SAP Logo LeanIX is now part of SAP
Question

Validating fact sheet data entry for email and name using Active Directory

  • 28 March 2024
  • 5 replies
  • 55 views

Hello Community 😀

Does anyone know how I could possible create a field for a fact sheet that will only allow a validated Active Directory email address and add the name as it appears in Active Directory? Or more specifically  Azure Active Directory?

Thank you!


5 replies

Userlevel 6
Badge +2

Hi @mcastrigno 

Probably this is what you want: https://docs-eam.leanix.net/docs/scim

Thank you, I will take a look.

Userlevel 6
Badge +2

Sorry, I just realized that you want to validate a field, not a subscription. Validating a field immediately when it’s filled is not possible, but you could add an automation that validates the field against Azure AD / Entra ID and deletes the field content if the e-mail address is invalid.

You can use the FACT_SHEET_FIELD_UPDATED webhook event plus the Microsoft Graph API, which is also what I am doing in LeanIX Automation Platform. I use the AAD e-mail validation a lot, mostly for detecting outdated subscriptions. 

That is my lack of appreciation of the difference between the two. I assumed a subscription is part of a fact sheet because when I make a fact sheet query the subscriptions are in it.

In this query I sometimes get subscriptions with null values for lastName and firstName. Also lastName and firstName don’t always match our AAD values for these fields. The goal here is when these applications are created and data entered, that these errors will be prevented.

  allFactSheets(factSheetType:Application) {
edges {
node {
lxState
id
name
...on Application{
AuthenticationType
businessCriticality
businessCriticalityDescription
PCIFlag
PHIFlag
PIIFlag
description
PublicFacing
lifecycle{
asString
}
release
Serviceteam

}
subscriptions{
edges{
node{
roles{
name
}
user{
lastName
firstName
email
}
}
}
}
}
}
}
}

 

Userlevel 6
Badge +2

Ok, I see. Well, from GraphQL perspective you could possibly call it a „field“, whereas if we are talking about LeanIX, I would call them „subscriptions“, as „fields“ are a different type of element, such as text / single select / multiselect fields that are visible in the „fact sheet“ tab.

 One way or the other: If you want to make sure that your subscriptions are valid AAD users, I would recommend you to talk to your LeanIX admins so that they enable SCIM and also set up an automation to validate their subscriptions against AAD to avoid outdated / invalid subscriptions.

Reply