为内置生命周期工作流任务配置参数
借助 Microsoft Graph 中的生命周期工作流 API,可以在三个级别为用户自动执行基本生命周期流程:Joiner、Leaver 和 Mover。 工作流的核心是表示触发工作流时自动运行的特定操作 的任务 。
Microsoft Graph 支持 24 个内置任务 ,可用于创建自定义工作流。 每个任务都有一组允许用于该任务的参数。 例如,为用户生成临时访问传递 (TAP) 的任务允许你配置 TAP 的生存期以及用户是否可以重复使用它。 要将用户添加到组的任务要求指定要向其添加用户的组。 此配置是在任务的 参数 属性上进行的。
本文提供有关生命周期工作流中任务参数属性的允许配置的指导。
为任务配置参数
| 任务显示名称 | taskDefinitionId | 参数 |
|---|---|---|
| 向新员工发送欢迎电子邮件 | 70b29d51-b59a-4773-9280-8841dfd3f2ea |
name: ccvalue:要在电子邮件中抄送的用户的有效用户 ID (String) 。 name: customSubjectvalue:要发送的电子邮件的自定义主题标头。 name: customBodyvalue:自定义电子邮件的正文。 name: localevalue:覆盖电子邮件收件人的语言设置的语言值。 此参数不自定义电子邮件的自定义文本,应使用与自定义文本相同的语言进行设置。 |
| 发送载入提醒电子邮件 | 3C860712-2D37-42A4-928F-5C93935D26A1 |
name: ccvalue:要在电子邮件中抄送的用户的有效用户 ID (String) 。 name: customSubjectvalue:要发送的电子邮件的自定义主题标头。 name: customBodyvalue:自定义电子邮件的正文。 name: localevalue:覆盖电子邮件收件人的语言设置的语言值。 此参数不自定义电子邮件的自定义文本,应使用与自定义文本相同的语言进行设置。 |
| 生成临时访问密码并通过电子邮件发送给用户的经理 | 1b555e50-7f65-41d5-b514-5894a026d10d |
name: tapLifetimeMinutesvalue: 10 upto 43000name: tapIsUsableOncevalue: true 或 false先决条件:
|
| 将用户添加到组 | 22085229-5809-45e8-97fd-270d28d66910 |
name: groupIDvalue:有效的组 ID 或以逗号分隔的组列表,用户作为成员添加到其中。 例如, "06269010-2d8e-48e4-8f0e-33580720c9e1, 06bba22c-775e-42d8-b451-4221af061af0, 182f68db-6513-4e79-9ec2-a7e89a460e7f" |
| 将用户添加到团队 | e440ed8d-25a1-4618-84ce-091ed5be5594 |
name: teamIDvalue:有效的组 ID 或以逗号分隔的团队列表,用户作为成员添加到其中。 例如, "06269010-2d8e-48e4-8f0e-33580720c9e1, 06bba22c-775e-42d8-b451-4221af061af0, 182f68db-6513-4e79-9ec2-a7e89a460e7f" |
| 启用用户帐户 | 6fc52c9d-398b-4305-9763-15f42c1676fc |
name: enableOnPremisesAccountvalue:一个布尔值,指示任务是否启用同步的本地用户帐户。 |
| 运行自定义任务扩展 | 4262b724-8dba-4fad-afc3-43fcbb497a0e | 名字: CustomTaskExtensionIDvalue:自定义任务扩展的 ID |
| (预览版) 向用户分配许可证 | 683c87a4-2ad4-420b-97d4-220d90afcd24 | 名字: licensesvalue:要分配的许可证的 ID |
| 从用户 (预览版中删除所选许可证分配) | 5fc402a8-daaf-4b7b-9203-da868b05fc5f | 名字: licensesvalue:要分配的许可证的 ID |
| 运行自定义任务扩展 | 4262b724-8dba-4fad-afc3-43fcbb497a0e |
name: CustomTaskExtensionIDvalue:自定义任务扩展的 ID |
| 禁用用户帐户 | 1dfdfcc7-52fa-4c2e-bf3a-e3919cc12950 |
name: disableOnPremisesAccountvalue:一个布尔值,指示任务是否禁用同步的本地用户帐户。 |
| 从所选组中删除用户 | 1953a66c-751c-45e5-8bfe-01462c70da3c |
name: groupIDvalue:有效的组 ID 或用户所属的组的逗号分隔列表。 例如, "06269010-2d8e-48e4-8f0e-33580720c9e1, 06bba22c-775e-42d8-b451-4221af061af0, 182f68db-6513-4e79-9ec2-a7e89a460e7f" |
| 从所有组中删除用户 | b3a31406-2a15-4c9a-b25b-a658fa5f07fc | 无 |
| 从团队中删除用户 | 06aa7acb-01af-4824-8899-b14e5ed788d6 |
name: teamIDvalue:用户所属的团队的逗号分隔列表。 例如, "06269010-2d8e-48e4-8f0e-33580720c9e1, 06bba22c-775e-42d8-b451-4221af061af0, 182f68db-6513-4e79-9ec2-a7e89a460e7f" |
| 从所有团队中删除用户 | 81f7b200-2816-4b3b-8c5d-dc556f07b024 | 无 |
| 删除用户的所有许可证分配 | 8fa97d28-3e52-4985-b3a9-a1126f9b8b4e | 无 |
| 删除用户 | 8d18588d-9ad3-4c0f-99d0-ec215f0e3dff |
name: deleteOnPremisesAccountvalue:一个布尔值,指示任务是否删除同步的本地用户帐户。 |
| 发送电子邮件以通知管理员用户移动 | aab41899-9972-422a-9d97-f626014578b7 |
name: ccvalue:要在电子邮件中抄送的用户的有效用户 ID (String) 。 name: customSubjectvalue:要发送的电子邮件的自定义主题标头。 name: customBodyvalue:自定义电子邮件的正文。 name: localevalue:覆盖电子邮件收件人的语言设置的语言值。 不自定义电子邮件的自定义文本,应使用与自定义文本相同的语言进行设置。 |
| 在用户最后一天之前向经理发送电子邮件 | 52853a3e-f4e5-4eb8-bb24-1ac09a1da935 |
name: ccvalue:要在电子邮件中抄送的用户的有效用户 ID (String) 。 name: customSubjectvalue:要发送的电子邮件的自定义主题标头。 name: customBodyvalue:自定义电子邮件的正文。 name: localevalue:覆盖电子邮件收件人的语言设置的语言值。 不自定义电子邮件的自定义文本,应使用与自定义文本相同的语言进行设置。 |
| 在用户上一天发送电子邮件 | 9c0a1eaf-5bda-4392-9d9e-6e155bb57411 |
name: ccvalue:要在电子邮件中抄送的用户的有效用户 ID (String) 。 name: customSubjectvalue:要发送的电子邮件的自定义主题。 name: customBodyvalue:自定义电子邮件的正文。 name: localevalue:覆盖电子邮件收件人的语言设置的语言值。 不自定义电子邮件的自定义文本,应使用与自定义文本相同的语言进行设置。 |
| 在用户最后一天之后向用户经理发送卸载电子邮件 | 6f22ddd4-b3a5-47a4-a846-0d7c201a49ce |
name: ccvalue:要在电子邮件中抄送的用户的有效用户 ID (String) 。 name: customSubjectvalue:要发送的电子邮件的自定义主题标头。 name: customBodyvalue:自定义电子邮件的正文。 name: localevalue:覆盖电子邮件收件人的语言设置的语言值。 不自定义电子邮件的自定义文本,应使用与自定义文本相同的语言进行设置。 |
| 请求用户访问权限包分配 | c1ec1e76-f374-4375-aaa6-0bb6bd4c60be |
name: assignmentPolicyIdvalue:要分配用户的访问包的有效分配策略 ID (String) 。 name: accessPackageIdvalue:要分配给用户的访问包的有效访问包 ID。 |
| 删除用户的访问包分配 | 4a0b64f2-c7ec-46ba-b117-18f262946c50 |
name: accessPackageIdvalue:要从用户取消分配的访问包的有效访问包 ID。 |
| 删除用户的所有访问包分配 | 42ae2956-193d-4f39-be06-691b8ac4fa1d | 无 |
| 取消用户的挂起访问包分配请求 | 498770d9-bab7-4e4c-b73d-5ded82a1d0b3 | 无 |
示例
示例 1:向新员工发送欢迎电子邮件
{
"category": "joiner",
"continueOnError": false,
"description": "Send welcome email to new hire",
"displayName": "Send Welcome Email",
"isEnabled": true,
"taskDefinitionId": "70b29d51-b59a-4773-9280-8841dfd3f2ea",
"arguments": [
{
"name": "cc",
"value": "e94ad2cd-d590-4b39-8e46-bb4f8e293f85,ac17d108-60cd-4eb2-a4b4-084cacda33f2"
},
{
"name": "customSubject",
"value": "Welcome to the organization {{userDisplayName}}!"
},
{
"name": "customBody",
"value": "Welcome to our organization {{userGivenName}} {{userSurname}}.\n\nFor more information, reach out to your manager {{managerDisplayName}} at {{managerEmail}}."
},
{
"name": "locale",
"value": "en-us"
}
]
}
示例 2: (TAP) 生成临时访问密码并将其发送给用户的经理
{
"category": "joiner",
"continueOnError": false,
"description": "Generate Temporary Access Pass and send via email to user's manager",
"displayName": "Generate TAP and Send Email",
"isEnabled": true,
"taskDefinitionId": "1b555e50-7f65-41d5-b514-5894a026d10d",
"arguments": [
{
"name": "tapLifetimeMinutes",
"value": "480"
},
{
"name": "tapIsUsableOnce",
"value": "false"
},
{
"name": "cc",
"value": "068fa0c1-fa00-4f4f-8411-e968d921c3e7,9d208c40-7eb6-46ff-bebd-f30148c39b47"
},
{
"name": "customSubject",
"value": "Temporary access pass for your new employee {{userDisplayName}}"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nPlease find the temporary access pass for your new employee {{userDisplayName}} below:\n\n{{temporaryAccessPass}}\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}
示例 3:将用户添加到组
{
"category": "joiner,leaver",
"description": "Add user to groups",
"displayName": "AddUserToGroup",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "22085229-5809-45e8-97fd-270d28d66910",
"arguments": [
{
"name": "groupID",
"value": "06269010-2d8e-48e4-8f0e-33580720c9e1, 06bba22c-775e-42d8-b451-4221af061af0, 182f68db-6513-4e79-9ec2-a7e89a460e7f"
}
]
}
示例 4:将用户添加到 Teams
{
"category": "joiner,leaver",
"description": "Add user to team",
"displayName": "AddUserToTeam",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "e440ed8d-25a1-4618-84ce-091ed5be5594",
"arguments": [
{
"name": "teamID",
"value": "06269010-2d8e-48e4-8f0e-33580720c9e1, 06bba22c-775e-42d8-b451-4221af061af0, 182f68db-6513-4e79-9ec2-a7e89a460e7f"
}
]
}
示例 5:启用用户帐户
{
"category": "joiner,leaver",
"description": "Enable user account",
"displayName": "EnableUserAccount",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "6fc52c9d-398b-4305-9763-15f42c1676fc",
"arguments": []
}
示例 6:运行自定义任务扩展
{
"category": "joiner,leaver",
"description": "Run a Custom Task Extension to call-out to an external system.",
"displayName": "Run a Custom Task Extension",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "d79d1fcc-16be-490c-a865-f4533b1639ee",
"arguments": [
{
"name": "customTaskExtensionID",
"value": "<ID of your Custom Task Extension>"
}
]
}
示例 7:禁用用户帐户
{
"category": "joiner,leaver",
"description": "Disable user account",
"displayName": "DisableUserAccount",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "1dfdfcc7-52fa-4c2e-bf3a-e3919cc12950",
"arguments": []
}
示例 8:从所选组中删除用户
{
"category": "leaver",
"displayName": "Remove user from selected groups",
"description": "Remove user from membership of selected Azure AD groups",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "1953a66c-751c-45e5-8bfe-01462c70da3c",
"arguments": [
{
"name": "groupID",
"value": "06269010-2d8e-48e4-8f0e-33580720c9e1, 06bba22c-775e-42d8-b451-4221af061af0, 182f68db-6513-4e79-9ec2-a7e89a460e7f"
}
]
}
示例 9:从所有组中删除用户
{
"category": "leaver",
"continueOnError": true,
"displayName": "Remove user from all groups",
"description": "Remove user from all Azure AD groups memberships",
"isEnabled": true,
"taskDefinitionId": "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
"arguments": []
}
示例 10:从所选团队中删除用户
{
"category": "joiner,leaver",
"continueOnError": true,
"displayName": "Remove user from selected Teams",
"description": "Remove user from membership of selected Teams",
"isEnabled": true,
"taskDefinitionId": "06aa7acb-01af-4824-8899-b14e5ed788d6",
"arguments": [
{
"name": "teamID",
"value": "TeamId1, TeamId2, TeamId3, ..."
}
]
}
示例 11:从所有团队中删除用户
{
"category": "leaver",
"continueOnError": true,
"description": "Remove user from all Teams",
"displayName": "Remove user from all Teams memberships",
"isEnabled": true,
"taskDefinitionId": "81f7b200-2816-4b3b-8c5d-dc556f07b024",
"arguments": []
}
示例 12:删除用户的所有许可证分配
{
"category": "leaver",
"continueOnError": true,
"displayName": "Remove all licenses for user",
"description": "Remove all licenses assigned to the user",
"isEnabled": true,
"taskDefinitionId": "8fa97d28-3e52-4985-b3a9-a1126f9b8b4e",
"arguments": []
}
示例 13:删除用户
{
"category": "leaver",
"continueOnError": true,
"displayName": "Delete user account",
"description": "Delete user account in Azure AD",
"isEnabled": true,
"taskDefinitionId": "8d18588d-9ad3-4c0f-99d0-ec215f0e3dff",
"arguments": []
}
示例 14:发送电子邮件以通知经理用户移动
{
"category": "mover",
"continueOnError": false,
"description": "Send email to notify user\u2019s manager of user move",
"displayName": "Send email to notify manager of user move",
"isEnabled": true,
"taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
"arguments": [
{
"name": "cc",
"value": "ac17d108-60cd-4eb2-a4b4-084cacda33f2,7d3ee937-edcc-46b0-9e2c-f832e01231ea"
},
{
"name": "customSubject",
"value": "{{userDisplayName}} has moved"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nwe are reaching out to let you know {{userDisplayName}} has moved in the organization.\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}
示例 15:在用户最后一天之前向经理发送电子邮件
{
"category": "leaver",
"continueOnError": false,
"description": "Send offboarding email to user's manager before the last day of work",
"displayName": "Send email before user's last day",
"isEnabled": true,
"taskDefinitionId": "52853a3e-f4e5-4eb8-bb24-1ac09a1da935",
"arguments": [
{
"name": "cc",
"value": "068fa0c1-fa00-4f4f-8411-e968d921c3e7,e94ad2cd-d590-4b39-8e46-bb4f8e293f85"
},
{
"name": "customSubject",
"value": "Reminder that {{userDisplayName}}'s last day is coming up"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nthis is a reminder that {{userDisplayName}}'s last day is coming up.\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}
示例 16:在用户的最后一天发送电子邮件
{
"category": "leaver",
"continueOnError": false,
"description": "Send offboarding email to user's manager on the last day of work",
"displayName": "Send email on user's last day",
"isEnabled": true,
"taskDefinitionId": "9c0a1eaf-5bda-4392-9d9e-6e155bb57411",
"arguments": [
{
"name": "cc",
"value": "068fa0c1-fa00-4f4f-8411-e968d921c3e7,e94ad2cd-d590-4b39-8e46-bb4f8e293f85"
},
{
"name": "customSubject",
"value": "{{userDisplayName}}'s last day"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nthis is a reminder that {{userDisplayName}}'s last day is today and their access will be revoked.\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}
示例 17:在用户最后一天的工作后,将卸载电子邮件发送给用户的经理
{
"category": "leaver",
"continueOnError": true,
"displayName": "Send offboarding email to user's manager after the last day of work",
"description": "Send email after user's last day",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "6f22ddd4-b3a5-47a4-a846-0d7c201a49ce",
"arguments": []
}
示例 18:请求用户访问权限包分配
{
"category": "joiner,mover",
"continueOnError": false,
"description": "Request user assignment to selected access package",
"displayName": "Request user access package assignment",
"isEnabled": true,
"taskDefinitionId": "c1ec1e76-f374-4375-aaa6-0bb6bd4c60be",
"arguments": [
{
"name": "assignmentPolicyId",
"value": "00d6fd25-6695-4f4a-8186-e4c6f901d2c1"
},
{
"name": "accessPackageId",
"value": "2ae5d6e5-6cbe-4710-82f2-09ef6ffff0d0"
}
]
}
示例 19:删除用户的访问包分配
{
"category": "leaver,mover",
"continueOnError": false,
"description": "Remove user assignment of selected access package",
"displayName": "Remove access package assignment for user",
"isEnabled": true,
"taskDefinitionId": "4a0b64f2-c7ec-46ba-b117-18f262946c50",
"arguments": [
{
"name": "accessPackageId",
"value": "2ae5d6e5-6cbe-4710-82f2-09ef6ffff0d0"
}
]
}
示例 20:删除用户的所有访问包分配
{
"category": "leaver",
"continueOnError": false,
"description": "Remove all access packages assigned to the user",
"displayName": "Remove all access package assignments for user",
"isEnabled": true,
"taskDefinitionId": "42ae2956-193d-4f39-be06-691b8ac4fa1d",
"arguments": []
}
示例 21:取消用户的挂起访问包分配请求
{
"category": "leaver",
"continueOnError": false,
"description": "Cancel all access package assignment requests pending for the user",
"displayName": "Cancel all pending access package assignment requests for user",
"isEnabled": true,
"taskDefinitionId": "498770d9-bab7-4e4c-b73d-5ded82a1d0b3",
"arguments": []
}
示例 22:发送载入提醒电子邮件
{
"category": "joiner",
"continueOnError": false,
"description": "Send onboarding reminder email to user\u2019s manager",
"displayName": "Send onboarding reminder email",
"isEnabled": true,
"taskDefinitionId": "3C860712-2D37-42A4-928F-5C93935D26A1",
"arguments": [
{
"name": "cc",
"value": "e94ad2cd-d590-4b39-8e46-bb4f8e293f85,068fa0c1-fa00-4f4f-8411-e968d921c3e7"
},
{
"name": "customSubject",
"value": "Reminder: {{userDisplayName}} is starting soon"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nthis is a reminder that {{userDisplayName}} is starting soon.\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}