I'm trying to automate approval/denial of requests for groups in the Azure Portal using the C# and preferably leveraging MS Grap package. I've had great success for roles using a previous answer on SO, as well as documentation from MS themselves. Although the same page is available for Groups it doesn't have the http requests to go along.
I did look around the following endpoint using Graph Explorer to no avail.
identityGovernance/privilegedAccess/group/assignmentScheduleRequests
My currently working approach for roles looks like this
PATCH
https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentApprovals/{approvalId}/steps/{approvalStepId}
{
"reviewResult": "Approve",
"justification": "Approval Message"
}
I'm listing current requests like this, receiving a FilterByCurrentUserWithOnGetResponse
GraphClient.IdentityGovernance.PrivilegedAccess.Group.AssignmentScheduleRequests
.FilterByCurrentUserWithOn("approver")
.GetAsFilterByCurrentUserWithOnGetResponseAsync((config) =>
{
config.QueryParameters.Expand = ["group", "principal"];
});
Any idea what the approval request would look like after that? Or tip on where I can get the right documentation?
I'll answer my own question if anyone needs this in the future.
Same as the documentation for roles but using this path
https://graph.microsoft.com/beta/identityGovernance/privilegedAccess/group/assignmentApprovals/approval-id/steps/step-id
{
"reviewResult": "Approve",
"justification": "Jusitication"
}
ApprovalStep body = new ApprovalStep()
{
ReviewResult = "Approve",
Justification = "Justification",
};
await GraphClientBeta.IdentityGovernance.PrivilegedAccess.Group.AssignmentApprovals[approvalId].Steps[stepId].PatchAsync(body);