rest - Microsoft Graph 登录审核日志 API:对于某些登录,内部用户显示为访客用户类型
问题描述
我正在使用 MS Graph 登录 REST API 来检索来宾用户登录我的租户。但是我已经检索到某些登录,这些登录在用户类型属性中将内部用户显示为访客。另外吸收的 HomeTenantId 和 ResourceTenantId 也不同。
某些时候,登录到 Azure AD 门户时,之前登录的租户的目录会登录。在这种情况下,TenantId 可能不同,并且 userType 属性显示为 Guest。但是对于 SharePoint,我不确定用户类型 guest
这有点令人困惑。关于内部用户为何显示为访客用户的任何想法
请求:https ://graph.microsoft.com/beta/auditLogs/signIns
示例响应:
{ "id": "$$$$$$",
"createdDateTime": "2021-08-29T10:22:06Z",
"userDisplayName": "user",
"userPrincipalName": "user@cortana.onmicrosoft.com",
"userId": "$$$$$",
"appId": "08e18876-6177-487e-b8b5-cf950c1e598c",
"appDisplayName": "SharePoint Online Web Client Extensibility",
"ipAddress": "$$$$$$",
"ipAddressFromResourceProvider": null,
"clientAppUsed": "",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36",
"correlationId": "*********",
"conditionalAccessStatus": "notApplied",
"originalRequestId": "",
"isInteractive": true,
"tokenIssuerName": "",
"tokenIssuerType": "AzureAD",
"processingTimeInMilliseconds": 173,
"riskDetail": "none",
"riskLevelAggregated": "none",
"riskLevelDuringSignIn": "none",
"riskState": "none",
"riskEventTypes": [],
"riskEventTypes_v2": [],
"resourceDisplayName": "Office 365 SharePoint Online",
"resourceId": "$$$$$$$",
"resourceTenantId": "$$$$$$$$$",
"homeTenantId": "#########",
"authenticationMethodsUsed": [],
"authenticationRequirement": "singleFactorAuthentication",
"alternateSignInName": "", "signInIdentifier": "",
"signInIdentifierType": null,
"servicePrincipalName": null,
"signInEventTypes": ["interactiveUser"],
"servicePrincipalId": "",
"userType": "guest",
"flaggedForReview": false,
"isTenantRestricted": false,
"autonomousSystemNumber": 45609,
"crossTenantAccessType": "b2bCollaboration",
"servicePrincipalCredentialKeyId": null,
"servicePrincipalCredentialThumbprint": "",
"mfaDetail": null,
"status": {
"errorCode": 0,
"failureReason": "Other.",
"additionalDetails": null },
"deviceDetail": {
"deviceId": "",
"displayName": "",
"operatingSystem": "Windows 10",
"browser": "Chrome 92.0.4515",
"isCompliant": false,
"isManaged": false,
"trustType": ""
}, "location": {
"city": "Kallimandayam",
"state": "Tamil Nadu",
"countryOrRegion": "IN",
"geoCoordinates": {
"altitude": null,
"latitude": "",
"longitude": ""
}}, "appliedConditionalAccessPolicies": [],
"authenticationProcessingDetails": [{
"key": "Login Hint Present",
"value": "True" },
{
"key": "User certificate authentication level",
"value": "singleFactorAuthentication" } ],
"networkLocationDetails": [],
"authenticationDetails": [],
"authenticationRequirementPolicies": [],
"sessionLifetimePolicies": [],
"privateLinkDetails": {
"policyId": "",
"policyName": "",
"resourceId": "",
"policyTenantId": "" } }
解决方案
这是设计。这是一种预期的行为,考虑到当用户访问用户是来宾(邀请租户)的租户时,您也将在您的身边登录此身份验证。当用户作为访客被邀请到另一个目录时,用户将使用其主租户的凭据进行身份验证,如下面的链接中所述。
参考 - 身份验证由来宾用户的身份提供者执行 - https://docs.microsoft.com/en-us/azure/active-directory/external-identities/user-properties
推荐阅读
- python - 我需要解释的 Python 代码
- javascript - 使用 jQuery 的 mdc-tab-bar 中的活动选项卡导航
- javascript - node.js 中的相互依赖包含导致空对象
- mysql - JDBC 无法建立与 jdbc:mysql:// 的连接
- eclipse-rcp - E4 RCP NoClassDefFoundError
- autodesk-forge - Forge 查看器 6.3.4 版不显示新发布的文档浏览器扩展
- angular - Angular 5:用于多个电子邮件字段验证的 BehaviourSubject
- c# - 使用通用接口实现工厂
- mysql - 如何执行 SELECT SUM(a) FROM b WHERE c=(查询多个结果)
- java - 如何从 Cucumber 报告中获取值