accessPackageAssignmentRequest: resume

Article
03/22/2023
4 minutes to read

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

In Azure AD entitlement management, when an access package policy has been enabled to call out a custom extension and the request processing is waiting for the callback from the customer, the customer can initiate a resume action. It is performed on an accessPackageAssignmentRequest object whose requestStatus is in a WaitingForCallback state.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	EntitlementManagement.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	EntitlementManagement.ReadWrite.All

HTTP request

POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{accessPackageAssignmentRequestId}/resume

Request headers

Name	Description
Authorization	Bearer {token}. Required.
Content-Type	application/json. Required.

Request body

In the request body, supply a JSON representation of the parameters.

The following table shows the parameters that can be used with this action.

Parameter	Type	Description
source	String	Source from where customer is trying to resume the request, which can be stored in service and will be helpful for auditing.
type	String	Indicate at which stage the custom callout extension was executed. The possible values are: `microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated`, `microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestApproved`, `microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestGranted`, `microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestRemoved`
data	accessPackageAssignmentRequestCallbackData	Contains information about the instance of the callout that was made to the customer endpoint.

Response

If successful, this action returns a 204 No Content response code.

Examples

Example 1: Resume an access package assignment request

Request

The following is an example of a call to resume an access package assignment request that's waiting for a callback.

POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/0e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json

{
  "source": "Contoso.SodCheckProcess",
  "type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
  "data": {
    "@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",
    "stage": "assignmentRequestCreated",
    "customExtensionStageInstanceId": "957d0c50-466b-4840-bb5b-c92cea7141ff",
    "customExtensionStageInstanceDetail": "This user is all verified"
  }
}


var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new Microsoft.Graph.Beta.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentRequests.Item.Resume.ResumePostRequestBody
{
	Source = "Contoso.SodCheckProcess",
	Type = "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
	Data = new CustomExtensionData
	{
		OdataType = "microsoft.graph.accessPackageAssignmentRequestCallbackData",
		AdditionalData = new Dictionary<string, object>
		{
			{
				"stage" , "assignmentRequestCreated"
			},
			{
				"customExtensionStageInstanceId" , "957d0c50-466b-4840-bb5b-c92cea7141ff"
			},
			{
				"customExtensionStageInstanceDetail" , "This user is all verified"
			},
		},
	},
};
await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentRequests["{accessPackageAssignmentRequest-id}"].Resume.PostAsync(requestBody);

Important

Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


const options = {
	authProvider,
};

const client = Client.init(options);

const resume = {
  source: 'Contoso.SodCheckProcess',
  type: 'microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated',
  data: {
    '@odata.type': 'microsoft.graph.accessPackageAssignmentRequestCallbackData',
    stage: 'assignmentRequestCreated',
    customExtensionStageInstanceId: '957d0c50-466b-4840-bb5b-c92cea7141ff',
    customExtensionStageInstanceDetail: 'This user is all verified'
  }
};

await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/0e60f18c-b2a0-4887-9da8-da2e30a39d99/resume')
	.version('beta')
	.post(resume);

Important

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

String source = "Contoso.SodCheckProcess";

String type = "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated";

AccessPackageAssignmentRequestCallbackData data = new AccessPackageAssignmentRequestCallbackData();
data.stage = AccessPackageCustomExtensionStage.ASSIGNMENT_REQUEST_CREATED;
data.customExtensionStageInstanceId = "957d0c50-466b-4840-bb5b-c92cea7141ff";
data.customExtensionStageInstanceDetail = "This user is all verified";

graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentRequests("0e60f18c-b2a0-4887-9da8-da2e30a39d99")
	.resume(AccessPackageAssignmentRequestResumeParameterSet
		.newBuilder()
		.withSource(source)
		.withType(type)
		.withData(data)
		.build())
	.buildRequest()
	.post();

Important

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)

requestBody := graphmodels.NewResumePostRequestBody()
source := "Contoso.SodCheckProcess"
requestBody.SetSource(&source) 
type := "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated"
requestBody.SetType(&type) 
data := graphmodels.NewCustomExtensionData()
additionalData := map[string]interface{}{
	"stage" : "assignmentRequestCreated", 
	"customExtensionStageInstanceId" : "957d0c50-466b-4840-bb5b-c92cea7141ff", 
	"customExtensionStageInstanceDetail" : "This user is all verified", 
}
data.SetAdditionalData(additionalData)
requestBody.SetData(data)

graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentRequestsById("accessPackageAssignmentRequest-id").Resume().Post(context.Background(), requestBody, nil)

Important

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new ResumePostRequestBody();
$requestBody->setSource('Contoso.SodCheckProcess');

$requestBody->setType('microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated');

$data = new CustomExtensionData();
$data->set@odatatype('microsoft.graph.accessPackageAssignmentRequestCallbackData');

$additionalData = [
'stage' => 'assignmentRequestCreated', 
'customExtensionStageInstanceId' => '957d0c50-466b-4840-bb5b-c92cea7141ff', 
'customExtensionStageInstanceDetail' => 'This user is all verified', 
];
$data->setAdditionalData($additionalData);



$requestBody->setData($data);


$graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentRequestsById('accessPackageAssignmentRequest-id')->resume()->post($requestBody);

Important

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

The following is an example of the response

HTTP/1.1 204 No Content

Example 2: Resume and deny an access package assignment request

Request

The following is an example to resume the processing of an access package assignment request by denying the request that's waiting for a callback. A request cannot be denied at the assignmentRequestCreated stage of the callout.

POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/9e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json

{
  "source": "Contoso.SodCheckProcess",
  "type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
  "data": {
    "@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",
    "stage": "AssignmentRequestCreated",
    "customExtensionStageInstanceId": "857d0c50-466b-4840-bb5b-c92cea7141ff",
    "state": "denied",
    "customExtensionStageInstanceDetail": "Potential risk user based on the SOD check"
  }
}

Response

The following is an example of the response

HTTP/1.1 204 No Content

accessPackageAssignmentRequest: resume

Permissions

HTTP request

Request headers

Request body

Response

Examples

Example 1: Resume an access package assignment request

Request

Response

Example 2: Resume and deny an access package assignment request

Request

Response

Feedback

Additional resources

Additional resources