[Crate Enhancement] Support for Entra Access Packages in M365 Onboard and Offboard Crates | Voters

[Crate Enhancement] Support for Entra Access Packages in M365 Onboard and Offboard Crates

Tangerine Albatross

Entra Access Packages are an M365 feature that essentially bundles together M365 resources into a single assignable object that users can then be assigned.
https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-overview#what-are-access-packages-and-what-resources-can-i-manage-with-them
Essentially all groups, SharePoint sites, enterprise applications and other things all get applied to the users account when they are assigned to the Access Package. Then when offboarding the user, you remove the Access Package, and they are removed from all of those resources.
Would involve at least 2 Graph calls, one to list the available Access Packages which I imagine could be an option generator. Then another to assign the userID that we would already have to the Access Package(s) that have been selected.
That endpoint for listing would be a GET to here: https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackages
Then the Add would be a POST to here: https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentRequests

3 days ago

Promising Jaguar

This would be super helpful for RBAC and Access Reviews! We have clients that are setup this way and would solve us the headache of building this out!