c4cf87/6b9fd/14-psgraph-10-api-permissions.png 518w\", \"/docs-2026.5.2/static/a303e9f69f6fbf37491ae33a85c4cf87/e3189/14-psgraph-10-api-permissions.png 1035w\", \"/docs-2026.5.2/static/a303e9f69f6fbf37491ae33a85c4cf87/44d59/14-psgraph-10-api-permissions.png 1553w\", \"/docs-2026.5.2/static/a303e9f69f6fbf37491ae33a85c4cf87/a6d66/14-psgraph-10-api-permissions.png 2070w\", \"/docs-2026.5.2/static/a303e9f69f6fbf37491ae33a85c4cf87/6274f/14-psgraph-10-api-permissions.png 2098w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"As it can be seen from the above image, your application is not granted consent by default, so to make it operational you need to press on \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"Grant admin consent for openiamdemo\"), \". Once you do it, your application (and connector) would be able to perform operations listed in API permissions.\"), mdx(\"h3\", null, \"Setting API permissions\"), mdx(\"p\", null, \"By default (as you see on above screenshot) you get read permissions. If you need a connector only for reading data, for example loading objects to OpenIAM without following modification, that permission looks good. However, to be able to modify users you need to have different permissions like:\\nUser.ReadWrite.All\"), mdx(\"h3\", null, \"Setting other permissions\"), mdx(\"p\", null, \"Unfortunately, not all permissions can be set directly through \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"API permissions\"), \" page. There is no way to grant permission for your application for resetting user password using that page. By default only applications that run in interactive mode can do that. However, there is a workaround. You can grant your application a \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"User Administrator\"), \" object role. If you would like to do this you can use \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Add-AzureADDirectoryRoleMember\"), \" cmdlet from the \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"AzureAD\"), \" PowerShell module.\\nTo use it make sure that \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"AzureAD\"), \" module is installed.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-Module \\u201CAzureAD\\u201D -ListAvailable\\n\")), mdx(\"p\", null, \"If no module is available you need to install it.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Install-Module \\u201CAzureAD\\u201D\\n\")), mdx(\"p\", null, \"When module is installed, run\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Connect-AzureAD\\n\")), mdx(\"p\", null, \"After, you will see an authentication window and will need to log in using an account that has permissions to assign roles.\"), mdx(\"p\", null, \"Get application (client) ID for the next command.\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/1d94edd00e7c9dbad4806cdd1f7d8b61/d073d/14-psgraph-11-get-ID.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"55.21235521235521%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAABYlAAAWJQFJUiTwAAAB7UlEQVQoz52SWW4UMRCG+15EUZY38jQg4CjhNCQBAiQ5TyQyZKLMZKb3bvfq3mx/yB4YCI+09Kmqy1Ytf9nzfZ/1+olCCESeE4YhNhbH8c63bDYbgiBwsSiKHPZOkiTOt3H7781mM16enPDm7Ttmr15zdHTE/v4+BwcHHB4eOo6Pj3mxt8f701O+frnk/OwDHy/OHRfnZ1x+/sT11Tdurq/w7h59vi+W3N4vuV088bhcsVpt+d2RxfpCCJqmoa7rZ9iYlC1t2+ItCkWUCeIoRIicLE1d63mW8T+f17TSVVFqQk0T0zRhtGYyIKqGoh0oq5qy7Smajrqq6PoeY0Ab8wu2aIO3DHOWy0fyNKGuSgqR01aCuBxZhB1p0bGJa4KsxU9bNklNkDbEoiPK5c6GuSQpBzzZNW5TZVkyDAPGlsagtKGRPU0jmZRhUhqtNUYbZ6dJM06KcWeVu+PJSrgx7KjjODodtkmhLAuyLHVyTNqQSkUiFVmn0OAw/2oY1h1plrmkdluuC2McVlu7uWEcGVpJeDcn+bEgnt+TPzyQzufUSbJrwuKVsiXNUvI8p+/7XSV7WBSFk6LrOncWrNdE9tEHAUng469WlEI8m8ppaJNZbJd/V5NSuq4b+9a6nrRVhPWIsCObrc5uy/oPPwFqMi9wdiWm6AAAAABJRU5ErkJggg==')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Get ID\",\n    \"title\": \"Get ID\",\n    \"src\": \"/docs-2026.5.2/static/1d94edd00e7c9dbad4806cdd1f7d8b61/e3189/14-psgraph-11-get-ID.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/1d94edd00e7c9dbad4806cdd1f7d8b61/a2ead/14-psgraph-11-get-ID.png 259w\", \"/docs-2026.5.2/static/1d94edd00e7c9dbad4806cdd1f7d8b61/6b9fd/14-psgraph-11-get-ID.png 518w\", \"/docs-2026.5.2/static/1d94edd00e7c9dbad4806cdd1f7d8b61/e3189/14-psgraph-11-get-ID.png 1035w\", \"/docs-2026.5.2/static/1d94edd00e7c9dbad4806cdd1f7d8b61/d073d/14-psgraph-11-get-ID.png 1297w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"Get service principal object and store it inside a variable by running the following commands.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"$principal = Get-AzureADServicePrincipal -All $true | ? AppId -eq 'd7defe38-0248-492a-9f7c-56bc7ca4a094'\\n\")), mdx(\"p\", null, \"And get a role object for \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"User Administrator\"), \" role.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"$role = Get-AzureADDirectoryRole | ? DisplayName -eq 'User Administrator'\\n\")), mdx(\"p\", null, \"Having two variables above defined you can assign your application \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"User Administrator\"), \" role. To do this, run the following command.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $principal.ObjectID \\n\")), mdx(\"p\", null, \"Example of assignment is given below.\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/293853ff013f4c72d9351d889882fa06/9ba38/14-psgraph-12-example.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"9.652509652509652%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAACCAYAAABYBvyLAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAhElEQVQI1x3FOQ6CQABA0bGwMBJhYPaNRQGt8TSS2Jh4/xt8E1/zhLGGvvSo2HEpFS4ppjGwLvn/MARidEgv6bwixkyrLY0v1DYiXaJ1iWPV8P58Ecsys21PbutIGgzrXFjmxONeuE4RrTSuOMqUKXlE2oAOPXVQnM0J7y1Gaw5CsO8vfqQPNaxCgNSJAAAAAElFTkSuQmCC')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Example\",\n    \"title\": \"Example\",\n    \"src\": \"/docs-2026.5.2/static/293853ff013f4c72d9351d889882fa06/e3189/14-psgraph-12-example.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/293853ff013f4c72d9351d889882fa06/a2ead/14-psgraph-12-example.png 259w\", \"/docs-2026.5.2/static/293853ff013f4c72d9351d889882fa06/6b9fd/14-psgraph-12-example.png 518w\", \"/docs-2026.5.2/static/293853ff013f4c72d9351d889882fa06/e3189/14-psgraph-12-example.png 1035w\", \"/docs-2026.5.2/static/293853ff013f4c72d9351d889882fa06/9ba38/14-psgraph-12-example.png 1329w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"Having set this you will be able to reset user passwords.\"), mdx(\"h3\", null, \"Getting parameters for OpenIAM Managed System configuration\"), mdx(\"p\", null, \"The last step needed for completing a preparation is to collect some data for inputting into OpenIAM Managed System configuration page.\"), mdx(\"p\", null, \"You will need the following data:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Application (client) ID. It goes to the \", mdx(\"em\", {\n    parentName: \"li\"\n  }, \"Login ID\"), \" property on the OpenIAM configuration page.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Directory (tenant) ID. It should be inserted into the \", mdx(\"em\", {\n    parentName: \"li\"\n  }, \"Host URL\"), \" property field.\")), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"781px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/0e21e91fec6a16380245e5a57e5bff86/7fee5/14-psgraph-13-IDs.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"55.21235521235521%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAABYlAAAWJQFJUiTwAAABqUlEQVQoz32RiY7TMBRF8/+fhRho6QhEhxEIMUOTLmnTeI2dtGnjg+y0syCGK508v3jJzXVW+zNCaZzVrM0JoS2irnDeszY9WiuUlAhR413DqMCzwgsgq+yZUnY0/ojwA8J0SOMxvk+9cUeU7RLaHWiPAX8Y8Jca+yuxz+6WPZOfjp105KWh2NpUl7uGYjvW6/tl1bDY6NQvSs1ioyh24/rIw1KQ9efACInjKXA8Dake+uHCOB7n/k8W/901DXW9Z19VEMJfGfFGXq+zuyqL+51zaK0xxrzarA8DdRuQXcAceVMhhOQj1iw+hBAJKSVN0+C9TwtLYXlcC1Z7w2qn8M5hjaYxJplwXceh758PHR2G5C7SdR1t2yaizI/vlO/fUc8+IW9nlB8/sLm5YTuZsJlOWU2n2Dx/4fLi0Fy+OAzD00SUdY4qOrcW5V1CWIt0jlpKtnlOq9S/D4wOlVLUdZ0uKUo+PLKe3bL+/IXy65zq7hv7xJztfE59f48uimuQ10sZD4wZxhozjFk617DZO36vNb8KSZ7vyRcVB6FAa4aIlATnntxFh38A/utOHIpNO6cAAAAASUVORK5CYII=')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"IDs\",\n    \"title\": \"IDs\",\n    \"src\": \"/docs-2026.5.2/static/0e21e91fec6a16380245e5a57e5bff86/7fee5/14-psgraph-13-IDs.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/0e21e91fec6a16380245e5a57e5bff86/a2ead/14-psgraph-13-IDs.png 259w\", \"/docs-2026.5.2/static/0e21e91fec6a16380245e5a57e5bff86/6b9fd/14-psgraph-13-IDs.png 518w\", \"/docs-2026.5.2/static/0e21e91fec6a16380245e5a57e5bff86/7fee5/14-psgraph-13-IDs.png 781w\"],\n    \"sizes\": \"(max-width: 781px) 100vw, 781px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Certificate Thumbprint, generated on step #3.1. It could be taken from \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"MMC\"), \" > \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"Certificate Snap-in\"), \" > \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"Local Computer certificates\"), \" > \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"Personal\"), \" > your certificate. This should go to the \", mdx(\"em\", {\n    parentName: \"li\"\n  }, \"Password\"), \" property\")), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"609px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/e9440709ae5bc1ede9e1be16e0bc7417/d0d8c/14-psgraph-14-thumbprint.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"85.71428571428571%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAARCAYAAADdRIy+AAAACXBIWXMAABYlAAAWJQFJUiTwAAACsElEQVQ4y6VT227aQBDlq9O3PjaVmiYhX9BPaKX0llRNowSlL9AUY4O5Ggy2wde1wTbYcKoZ1zSN+hJ1pKPZy+yZszO7FXs6wsKaYTqbYWHb2G5z5PnTsN1ukSQJlsslKrZlQQQCnufCtm3eeCrSNEUcxwXhRNchSRJM04RhGJjP5xiNRqjX65BlGYqiwHVdDg7DEEIIBEHAvkQ5J1+hIBpQBiL0PI/n5H3fZ9CcQGNSQ7bb7f4C2Wq1QoWYHcfh7M1mE7quw7IsVvwQpHw6nbLSx4SlkagKsfpBiDhJeHGzybDZbPY+yzKs4pjVZVm+B+9nGbI8RxwnCMOoUBhFEbR+G5ZpYr1ec8ceZyf1vV6P1VETaE5XJwI6T4ldzyuaEoYCtvodrZ8NaOPJP69DhzqdDoMapaoqN2s2m/HLIHJKEkVLVKIwhKHU0Gr+QK/X52yllYTUEKovkTQaDSahzlM5yPI8gyDCUqHZvoMs3UNW2tA0DZPJhD2VgIwa1+12WQVdix7zQ6M1iucaUtB9qwGp1YLa7TGpJCu4b0qI04LQ9Xy0ZAW9wRBKu8P7VJ7hSINhWrAdl2vMXRahgKTUMVIl6IMOPGMMYY0RWOM/EtYRtK4Mvd+G1lUwHaocP1Rb8Oc6spWPfr/Pr6GyjHy8u63h5Xkbxx87OPmi4exOoFrzcHLr4rTm4/jKwOFbCa/O26h+6uDscojqxQBnn1WcXg7x5s5EfzAsFMarJb51fRxe2Ti5cfHiq42DcwPPPpiMg/cmnl/McXzj4ejaRfXWxdG1g9fXLk5vPLy8clC9Nvna+xoG7gJJYCMVDlJhY7t0sQkLn0cOsshF7C94Pw4KT/E0XocOkEasjhXyPxUCSbpmxEnKzVjFSeF/z2k9eeTLcb7d8YfY/+XyefyP0Zslwl8Bzfs2CTogjAAAAABJRU5ErkJggg==')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Certificate thumbprint\",\n    \"title\": \"Certificate thumbprint\",\n    \"src\": \"/docs-2026.5.2/static/e9440709ae5bc1ede9e1be16e0bc7417/d0d8c/14-psgraph-14-thumbprint.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/e9440709ae5bc1ede9e1be16e0bc7417/a2ead/14-psgraph-14-thumbprint.png 259w\", \"/docs-2026.5.2/static/e9440709ae5bc1ede9e1be16e0bc7417/6b9fd/14-psgraph-14-thumbprint.png 518w\", \"/docs-2026.5.2/static/e9440709ae5bc1ede9e1be16e0bc7417/d0d8c/14-psgraph-14-thumbprint.png 609w\"],\n    \"sizes\": \"(max-width: 609px) 100vw, 609px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"h2\", null, \"Attributes\"), mdx(\"p\", null, \"As the out of the box connector covers most common functionality that OpenIAM can foresee in the majority of environments, below there is the list of basic attributes that are supported by default. However, connectors can be extended to support custom attributes or provide additional logic, as connector business logic is fully separated from a technical implementation and is stored in \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Connector.ps1\"), \" PowerShell file that is open sourced.\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Mandatory attributes\")), mdx(\"p\", null, \"Minimum set of attributes for a user account are\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"DisplayName (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"PasswordProfile.Password (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"AccountEnabled (Boolean)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"MailNickName (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Manager (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"UserPrincipalName (string; Remark: is mandatory in case of a license assignment)\")), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Regular attributes\")), mdx(\"p\", null, \"In addition to the above mandatory attributes connector supports setting out of the box attributes as follows.\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"AboutMe (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"AgeGroup (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Licensing.Data (JSON attribute, see below chapter for the explanation)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"City (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"CompanyName (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Country (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Department (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"DeviceEnrollmentLimit (Int32)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"EmployeeType (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"ExternalUserState (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"FaxNumber (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"GivenName (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Groups (multivalue) - can include identifiers of Entra groups along with operation codes to indicate if current user should be added to a group with given Id or removed from it.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"ImAddresses (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"JobTitle (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Mail (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"MailNickname (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"MobilePhone (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"MySite (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"OfficeLocation (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"OnPremisesDistinguishedName (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"OnPremisesDomainName (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"OnPremisesImmutableId (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"OnPremisesSamAccountName (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"OnPremisesSecurityIdentifier (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"ServicePrincipals (JSON) \\u2013 Assign/revoke  user to Application\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"RevokeSignInSession (bool) \\u2013 Revoke all action session of user  \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"OnPremisesUserPrincipalName (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"PostalCode (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"PreferredDataLocation (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"PreferredLanguage (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"PreferredName (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"SecurityIdentifier (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"State (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"StreetAddress (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Surname (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"UsageLocation (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"UserType (string)\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"PasswordProfile.Password (string). For new user: set password. For existing users, resets a password. NOTE: for existing users PasswordProfile.Password will be applied only if ForceChangePasswordOnSave attribute is \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"true\"), \".\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"PasswordProfile.ForceChangePasswordNextSignIn(bool). If it is \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"true\"), \", users will be forced to change password after the next login.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"PasswordProfile. ForceChangePasswordNextSignInWithMfa(bool). If it is \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"true\"), \", before changing password, the user will be forced to perform an MFA.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"ForceChangePasswordOnSave. This is a custom attribute that is related to OpenIAM. By default, password updates \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"are not allowed during SAVE operation\"), \", and to change a password you must call an explicit \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"RESET_PASSWORD\"), \" operation. However, in some cases it could be useful to update passwords during SAVE operation as well (example \\u2013 updating a user profile during the leaver process). To force the connector to update user password on SAVE operation (PasswordProfile.Password) you need to save this attribute (ForceChangePasswordOnSave) to \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"true\"), \". \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"RemoveAllMicrosoftAuthenticatorMethods (bool). Is a custom attribute, if it is \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"true\"), \", will remove from user all authentication methods related to MicrosoftAuthenticator App (#microsoft.graph.microsoftAuthenticatorAuthenticationMethod).\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"RemoveAllPhoneAuthenticationMethods (bool). Is a custom attribute, if it is true, will remove from user all authentication methods related to phone number(#microsoft.graph.phoneAuthenticationMethod). \")), mdx(\"h3\", null, \"Assigning license packages\"), mdx(\"p\", null, \"License assignment is being controlled by the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Licensing.Data\"), \" attribute. \"), mdx(\"p\", null, \"For all operations related to licenses you will need to get the name of the license that you are going to assign or remove. It is possible to get the list of all available licenses for your organization. To do this you can go to the connector machine (or any other machine where Microsoft PowerShell Graph module is available), open PowerShell console and run the following command.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Connect-MgGraph -Scope User.ReadWrite.All, Directory.ReadWrite.All\\nGet-MgSubscribedSku -All | Select-Object SkuPartNumber\\n\")), mdx(\"p\", null, \"The output will be similar to one given below.\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"728px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/cc1e4a32f659e298cd658e2b64a06091/cecac/14-psgraph-15-license.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"28.57142857142857%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAGCAYAAADDl76dAAAACXBIWXMAABJ0AAASdAHeZh94AAAArklEQVQY06WR2wrDIBBEfcyae6ipt2hKSE3+/wOnuG0gD6XQ9uGgzI67wyqUUrDWwjkHbQyMUUj3CWG6wvsRczS4XAb0/QBnRzg34jY/fVpreO8RQkDbtijLEqJpGi7UdQ0igpQSRUEgkkxBkrVsPjR6aZn8JpPrVVVB5O7LssAYw4Ys/gon3LYN67pyymPK2XA+P90PRIyRd5BS4l3+m5IT7vvOn9J13dup3zR8AM1Ijh5Lz0JHAAAAAElFTkSuQmCC')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"License\",\n    \"title\": \"License\",\n    \"src\": \"/docs-2026.5.2/static/cc1e4a32f659e298cd658e2b64a06091/cecac/14-psgraph-15-license.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/cc1e4a32f659e298cd658e2b64a06091/a2ead/14-psgraph-15-license.png 259w\", \"/docs-2026.5.2/static/cc1e4a32f659e298cd658e2b64a06091/6b9fd/14-psgraph-15-license.png 518w\", \"/docs-2026.5.2/static/cc1e4a32f659e298cd658e2b64a06091/cecac/14-psgraph-15-license.png 728w\"],\n    \"sizes\": \"(max-width: 728px) 100vw, 728px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"Having the names of the licenses as shown above you can form your JSON payload in a basic way, for assigning the whole license package. However, a single license package consists of a set of nested services. Sometimes one may need to assign licenses and grant access to some particular list of services included inside this license package. If you need to do it, first of all you need to know the names of services that are a part of one particular license package. \"), mdx(\"p\", null, \"Let's assume that we have the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"POWER_BI_STANDARD\"), \" license package and we would like to get all services that are included in this license. Run the following\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"$availableLicenses = Get-MgSubscribedSku -All\\n$curLicEntity = $availableLicenses | Where-Object SkuPartNumber -eq 'POWER_BI_STANDARD'\\n$curLicEntity.ServicePlans\\n\")), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/627916c51b2dca342376732da5afa628/d8817/14-psgraph-16-license-package.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"20.463320463320464%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAECAYAAACOXx+WAAAACXBIWXMAABJ0AAASdAHeZh94AAAA20lEQVQY0zWPwW6DMBBEuZS2GDAQMAECNsaOgYhT8/+/9iqQcngaaUe7Mxv5sOG94/33Rq8TP+6bbBXkc84QWpZjwKwd+2owuqdpbrRti1KKoijJm4687pBqIM1yImMXxnFkWRyTnVC24aYrJjNhnEHIlK/fmCRJkDJDqYa+Pw83CCHIZEkmi0vTNCWyi7tMrTX39k5d1ehRE54Bow2P4XFxhg7DA+c8IQSstUgpEUmCEB8E0fnura7x3lNWJXEcM88zr9frWjx133eO42DbNvZ9u+ZnwKfl2ezDP0/sZ70ZQ+qPAAAAAElFTkSuQmCC')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"License package included\",\n    \"title\": \"License package included\",\n    \"src\": \"/docs-2026.5.2/static/627916c51b2dca342376732da5afa628/e3189/14-psgraph-16-license-package.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/627916c51b2dca342376732da5afa628/a2ead/14-psgraph-16-license-package.png 259w\", \"/docs-2026.5.2/static/627916c51b2dca342376732da5afa628/6b9fd/14-psgraph-16-license-package.png 518w\", \"/docs-2026.5.2/static/627916c51b2dca342376732da5afa628/e3189/14-psgraph-16-license-package.png 1035w\", \"/docs-2026.5.2/static/627916c51b2dca342376732da5afa628/d8817/14-psgraph-16-license-package.png 1238w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"Now, you have all names needed to format JSON payload.\"), mdx(\"p\", null, \"Let's assume that you need to assign a \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"POWER_BI_STANDARD\"), \" license package for a user excluding \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"PURVIEW_DISCOVERY\"), \" plan within and completely revoking \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"FLOW_FREE\"), \" from a user. In this case  \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Licensing.Data\"), \" should be set as multivalued containing 2 items, as follows.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"{\\\"LicenseName\\\":\\\"POWER_BI_STANDARD\\\",\\\"DisabledPlans\\\":[\\\"PURVIEW_DISCOVERY\\\"]}  => with operation code 'Add'\\n{\\\"LicenseName\\\":\\\"FLOW_FREE\\\",\\\"DisabledPlans\\\":[]} => with operation code 'Delete'\\n\")), mdx(\"p\", null, \"Information in \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Licensing.Data\"), \" attribute could be presented either as names of licenses and plans or their identifiers, as shown below.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"[{\\\"LicenseName\\\":\\\"POWER_BI_STANDARD\\\",\\\"DisabledPlans\\\":[\\\"BI_AZURE_P0\\\"]}]\\n\")), mdx(\"p\", null, \"Same example using identifiers.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"[{\\\"LicenseName\\\":\\\"a403ebcc-fae0-4ca2-8c8c-7a907fd6c235\\\",\\\"DisabledPlans\\\":[\\\"2049e525-b859-401b-b2a0-e0a31c4b1fe4\\\"]}]\\n\")), mdx(\"h3\", null, \"Assigning and revoking roles for applications\"), mdx(\"p\", null, \"Connector works with Service Principal objects of the Application, as shown below.\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1035px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/docs-2026.5.2/static/0d303cb6f00822211c2d8e3a4c0e483c/09b15/14-psgraph-17-revoking-roles.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"42.857142857142854%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAJCAIAAAC9o5sfAAAACXBIWXMAABYlAAAWJQFJUiTwAAABP0lEQVQoz4VOTUvDQBTc/+SP89yjoAXvnj15am7iTS8eBOtBEcS2Sdo0u/uy2exnstmNJFuKiNBheG/ewPAGXdw9n9/cz26f5snr1WJiMnKeLOfJMjpRH5yRb9eLl7PZI8ow/9iUnxnOK51XelvpHFQOKiUipTKeGZUbIiIzInKQBTSXDzniyoJQ/TCsdni1Lb/zYl2QFFemD7U0X+kuK4E0ehiGIYxDdmEvHLd+cAYJ0zGhVduRuqFcVo1iQjNhrPPKOuCSCS1060OIbJ0XtrfOM1YjBqTcj6CUGGPGB9OHcR3UdPxCtDhjKK0dpcBYXVVMKTWcgg9BKOW6dl0AeieGUAAAjDHn/GS4s1Zw3hmd7QFtucKEUEoxxk3THCv+UzcE73tZgaDU8HqHKdKd770/VJrgnIszij/5YwVM4Aeu+/Tx4ha4iAAAAABJRU5ErkJggg==')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Service principal objects\",\n    \"title\": \"Service principal objects\",\n    \"src\": \"/docs-2026.5.2/static/0d303cb6f00822211c2d8e3a4c0e483c/e3189/14-psgraph-17-revoking-roles.png\",\n    \"srcSet\": [\"/docs-2026.5.2/static/0d303cb6f00822211c2d8e3a4c0e483c/a2ead/14-psgraph-17-revoking-roles.png 259w\", \"/docs-2026.5.2/static/0d303cb6f00822211c2d8e3a4c0e483c/6b9fd/14-psgraph-17-revoking-roles.png 518w\", \"/docs-2026.5.2/static/0d303cb6f00822211c2d8e3a4c0e483c/e3189/14-psgraph-17-revoking-roles.png 1035w\", \"/docs-2026.5.2/static/0d303cb6f00822211c2d8e3a4c0e483c/44d59/14-psgraph-17-revoking-roles.png 1553w\", \"/docs-2026.5.2/static/0d303cb6f00822211c2d8e3a4c0e483c/09b15/14-psgraph-17-revoking-roles.png 1704w\"],\n    \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"The JSON format looks as follows.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"{\\\"id\\\": \\\"Service principle ID\\\", \\\"roles\\\": []} \\u2013 Assing/Revoke empty role of service principle \\n{\\\"id\\\": \\\" Guid of service principle\\\", \\\"roles\\\": [\\\"all\\\"]} - Assing/Revoke all roles of service principle\\n{ \\\"id\\\": \\\" Guid of service principle\\\", \\\"roles\\\": [\\\"Role ID\\\"\\u2026] }  - Assing/Revoke particular role(s) of service principle\\n\")), mdx(\"h2\", null, \"Synchronization\"), mdx(\"p\", null, \"You need to take into account that you will only get the list of attributes specified in the \", mdx(\"em\", {\n    parentName: \"p\"\n  }, \"Property\"), \" parameter. Therefore, be explicit in listing all attributes you need from the identities you are trying to synchronize. Otherwise, Microsoft Graph will skip them for optimization purposes.\"), mdx(\"p\", null, \"Some examples of queries are:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-MgUser -UserId [UPN] -Property Id, Mail, UserPrincipalName, Name, DisplayName, AssignedLicenses, AuthenticationMethods\\nGet-MgUser -All -Property Id, Mail, UserPrincipalName, Name, DisplayName, AssignedLicenses, AuthenticationMethods\\n\")), mdx(\"p\", null, \"Keep in mind that requesting \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"AuthenticationMethods\"), \" is a \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"heavy\"), \" operation. It should be used only when truly necessary and is not recommended for inclusion in the default queries/attributes configuration on the OpenIAM side.\"), mdx(\"h3\", null, \"Synchronizing groups\"), mdx(\"p\", null, \"To synchronize all groups or a specific group, use the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Get-MgGroup\"), \" cmdlet.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-MgGroup -All -Property Id,Description, DisplayName, MailNickname | Select-Object Id,Description, DisplayName, MailNickname\\n\\nGet-MgGroup -GroupId 3aa28018-80b3-4ce0-9e7c-39e6589c0629 -Property Id,Description, DisplayName | Select-Object Id, Description, DisplayName, MailNickname\\n\")), mdx(\"p\", null, \"To synchronize all groups or a specific group with members and owners, use the \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"custom\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Get-GroupsWithMembers\"), \" cmdlet. Synchronization can include one or more of the following attributes:  \"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserMembers\")), \" \\u2013 all user members of the group.  \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"GroupMembers\")), \" \\u2013 all group members of the group.  \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"DeviceMembers\")), \" \\u2013 all device members of the group.  \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"OwnerUserMembers\")), \" \\u2013 all user owners of the group.  \")), mdx(\"p\", null, \"To return all groups with members and owners, use the following query.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-GroupsWithMembers -All [-Property] [-Filter] [-ReturnUserMemberProperty] [-ReturnOwnerProperty] \\n\")), mdx(\"p\", null, \"The explanation for the query is given in the table below.\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Query\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"All\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Required to retrieve all groups.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Property\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Specifies a set of group properties, such as \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Id\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Description\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"DisplayName\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"MailNickname\"), \".\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Filter\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Specifies a filter for retrieving groups, for example: \\\"\", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"MailEnabled\"), \" equals \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"false\"), \"\\\".\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ReturnUserMemberProperty\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Specifies the attribute included in the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" attribute in the synchronization result. It can be:\", mdx(\"ul\", null, mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"Id\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" will contain the IDs of users (default).\"), mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserPrincipalName\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" will contain the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserPrincipalName\"), \" of users.\")))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ReturnOwnerProperty\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Specifies the attribute included in the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" attribute in the synchronization result. It can be:\", mdx(\"ul\", null, mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"Id\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" will contain the IDs of users (default).\"), mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserPrincipalName\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" will contain the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserPrincipalName\"), \" of users.\")))))), mdx(\"p\", null, \"Use the following query to return a specific group with members and owners.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-GroupsWithMembers -GroupId [-Property] [-ReturnUserMemberProperty] [-ReturnOwnerProperty] \\n\")), mdx(\"p\", null, \"The explanation for the query is given in the table below. \"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Query\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GroupId\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Specifies the group ID and is required to retrieve a specific group.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Property\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Specifies a set of group properties, such as \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Id\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Description\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"DisplayName\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"MailNickname\"), \".\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ReturnUserMemberProperty\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Specifies the attribute included in the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" attribute in the synchronization result. It can be:\", mdx(\"ul\", null, mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"Id\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" will contain the IDs of users (default).\"), mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserPrincipalName\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" will contain the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserPrincipalName\"), \" of users.\")))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ReturnOwnerProperty\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Specifies the attribute included in the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" attribute in the synchronization result. It can be:\", mdx(\"ul\", null, mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"Id\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" will contain the IDs of users (default).\"), mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserPrincipalName\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" will contain the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserPrincipalName\"), \" of users.\")))))), mdx(\"h3\", null, \"Synchronization applications\"), mdx(\"p\", null, \"To synchronize all applications or a specific application, use the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Get-MgServicePrincipal\"), \" cmdlet.  \"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-MgServicePrincipal -All -Property Id, AppId, DisplayName, Description | Select-Object Id, AppId, Description\\n\\nPS C:\\\\Users\\\\DimaS> Get-MgServicePrincipal -ServicePrincipalId ff26af16-a8e1-45a2-9598-a78428646a3e -Property Id, AppId, DisplayName, Description | Select-Object Id, AppId, DisplayName, Description \\n\")), mdx(\"p\", null, \"To synchronize all applications or a specific application with members and owners, use the custom \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Get-ApplicationsWithMembers\"), \" cmdlet.  \"), mdx(\"p\", null, \"Synchronization can include one or more of the following attributes:  \"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserMembers\")), \" \\u2013 all user members of the application.  \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"GroupMembers\")), \" \\u2013 all group members of the application.  \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"ServiceMembers\")), \" \\u2013 all ServicePrincipal members of the application.  \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"OwnerUserMembers\")), \" \\u2013 all user owners of the application.  \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"OwnerServiceMembers\")), \" \\u2013 all ServicePrincipal owners of the application.  \")), mdx(\"p\", null, \"To return all applications with members and owners, use the following query.  \"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-ApplicationsWithMembers -All [-Property] [-Filter] [-ReturnUserMemberProperty] [-ReturnOwnerProperty] \\n\")), mdx(\"p\", null, \"The explanation for the query is given in the table below. \"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Query\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"All\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Required to retrieve all applications.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Property\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Should contain a set of group properties, such as \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Id\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AppId\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"DisplayName\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Description\"), \".\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Filter\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Filter used to retrieve groups, for example: \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"\\\"tags/any(t:t eq 'WindowsAzureActiveDirectoryIntegratedApp')\\\"\"), \".\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ReturnUserMemberProperty\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Attribute to be included in the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" attribute in the synchronization result. It can be:\", mdx(\"ul\", null, mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"Id\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" will contain the IDs of users (default).\"), mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserPrincipalName\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" will contain the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserPrincipalName\"), \" of users.\")))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ReturnOwnerProperty\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Attribute to be included in the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" attribute in the synchronization result. It can be:\", mdx(\"ul\", null, mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"Id\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" will contain the IDs of users (default).\"), mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserPrincipalName\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" will contain the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserPrincipalName\"), \" of users.\")))))), mdx(\"p\", null, \"To return specific application with members and owners use the following query structure.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-ApplicationsWithMembers -Id [-Property] [-ReturnUserMemberProperty] [-ReturnOwnerProperty] \\n\")), mdx(\"p\", null, \"The explanation for the query is given in the table below. \"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Query\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Id\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Specific \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ServicePrincipalId\"), \", required for retrieving a specific application.\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Property\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Should contain a set of group properties, such as \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Id\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"AppId\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"DisplayName\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Description\"), \".\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ReturnUserMemberProperty\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Attribute to be included in the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" attribute in the synchronization result. It can be:\", mdx(\"ul\", null, mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"Id\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" will contain the IDs of users (default).\"), mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserPrincipalName\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserMembers\"), \" will contain the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserPrincipalName\"), \" of users.\")))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ReturnOwnerProperty\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Attribute to be included in the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" attribute in the synchronization result. It can be:\", mdx(\"ul\", null, mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"Id\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" will contain the IDs of users (default).\"), mdx(\"li\", null, mdx(\"strong\", {\n    parentName: \"td\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"strong\"\n  }, \"UserPrincipalName\")), \" \\u2013 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"OwnerUserMembers\"), \" will contain the \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserPrincipalName\"), \" of users.\")))))), mdx(\"h3\", null, \"Managing guest users\"), mdx(\"p\", null, \"Creating guest users requires setting the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"InvitationScope\"), \" attribute to \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"true\"), \" at the managed system level and the following application permissions are required:\"), mdx(\"p\", null, mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"User.Invite.All\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"User.ReadWrite.All\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Directory.ReadWrite.All\")), mdx(\"p\", null, \"Additionally, the following attributes are supported for provisioning:\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Attribute name\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Description\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Type\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserPrincipalName\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Email address of the user to invite. Required.\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"String\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"InviteRedirectUrl\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"URL where the invited user is redirected after accepting the invitation. Example: \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://myapplications.microsoft.com.\"\n  }, \"https://myapplications.microsoft.com.\"), \" Required.\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"String\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SendInvitationMessage\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Whether to send the invitation email.\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Boolean\")))), mdx(\"div\", {\n    style: {\n      \"border\": \"1px solid #169998\",\n      \"marginTop\": \"15px\",\n      \"marginBottom\": \"15px\",\n      \"padding\": \"10px 5px\"\n    }\n  }, mdx(\"span\", {\n    style: {\n      \"color\": \"#169998\",\n      \"fontWeight\": \"bold\"\n    }\n  }, \"Note: \"), \"After the invitation is sent, the user receives their own `UserPrincipalName`. For further management of guest users, a user synchronization process is required to retrieve the correct `UserPrincipalName`. Guest users are then managed in the same way as standard Entra ID (Azure) users.\"), mdx(\"p\", null, \"For synchronization, users should be filtered by \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"UserType = Guest\"), \". The same properties are used as for standard Entra ID (Azure) users.\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Example:\")), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"Get-MgUser -Filter \\\"UserType eq 'Guest'\\\" -Property Id, Mail, UserPrincipalName, Name, DisplayName \\n\\nGet-MgUser -Filter \\\"UserType eq 'Guest' and Mail eq 'test.user@openiam.com'\\\" -Property Id, Mail, UserPrincipalName, Name, DisplayName \\n\")), mdx(\"p\", null, \"For \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"removing\"), \" guest users, the standard \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"UserPrincipalName\"), \" flow is used. It must be provided for the \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Remove\"), \" operation.\"));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#prerequisites","title":"Prerequisites"},{"url":"#preparing-environment","title":"Preparing environment","items":[{"url":"#installing-net-48","title":"Installing .NET 4.8"},{"url":"#installing-microsoft-graph-powershell-module","title":"Installing Microsoft Graph PowerShell module"},{"url":"#registering-connector-application","title":"Registering connector application"},{"url":"#generating-application-certificate","title":"Generating application certificate"},{"url":"#running-registration-script","title":"Running registration script"}]},{"url":"#granting-admin-consent-and-adjusting-application-permissions","title":"Granting admin consent and adjusting application permissions","items":[{"url":"#granting-admin-consent","title":"Granting admin consent"},{"url":"#setting-api-permissions","title":"Setting API permissions"},{"url":"#setting-other-permissions","title":"Setting other permissions"},{"url":"#getting-parameters-for-openiam-managed-system-configuration","title":"Getting parameters for OpenIAM Managed System configuration"}]},{"url":"#attributes","title":"Attributes","items":[{"url":"#assigning-license-packages","title":"Assigning license packages"},{"url":"#assigning-and-revoking-roles-for-applications","title":"Assigning and revoking roles for applications"}]},{"url":"#synchronization","title":"Synchronization","items":[{"url":"#synchronizing-groups","title":"Synchronizing groups"},{"url":"#synchronization-applications","title":"Synchronization applications"},{"url":"#managing-guest-users","title":"Managing guest users"}]}]},"parent":{"relativePath":"connectorconfig/microsoft/14-psgraph.md"},"frontmatter":{"metaTitle":"Microsoft Graph PowerShell connector","metaDescription":"This page describes how to install and configure Microsoft Graph PowerShell connector in OpenIAM."}},"allMdx":{"edges":[{"node":{"fields":{"slug":"/changelog","title":"Change log"}}},{"node":{"fields":{"slug":"/appendix","title":"Appendix"}}},{"node":{"fields":{"slug":"/connectorconfig","title":"IdM Connectors"}}},{"node":{"fields":{"slug":"/admin","title":"Administration guide"}}},{"node":{"fields":{"slug":"/developerguide","title":"Developer Guide"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice","title":"End user guide for SelfService portal"}}},{"node":{"fields":{"slug":"/getting-started","title":"Getting Started"}}},{"node":{"fields":{"slug":"/troubleshooting","title":"FAQ / Troubleshooting"}}},{"node":{"fields":{"slug":"/whatsnew","title":"What's new in OpenIAM"}}},{"node":{"fields":{"slug":"/ssocatalog","title":"SSO Catalog"}}},{"node":{"fields":{"slug":"/admin/0-login","title":"Logging in to the admin portal"}}},{"node":{"fields":{"slug":"/admin/1-exportimport","title":"Import / Export"}}},{"node":{"fields":{"slug":"/","title":"Welcome to the OpenIAM Documentation"}}},{"node":{"fields":{"slug":"/installation","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin","title":"User administration"}}},{"node":{"fields":{"slug":"/admin/12-administration","title":"Administration"}}},{"node":{"fields":{"slug":"/admin/10-consent-management","title":"Consent management"}}},{"node":{"fields":{"slug":"/admin/10-password","title":"Password policy"}}},{"node":{"fields":{"slug":"/admin/13-selfregistration","title":"Self-registration"}}},{"node":{"fields":{"slug":"/admin/15-audit","title":"Audit"}}},{"node":{"fields":{"slug":"/admin/14-Help.Desk.User.Profile.Protection","title":"HelpDesk profile protection"}}},{"node":{"fields":{"slug":"/admin/16-admin-pswd-change","title":"Password reset for administrator's account"}}},{"node":{"fields":{"slug":"/admin/18-services-passwd-change-k8","title":"Password update for OpenIAM services in Kubernetes"}}},{"node":{"fields":{"slug":"/admin/2-authentication","title":"Authentication"}}},{"node":{"fields":{"slug":"/admin/19-reports","title":"OpenIAM report services"}}},{"node":{"fields":{"slug":"/admin/21-graph-rebuild","title":"Rebuilding OpenIAM's in-memory authorization graph"}}},{"node":{"fields":{"slug":"/admin/3-authz","title":"Managing access"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/admin/20-virtual-tentant-by-org","title":"Enabling a virtual tenant by organization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov","title":"Requests / Approval"}}},{"node":{"fields":{"slug":"/admin/22-token-session-util","title":"Session management utility for RPM"}}},{"node":{"fields":{"slug":"/admin/7-access-cert","title":"User access review"}}},{"node":{"fields":{"slug":"/admin/8-sso","title":"Federation / SSO to applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle","title":"Automated provisioning"}}},{"node":{"fields":{"slug":"/changelog/13-Release-4.2.1.7","title":"Release 4.2.1.7"}}},{"node":{"fields":{"slug":"/changelog/14-Release-4.2.1.8","title":"Release 4.2.1.8"}}},{"node":{"fields":{"slug":"/changelog/12-Release-4.2.1.6","title":"Release 4.2.1.6"}}},{"node":{"fields":{"slug":"/changelog/11-Release-4.2.1.5","title":"Release 4.2.1.5"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy","title":"Access gateway"}}},{"node":{"fields":{"slug":"/changelog/16-Release-4.2.1.10","title":"Release 4.2.1.10"}}},{"node":{"fields":{"slug":"/changelog/15-Release-4.2.1.9","title":"Release 4.2.1.9"}}},{"node":{"fields":{"slug":"/changelog/17-Release-4.2.1.11","title":"Release 4.2.1.11"}}},{"node":{"fields":{"slug":"/changelog/18-Release-4.2.1.12","title":"Release 4.2.1.12"}}},{"node":{"fields":{"slug":"/changelog/19-Release-4.2.1.13","title":"Release 4.2.1.13"}}},{"node":{"fields":{"slug":"/changelog/20-Release-4.2.1.14","title":"Release 4.2.1.14"}}},{"node":{"fields":{"slug":"/changelog/22-v2026.1.1","title":"Changelog for v2026.1.1"}}},{"node":{"fields":{"slug":"/appendix/1-self-signedcert","title":"Generate Self-signed Cert"}}},{"node":{"fields":{"slug":"/appendix/2-openssl","title":"Install OpenSSL"}}},{"node":{"fields":{"slug":"/changelog/23-v2026.5.2","title":"Changelog for v2026.5.2"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.1.15","title":"Release 4.2.1.15"}}},{"node":{"fields":{"slug":"/appendix/3-installopenldap","title":"Install OpenLDAP on Ubuntu"}}},{"node":{"fields":{"slug":"/connectorconfig/2-configparam","title":"Connector parameters"}}},{"node":{"fields":{"slug":"/connectorconfig/4-troubleshootingconnector","title":"Provisioning operations troubleshooting"}}},{"node":{"fields":{"slug":"/connectorconfig/JDBC","title":"JDBC connector"}}},{"node":{"fields":{"slug":"/connectorconfig/LDAP","title":"LDAP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/SAPUME","title":"SAP UME connector"}}},{"node":{"fields":{"slug":"/connectorconfig/adp","title":"ADP connector"}}},{"node":{"fields":{"slug":"/appendix/4-prepforprod","title":"Prepare for Production"}}},{"node":{"fields":{"slug":"/connectorconfig/aerospike","title":"Aerospike connector"}}},{"node":{"fields":{"slug":"/connectorconfig/freeIPA","title":"FreeIPA connector"}}},{"node":{"fields":{"slug":"/connectorconfig/gsuite","title":"GSuite connector"}}},{"node":{"fields":{"slug":"/connectorconfig/linux","title":"Linux connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aws","title":"AWS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracle","title":"Oracle RDBMS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft","title":"Microsoft Application Connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/oracleebs","title":"Oracle EBS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/postgresql","title":"PostgreSQL connector"}}},{"node":{"fields":{"slug":"/admin/17-services-manual-passwd-change","title":"Manual password update for OpenIAM services in RPM"}}},{"node":{"fields":{"slug":"/connectorconfig/sap","title":"SAP S/4 Hana connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector","title":"Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/salesforce","title":"Salesforce.com connector"}}},{"node":{"fields":{"slug":"/connectorconfig/tableau","title":"Tableau connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scim","title":"SCIM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/workday","title":"Workday connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css","title":"Customizing branding"}}},{"node":{"fields":{"slug":"/developerguide/10-OpenIAM-opensource-rep","title":"OpenIAM open source repository"}}},{"node":{"fields":{"slug":"/developerguide/11-groovy-scripts","title":"Groovy Script Management"}}},{"node":{"fields":{"slug":"/developerguide/2-api","title":"RESTful API"}}},{"node":{"fields":{"slug":"/developerguide/3-whitelisting","title":"Whitelisting packages"}}},{"node":{"fields":{"slug":"/developerguide/6-ide","title":"Script development using an IDE"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel","title":"Data model"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization","title":"Synchronization Scripts"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/1-login","title":"Logging in to SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice","title":"Operations via SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest","title":"Request management"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/6-singlesignon","title":"Single sign-on"}}},{"node":{"fields":{"slug":"/developerguide/4-scheduledtasks","title":"Batch/Scheduled tasks"}}},{"node":{"fields":{"slug":"/getting-started/1-what_is_openiam","title":"What is OpenIAM?"}}},{"node":{"fields":{"slug":"/getting-started/2-productarchitecture","title":"Platform architecture"}}},{"node":{"fields":{"slug":"/getting-started/3-install_openiam","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess","title":"User access rights"}}},{"node":{"fields":{"slug":"/getting-started/21-concepts","title":"Concepts"}}},{"node":{"fields":{"slug":"/getting-started/5-connecting","title":"Connecting to an authoritative source"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce","title":"Discovery questions"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning","title":"Automated user provisioning"}}},{"node":{"fields":{"slug":"/getting-started/8-openiam-with-IdP","title":"Integrating OpenIAM with your IdP"}}},{"node":{"fields":{"slug":"/getting-started/99-multifactor-authentication","title":"Configuring multi-factor authentication"}}},{"node":{"fields":{"slug":"/getting-started/9-openiam-as-IdP","title":"Integrating OpenIAM as your IdP"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation","title":"Deploying to Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/7-selfservice-pswd","title":"SelfService password reset"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation","title":"Deploying on OpenShift"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation","title":"Deploying via RPM on Linux"}}},{"node":{"fields":{"slug":"/installation/8-sizing","title":"Sizing recommendations"}}},{"node":{"fields":{"slug":"/installation/9-data_migration","title":"OpenIAM data migration"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation","title":"Deploying via Docker"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous","title":"Miscellaneous related articles"}}},{"node":{"fields":{"slug":"/ssocatalog/AWS","title":"AWS SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Freshdesk","title":"Freshdesk SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Gsuite","title":"GSuite SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Azure","title":"Azure SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Salesforce","title":"Salesforce.com"}}},{"node":{"fields":{"slug":"/ssocatalog/okta","title":"Okta SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Office365","title":"Office365 SSO"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster","title":"Cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment","title":"Environment"}}},{"node":{"fields":{"slug":"/troubleshooting/docker","title":"Docker Swarm"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors","title":"Connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational","title":"Operational"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm","title":"RPM"}}},{"node":{"fields":{"slug":"/whatsnew/1-v420","title":"New in v4.2.0.0"}}},{"node":{"fields":{"slug":"/troubleshooting/v3_update","title":"Update from V3.X to V4.X"}}},{"node":{"fields":{"slug":"/whatsnew/10-v4218","title":"New in v4.2.1.8"}}},{"node":{"fields":{"slug":"/whatsnew/11-v4219","title":"New in v4.2.1.9"}}},{"node":{"fields":{"slug":"/whatsnew/14-v42112","title":"New in v4.2.1.12"}}},{"node":{"fields":{"slug":"/whatsnew/15-v42113","title":"New in v4.2.1.13"}}},{"node":{"fields":{"slug":"/whatsnew/16-v42115","title":"New in v4.2.1.15"}}},{"node":{"fields":{"slug":"/whatsnew/16-v422","title":"New in v4.2.2"}}},{"node":{"fields":{"slug":"/whatsnew/13-v42111","title":"New in v4.2.1.11"}}},{"node":{"fields":{"slug":"/whatsnew/17-v2026.1.1","title":"New in v2026.1.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.3.1","title":"New in v2026.3.1"}}},{"node":{"fields":{"slug":"/whatsnew/12-v42110","title":"New in v4.2.1.10"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.2.1","title":"New in v2026.2.1"}}},{"node":{"fields":{"slug":"/whatsnew/19-v2026.3.2","title":"New in v2026.3.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.3.3","title":"New in 2026.3.3"}}},{"node":{"fields":{"slug":"/whatsnew/21-v2026.4.2","title":"New in v2026.4.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.4.1","title":"New in v2026.4.1"}}},{"node":{"fields":{"slug":"/whatsnew/22-v2026.5.2","title":"New in v2026.5.2"}}},{"node":{"fields":{"slug":"/whatsnew/8-v4216","title":"New in v4.2.1.6"}}},{"node":{"fields":{"slug":"/whatsnew/9-v4217","title":"New in v4.2.1.7"}}},{"node":{"fields":{"slug":"/whatsnew/7-v4215","title":"New in v4.2.1.5"}}},{"node":{"fields":{"slug":"/connectorconfig/rexx","title":"Rexx connector"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/10-bulkoperations","title":"Bulk operations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/1-createuser","title":"Creating a user"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/11-bulkentitlements","title":"Bulk operations with entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/13-unlock-account","title":"Unlocking an account"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/14-add-remove-entitlements","title":"Adding/Removing entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/15-rehireuserflow","title":"Rehire user flow"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/12-externaldelegation","title":"Organization level delegation"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/16-user-conversion","title":"User conversion"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/17-newhireworkflow","title":"New hire workflow configuration"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/18-creating-new-dept-division","title":"Creating a new department or division"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/3-adminoperations","title":"Administrative actions on a User"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration","title":"Configuring page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/2-usertypes","title":"Custom user types"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/5-finduser","title":"User search"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/8-serviceaccounts","title":"Service accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/7-customfields","title":"Custom fields"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/9-orphanmanagement","title":"Orphan management"}}},{"node":{"fields":{"slug":"/admin/10-password/1-pswd-compromised","title":"Password breach detection"}}},{"node":{"fields":{"slug":"/admin/12-administration/3-squence-generator","title":"Sequence generators"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/6-relatedAccount","title":"Related accounts"}}},{"node":{"fields":{"slug":"/admin/12-administration/4-otpconfig","title":"Configure OTP Provider"}}},{"node":{"fields":{"slug":"/admin/12-administration/6-languages","title":"Managing languages"}}},{"node":{"fields":{"slug":"/admin/12-administration/5-links","title":"External links on login page"}}},{"node":{"fields":{"slug":"/admin/12-administration/7-reconciliationhistory","title":"Reconciliation history"}}},{"node":{"fields":{"slug":"/admin/12-administration/8-aboutopenIAM-page","title":"About OpenIAM Page"}}},{"node":{"fields":{"slug":"/admin/12-administration/9-reindex_elasticsearch","title":"Reindex Opensearch"}}},{"node":{"fields":{"slug":"/admin/15-audit/2-audit-log-export-connector","title":"Audit log export connector"}}},{"node":{"fields":{"slug":"/admin/12-administration/99-heartbeat","title":"Heartbeat links"}}},{"node":{"fields":{"slug":"/admin/2-authentication/1-auth-overview","title":"Configuring authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/11-credentialprovider","title":"Credential provider"}}},{"node":{"fields":{"slug":"/admin/2-authentication/10-fidologin","title":"FIDO-2 authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/13-criiptoauth","title":"Criipto authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-account-unlock","title":"Setting up account unlock"}}},{"node":{"fields":{"slug":"/admin/15-audit/1-audit-events-interpret","title":"Audit events interpretation"}}},{"node":{"fields":{"slug":"/admin/2-authentication/14-duo-auth","title":"Duo authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/15-modernauth","title":"Microsoft Modern authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-certificateauth","title":"Configuring certificate-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/16-external-multiselect-auth","title":"External/multiselect authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-auth-policy","title":"Authentication policy"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-delegatedauth","title":"Managed System authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/21-dashboards","title":"Monitoring dashboards"}}},{"node":{"fields":{"slug":"/admin/2-authentication/3-passwordauth","title":"Password-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/9-adaptiveauth","title":"Adaptive authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/1-overview","title":"Introduction to access control"}}},{"node":{"fields":{"slug":"/admin/2-authentication/7-otp","title":"OTP over SMS or E-mail"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus","title":"Menus"}}},{"node":{"fields":{"slug":"/admin/3-authz/10-accessright","title":"Access rights"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social","title":"Social authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/11-contentprovider","title":"Content provider"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups","title":"Managing groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/4-types","title":"Metadata types"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-conflict-groups","title":"Conflict Groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/5-resources","title":"Managing resources"}}},{"node":{"fields":{"slug":"/admin/3-authz/8-accesstossoapps","title":"Access to SSO applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/6-organization","title":"Managing organizations"}}},{"node":{"fields":{"slug":"/admin/3-authz/9-approvalflow","title":"Configuring approval workflows"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles","title":"Managing roles"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/1-Automated-applications","title":"Connected applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications","title":"Manual applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/10-managedsystemsimulation","title":"Managed system simulation mode"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config","title":"Configure Provisioning"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/12-LDAP-managedsys-config","title":"LDAP Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/2-incrementalsynch","title":"Incremental synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/3-recon","title":"Configure reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/6-managedsystem-config","title":"Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/4-birthright","title":"Birthright access"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/5-recon-groovy","title":"Groovy Scripts for Reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/8-importentitlements","title":"Import entitlements"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/9-importorganization","title":"Import Organizations"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/1-synch","title":"Configuring synchronization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/1-application-category","title":"Application categories"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/2-approval-flow","title":"Approval flow"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/5-approve-by-email","title":"Approving requests via Email"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/3-manualTasks","title":"Manual tasks"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/4-post-request","title":"After request has been approved"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/7-questionnaire","title":"Questionnaire"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/1-entitlmentcert","title":"Entitlement based certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/11-campaign-dashboard","title":"Campaign dashboard"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-event-driven-cert","title":"Risk event driven certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/3-certification-reporting","title":"Certification reporting"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-factor-config","title":"Risk factors configuration"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/5-delete-campaign","title":"Deleting an access certification campaign"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/10-mitigation-controls","title":"Mitigation controls for SoD"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-membership-tags","title":"Membership tags"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/6-campaign-database","title":"Access certification campaigns as database objects"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/7-expiration-policy","title":"Expiration policy"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-usercert","title":"User based review"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/9-segregation-of-duties","title":"Segregation of Duties (SoD) policies"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/thesaurus","title":"Access Certification Thesaurus"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/8-multiple-reviwer-campaigns","title":"Multi-reviewer user access review campaigns"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2","title":"oAuth 2.0"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml","title":"Add SAML SP to OpenIAM"}}},{"node":{"fields":{"slug":"/admin/8-sso/3-oidc","title":"OpenID Connect"}}},{"node":{"fields":{"slug":"/admin/8-sso/5-auth_scopes","title":"OpenIAM oAuth scopes"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/2-headerinj","title":"Header Injection"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/3-urlrewriting","title":"URL Rewriting"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/6-example","title":"Examples"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/7-rProxy-loadbalancer","title":"Reverse Proxy with Load Balancer"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/8-kerberos","title":"Setting up Kerberos via rProxy"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/1-formfill","title":"Form Fill"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/9-directive-reference","title":"mod_openiam Directive Reference"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/1-powershellconnectorinstallation","title":"Installing PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal","title":"WinLocal OpenIAM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-WindowsPasswordFilter","title":"AD Password Filter"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/13-successfactors","title":"SuccessFactors connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-dynamics365FO","title":"Dynamics365 Finance&Operations connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/15-powershell-generic","title":"Building a custom PowerShell connector for OpenIAM"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management","title":"Mail management"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig","title":"System configuration"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/14-psgraph","title":"Microsoft Graph PowerShell connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/16-teams","title":"Microsoft Teams connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/2-powershellconnectorsusage","title":"Using PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/3-powershellconnectorupdate","title":"Updating PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/5-azuread","title":"Entra ID/O365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/6-exchange","title":"Exchange connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/7-azuredevops","title":"Azure DevOps connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/connector-request-template","title":"OpenIAM connector request template"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/9-sqlserver","title":"Microsoft SQL Server connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/8-dynamics365","title":"Dynamics365 connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/2-cssexamples","title":"CSS file examples"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/1-customcss","title":"Creating custom CSS"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/GroovyScriptConnector","title":"Configuring Groovy Script connector"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman","title":"Getting started with Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java","title":"Getting started with Java"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/1-provision-on-date","title":"Provision/Deprovision on date"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/2-access-certification-reminder","title":"Notification reminders for approvers"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python","title":"Getting started with Python"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/2-rbacmodel","title":"Access control model"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/1-usermodel","title":"User data model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/approver-association","title":"/webconsole - approver-association"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-right","title":"/webconsole - access-right"}}},{"node":{"fields":{"slug":"/developerguide/8-api/audit-log","title":"/webconsole - audit-log"}}},{"node":{"fields":{"slug":"/developerguide/8-api/authentication-grouping","title":"/webconsole - authentication-grouping"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-certification","title":"/webconsole - access-certification"}}},{"node":{"fields":{"slug":"/developerguide/8-api/batch","title":"/webconsole - batch"}}},{"node":{"fields":{"slug":"/developerguide/8-api/auth-provider","title":"/webconsole - auth-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/challenge-response","title":"/webconsole - challenge-response"}}},{"node":{"fields":{"slug":"/developerguide/8-api/connector","title":"/webconsole - connector"}}},{"node":{"fields":{"slug":"/developerguide/8-api/groovy-manager","title":"/webconsole - groovy-manager"}}},{"node":{"fields":{"slug":"/developerguide/8-api/content-provider","title":"/webconsole - content-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/email","title":"/webconsole - email"}}},{"node":{"fields":{"slug":"/developerguide/8-api/field","title":"/webconsole - field"}}},{"node":{"fields":{"slug":"/developerguide/8-api/group","title":"/webconsole - group"}}},{"node":{"fields":{"slug":"/developerguide/8-api/it-policy","title":"/webconsole - it-policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-oauth","title":"/idp - idp-oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/elastic-search","title":"/webconsole - elastic-search"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-rest","title":"/idp - idp-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/managed-system","title":"/webconsole - managed-system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/menu","title":"/webconsole - menu"}}},{"node":{"fields":{"slug":"/developerguide/8-api/metadata","title":"/webconsole - metadata"}}},{"node":{"fields":{"slug":"/developerguide/8-api/oauth","title":"/webconsole - oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization-type","title":"/webconsole - organization-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization","title":"/webconsole - organization"}}},{"node":{"fields":{"slug":"/developerguide/8-api/page-template","title":"/webconsole - page-template"}}},{"node":{"fields":{"slug":"/developerguide/8-api/property-value","title":"/webconsole - property-value"}}},{"node":{"fields":{"slug":"/developerguide/8-api/policy","title":"/webconsole - policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource-type","title":"/webconsole - resource-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/report","title":"/webconsole - report"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource","title":"/webconsole - resource"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-config","title":"/webconsole - sync-config"}}},{"node":{"fields":{"slug":"/developerguide/8-api/role","title":"/webconsole - role"}}},{"node":{"fields":{"slug":"/developerguide/8-api/system","title":"/webconsole - system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-rest","title":"/webconsole - sync-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/ui-theme","title":"/webconsole - ui-theme"}}},{"node":{"fields":{"slug":"/developerguide/8-api/uri-pattern","title":"/webconsole - uri-pattern"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov","title":"Automated provisioning Scripts"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import","title":"Import from application"}}},{"node":{"fields":{"slug":"/developerguide/8-api/user","title":"/webconsole - user"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/3-importing_groups","title":"Importing groups from application"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/4-relations-with-manager","title":"Populating a manager"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/1-forgotpassword","title":"Forgot password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/3-changepassword","title":"Updating your password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/2-updateprofile","title":"Updating user profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/4-outofoffice","title":"Out of office assistant"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/5-forgotusername","title":"Forgot username"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/6-updatesecquestions","title":"Updating security questions"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/10-positionchange","title":"Position change request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/1-servicecatalog","title":"Requesting access via catalog"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/11-accessprofiles","title":"Access profiles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/2-jobprofile","title":"Requesting access from profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/5-approverequest","title":"Approving requests"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/6-requestadministration","title":"Request administration"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/12-bulkupload","title":"Uploading users in bulk"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/7-requesthistory","title":"Requests history"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/8-newgroup","title":"Creating a group request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/9-newuser","title":"Creating a new user"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/1-viewmyaccess","title":"View my access"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/3-UAR-in-Self-Service","title":"User access review module in SelfService"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/1-designrole","title":"Designing business roles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/2-directreports","title":"View direct reports"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/2-openiam-access-role","title":"Designing access roles"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/3-connector-planning","title":"Connector requirements"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial","title":"Automated provisioning tutorial"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/1-jml","title":"Joiners, movers, leavers processes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect","title":"Deploying and registering connectors"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements","title":"Importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements","title":"Importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode","title":"Single VM Install"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/12-migrating-onpremises-to-cloud","title":"Migrating OpenIAM from on-premises installation to a cloud-based infrastructure"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/11-configuration-options","title":"Configuration options in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/10-ha-rpm","title":"High availability (HA) deployment using RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/2-rproxy","title":"r-Proxy installation in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/4-backup","title":"RPM backup / recovery"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports","title":"Deployment architecture in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-migrating-non-production-to-production-environment","title":"Migrating non-production to production environment in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB","title":"Installing OpenIAM with a remote database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/8-ssl","title":"Configuring HTTPS in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/9-rabbitssl","title":"Enable TLS for RabbitMQ in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/2-Configuration-options","title":"Configuration options in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading","title":"Upgrading OpenIAM in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/1-https","title":"Configuring HTTPS on Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading","title":"Upgrading OpenIAM in Docker environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/6-externalDB","title":"Installing OpenIAM with a remote database in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/5-docker-swarm-backup","title":"Backup / restore in Docker Swarm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/1-ssl","title":"Configuring HTTPS in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/11-common-scenario","title":"Installing OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/12-vault-migration-fromRPM-toK8","title":"Migration of Vault from RPM-based cluster to Kubernetes-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/10-backup-and-restoration","title":"Backup and restoration procedure in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/3-depl-without-terraform","title":"Deploying OpenIAM on Kubernetes using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/4-RabbitMQ-TLS","title":"RabbitMQ TLS directory in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/4-YAML-files","title":"Docker YAML files"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms","title":"Kubernetes Platforms"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/2-deployment-with-terraform","title":"Deploying OpenIAM with Terraform"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading","title":"Upgrading OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/7-useal-keys-restoration","title":"Backing up and restoring the vault unseal keys in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/1-create-cluster","title":"Creating an OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/9-remoteDB","title":"Installing OpenIAM with a remote database in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/2-connect-to-cluster","title":"Connect to OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/3-deploy-OpenIAM-helm","title":"Deploy OpenIAM to OpenShift cluster with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/4-some-descriptions-helm","title":"Memory requirements for OpenShift deployment with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/5-localhost-dev-cluster","title":"Localhost development cluster"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/6-deploy-from-windows","title":"Deploy OpenIAM to OpenShift cluster with Helm (from Windows)"}}},{"node":{"fields":{"slug":"/installation/8-sizing/1-small-k8","title":"Small Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/8-sizing/2-medium-k8","title":"Medium Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/02-hardening","title":"Securing your installation"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/8-AKS_with_ext_MSSQL","title":"Deploying OpenIAM on AKS (Kubernetes) with an external MSSQL database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/01-log4j","title":"Log4j Vulnerability"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/03-db-switch","title":"Change OpenIAM product database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/04-compatibility","title":"Compatibility matrix"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/05-postgres-install","title":"Installing PostgreSQL 15"}}},{"node":{"fields":{"slug":"/installation/9-data_migration/1-migrating_ES_Docker","title":"Verifying and migrating Elasticsearch data in Docker-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/99-miscellaneous/04-compatibility","title":"Compatibility Matrix"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/1-connectorlogs","title":"View container logs"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/3-uninstall","title":"Remove an OpenIAM Docker Install"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/2-containersrestart","title":"Containers Restarting"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/4-troubleshooting-steps","title":"Troubleshooting steps in a container-based cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/disableswap","title":"Disable swap"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/memoryutili","title":"Check memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/redismemory","title":"Redis memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/5-log-checking-guide","title":"Docker log checking guide"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-after-migration","title":"Access problem after migrating OpenIAM"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/activationlink","title":"Error when sending activation link"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/audit-doc-timestamp","title":"Audit document timestamp issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-forbidden","title":"Access Forbidden error"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/auth-manager","title":"Backend exception error when running authentication manager"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/JDBC-connection-pool","title":"Increasing the JDBC connection pool size"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/database-reset","title":"Database reset"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/elasticsearch-readonly-state","title":"Elasticsearch read-only state"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/flyway_version","title":"Flyway version issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/increasing-RAM","title":"Increasing memory for OpenIAM services"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/modifly_system_labels_and_messages","title":"Changing system labels and messages"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/lackof_disk_space","title":"Running out of disk space"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/debug-logs-CassandraJanusGraph","title":"Enabling and disabling debug logs for Cassandra and JanusGraph"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/overriding-app-properties","title":"Overriding UI application properties"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/my-application-page-selfservice","title":"Changing refresh time for My Applications page in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/pad-block-corrupted","title":"PAD Block Corrupted"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/remove-navigation-bar","title":"Removing menu items from top navigation bar"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/report-generation-issue","title":"Error during report generating in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/failed-dependencies","title":"Failed dependencies"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/run_flyway_repair_mode","title":"Run Flyway in repair mode"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/resetting_passwords","title":"Resetting passwords"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/trobleshooting_guide","title":"Troubleshooting guide for RPM"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors/sync-vs-async-source","title":"Synchronous vs. asynchronous synchronization source for connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/username_in_selfservice","title":"Username not shown in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/1-rabbitmq-reinit","title":"RabbitMQ cluster went out of order"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/unlocksysadmin","title":"Unlock sysadmin"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/2-rabbitmq-UI","title":"RabbitMQ is not reached from UI in RPM installations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/1-userpage","title":"Configuring user page templates"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/3-Rabbitmq-connection-timeout","title":"RabbitMQ  connection timeout issue"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/4-customtemplates","title":"Custom form templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/2-customuserpage","title":"Creating more custom user edit pages"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/1-system","title":"System tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/3-UI","title":"UI tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/2-regex-validation","title":"Validation regular expressions"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/4-workflow","title":"Workflow tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/5-organization-tab","title":"Organization tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/6-password","title":"Password tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/7-authentication","title":"Authentication tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/8-auditeventstosyslog","title":"Exporting audit events to syslogs"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/1-emailtemplates","title":"Email templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/3-multilanguagemail","title":"Multilanguage emails"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/2-smtpconfig","title":"Mailbox Configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/9-health-checks","title":"Configuring health checks for managed systems"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/4-mail-via-azure","title":"Mailbox configuration via Azure application"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/5-alert-notifications","title":"Configuring alert notifications"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/6-email-template-variables","title":"Email template variables reference"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/1-googlesociallogin","title":"Google Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/2-facebooksociallogin","title":"Facebook Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/3-linkedinsociallogin","title":"LinkedIn Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/4-appleidsociallogin","title":"AppleID Social Login"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/2-adminaccess","title":"Admin access role"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/3-FAQ","title":"FAQs about menus and their use"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/1-enduseraccess","title":"End-user access roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/4-Config-Lhand-menu-SS-MyInfo","title":"Configurable left-hand menu in SelfService 'My Info' page"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/1-role-types","title":"Types of roles existing in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/2-createrole","title":"Create role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/3-findrole","title":"Finding an existing role"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups/1-create-group","title":"Creating a group"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications/1-reg-applications","title":"Register applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/5-importingroles","title":"Importing roles"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config/1-prepost-processor","title":"Pre/PostProcessor"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml/1-jit-provisioning","title":"Just-in-time Provisioning"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2/1-Auth-code-grand","title":"Authorization code grant type"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/2-winlocalv5","title":"Version 5"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/1-winlocalv4","title":"Version 4"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/1-createauthprovider","title":"Create OpenIAM Provider for Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/2-postmanconfig","title":"Create Postman collection"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/4-JWT-tokens","title":"Getting started with JWT tokens in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/3-add-request","title":"Define an API request in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/5-postman-links","title":"Postman API documentation links"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/6-example","title":"Client credentials flow with a defined scope in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/2-grantinguathz","title":"Granting authorization to the API with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/3-api-call-examples","title":"API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/5-object-oriented-impl-example","title":"Object oriented implementation for REST API in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/4-enabling-disabling-user","title":"Enabling/Disabling a user with API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/6-OTP-verification","title":"OTP Verification in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/1-createauthprovider","title":"Create OpenIAM oAuth provider in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/1-createauthprovider","title":"Create OpenIAM Provider"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/2-grantauthz","title":"Granting authorization to the API with Java"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov/1-newhires","title":"New hires"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/3-azuread","title":"Entra ID"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/6-importroles","title":"Import Roles"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/1-provisioningCSV","title":"Creating a synchronization configuration for the source"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/3-creating-searching-users","title":"Creating and searching a user with API call in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/4-calls-examples","title":"API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/2-policymap","title":"Policy map"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/5-enabling-disabling-users","title":"Enabling/Disabling a user with API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/4-birthright","title":"New hire"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/5-transfer","title":"Transfer"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/3-creatingrole","title":"Creating role"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/6-termination","title":"Terminations"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/2-rpm","title":"Connectors via RPM"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/3-docker","title":" Connectors via Docker"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/4-k8","title":" Connectors via Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/3-troubleshooting","title":"Troubleshooting"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/1-config-synch","title":"Configuring synchronization for importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/3-common-questions","title":"Common questions"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/1-rpm-with-internet","title":"Installation with Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/2-rpm-no-internet","title":"Installation without Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/3-nonroot-partition","title":"Installing OpenIAM on a non-root partition"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/1-one-node","title":"Single node deployment"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch","title":"Configuring synchronization for importing entitlements"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/2-three-node","title":"Three node cluster"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/1-databasemigration","title":"Database migration from version 3.X to 4.X"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-4-2","title":"Upgrading OpenIAM to v.2026.4.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/3-upgradingto-42111","title":"Upgrading from versions 4.2.1.9-4.2.1.10 to version 4.2.1.11 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/2-upgradingto-42110","title":"Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-migrating-index-data","title":"Migration of index data from older ElasticSearch versions to newer one"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-upgradingto-42112","title":"Upgrading from versions 4.2.1.x to version 4.2.1.12 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-infrastructure_upgrade","title":"Infrastructure upgrade"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-upgradingto-42115","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/6-infra-upgrade-42113","title":"Infrastructure upgrade in v4.2.1.13"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrade2026.5.2","title":"Upgrading notes for v.2026.5.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/7-upgradingto-422","title":"Upgrading OpenIAM from versions 4.2.1.x to 4.2.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-2-1","title":"Upgrading OpenIAM to v.2026.2.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-1","title":"Upgrading OpenIAM to v.2026.3.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-2","title":"Upgrading OpenIAM to v.2026.3.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/9-422-changes","title":"Known issues related to upgrading from 4.2.1.x to 2026.4.1 version"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/1-oracle","title":"Installing OpenIAM with a remote Oracle database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/2-postgres","title":"Installing OpenIAM with a remote Postgres database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/1-upgrade-4219","title":"Upgrade from version 4.2.1.5-4.2.1.8 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/3-MSSQL","title":"Installing OpenIAM with a remote MSSQL database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/2-upgrade-42110","title":"Upgrade from version 4.2.1.9 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/4-upgrade-42115","title":"Upgrade from version 4.2.1.x to version 4.2.1.15 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/3-upgrade-42113k8-rabbitmq","title":"Upgrading from version below 4.2.1.8 to version 4.2.1.13 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/4-upgrade-42115k8","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/3-upgrade-42111","title":"Upgrade from version 4.2.1.10 to version 4.2.1.11 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/5-upgrade-42112k8","title":"Upgrading from version 4.2.1.x to version 4.2.1.12 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/7-upg-notes20206.5.2","title":"Upgrading notes for v.2026.5.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/6-upgrade-422k8","title":"Upgrading from version 4.2.1.x to version 4.2.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/2-aws","title":"AWS Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/3-helm","title":"Private Kubernetes Cluster using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/4-azure","title":"Azure Kubernetes Guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/1-ldapvalidation","title":"Synchronization Validation Script"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/1-gce","title":"GCE Kubernetes guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/2-ldapsynchusers","title":"LDAP User Synchronization Script"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/3-ldapattributeslists","title":"LDAP Attribute list for User Synchronization"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/1-ADgroup-transformation","title":"Sample transformation script for AD groups"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/3-ADtransformation-usergroup","title":"Sample transformation script for AD users and group memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/2-csv-transformation","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/4-csv-users-entitlements","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.2","title":"Release 4.2.2"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/4-adpowershell","title":"Active Directory PowerShell connector"}}},{"node":{"fields":{"slug":"/appendix/5-message_en_file","title":"Message properties"}}}]}},"pageContext":{"id":"6802e22d-934c-516a-8a40-3555a1557299"}},
    "staticQueryHashes": ["2619113677","3706406642","417421954"]}