Skip to main content
Question

Validating fact sheet data entry for email and name using Active Directory

  • March 28, 2024
  • 5 replies
  • 175 views
M

Hello Community 😀

Does anyone know how I could possible create a field for a fact sheet that will only allow a validated Active Directory email address and add the name as it appears in Active Directory? Or more specifically  Azure Active Directory?

Thank you!

5 replies

Thomas Schreiner
Forum|alt.badge.img+3

Hi @mcastrigno 

Probably this is what you want: https://docs-eam.leanix.net/docs/scim

M
  • mcastrigno
  • Author
  • Here To Stay
  • March 28, 2024

Thank you, I will take a look.

Thomas Schreiner
Forum|alt.badge.img+3

Sorry, I just realized that you want to validate a field, not a subscription. Validating a field immediately when it’s filled is not possible, but you could add an automation that validates the field against Azure AD / Entra ID and deletes the field content if the e-mail address is invalid.

You can use the FACT_SHEET_FIELD_UPDATED webhook event plus the Microsoft Graph API, which is also what I am doing in LeanIX Automation Platform. I use the AAD e-mail validation a lot, mostly for detecting outdated subscriptions. 

M
  • mcastrigno
  • Author
  • Here To Stay
  • March 28, 2024

That is my lack of appreciation of the difference between the two. I assumed a subscription is part of a fact sheet because when I make a fact sheet query the subscriptions are in it.

In this query I sometimes get subscriptions with null values for lastName and firstName. Also lastName and firstName don’t always match our AAD values for these fields. The goal here is when these applications are created and data entered, that these errors will be prevented.

  allFactSheets(factSheetType:Application) {
    edges {
      node {
        lxState
        id
        name
        ...on Application{
          AuthenticationType
          businessCriticality
          businessCriticalityDescription
          PCIFlag
          PHIFlag
          PIIFlag
          description
          PublicFacing
          lifecycle{
            asString
          }
          release
          Serviceteam

        }
        subscriptions{
          edges{
            node{
              roles{
                name
              }
              user{
                lastName
                firstName
                email
              }
            }
          }
        }
      }
    }
  }
}

 

Thomas Schreiner
Forum|alt.badge.img+3

Ok, I see. Well, from GraphQL perspective you could possibly call it a „field“, whereas if we are talking about LeanIX, I would call them „subscriptions“, as „fields“ are a different type of element, such as text / single select / multiselect fields that are visible in the „fact sheet“ tab.

 One way or the other: If you want to make sure that your subscriptions are valid AAD users, I would recommend you to talk to your LeanIX admins so that they enable SCIM and also set up an automation to validate their subscriptions against AAD to avoid outdated / invalid subscriptions.

Terms & ConditionsCookie settingsAccessibility statement