Updating the Entra ID using the MyID Core API

3.3 Updating the Entra ID using the MyID Core API

You can update a person's user record in MyID with their Entra ObjectGUID using the MyID Core API.

Assumes that the person's MyID ObjectID is:

A488BFA9-1460-4638-8C22-00DAB3B0F2BC

and that their Entra ObjectGUID is:

C47486E7-DDFE-43A6-9954-BDD1DF6AA743

You can use the following endpoint to update the details for a person:

PATCH /api/People/

By default, MyID uses the XuSYSExternalReferenceId1 field in the vPeopleUserAccounts view to store the person's Entra ObjectGUID.

Note: If you use a different field than XuSYSExternalReferenceId1, you must make sure that you configure the External Entra Reference option in the External Systems workflow to use the appropriate field; see section 3.7.3, Setting up the external system.

To specify this field through the API, use the following payload:

Copy

{
  "externalReferences": {
    "id1": "<entraID>"
  }
}

where <entraID> is the Entra ObjectGUID you want to add to the user's record.

For more information about using the MyID Core API, see the MyID Core API guide.

Once you have linked the person in MyID to the account in Entra, you can request a FIDO device using a credential profile configured for Entra.

The following examples assume your server is on myserver.example.com, and that you have already obtained an access token; <YOUR-TOKEN> is used as a placeholder.

3.3.1 cURL

Copy

curl.exe -X "PATCH" "https://myserver.example.com/rest.core/api/People/A488BFA9-1460-4638-8C22-00DAB3B0F2BC?confirm=false" -H "Authorization: Bearer <YOUR TOKEN>" -H "accept: application/json" -H "x-api-version: 1" -H "Content-Type: application/json" -d "{""externalReferences"": {""id1"" : ""C47486E7-DDFE-43A6-9954-BDD1DF6AA743""}

Note: As in the MyID Operator Client, the standard Edit Person operation is not permitted for PIV applicants. To specify the Edit PIV Applicant operation instead, add &op=200103 to the URL parameters; for example:

Copy

curl.exe -X "PATCH" "https://myserver.example.com/rest.core/api/People/A488BFA9-1460-4638-8C22-00DAB3B0F2BC?confirm=false&op=200103" -H "Authorization: Bearer <YOUR TOKEN>" -H "accept: application/json" -H "x-api-version: 1" -H "Content-Type: application/json" -d "{""externalReferences"": {""id1"" : ""C47486E7-DDFE-43A6-9954-BDD1DF6AA743""}}"

3.3.2 Python

Copy

import requests
import json

# Set the server
server = "myserver.example.com"

# Set the ID of the person in the MyID database
personID = "A488BFA9-1460-4638-8C22-00DAB3B0F2BC"

# Set the ID of the person in Entra
entraID = "C47486E7-DDFE-43A6-9954-BDD1DF6AA743"

# Set the access token
token = "<YOUR TOKEN>"

# Build the payload
personData = {
    "externalReferences": {
        "id1": entraID
    }
}

person = json.dumps(personData)

# Call the API
response = requests.patch(
    "https://" + server + "/rest.core/api/People/" + personID + "?confirm=false",
    headers={"Authorization": "Bearer " + token,
            "Content-Type": "application/json",
            "accept": "application/json"}, 
    data=person)

# Display the response
if response.status_code==200:
    returnedData = json.loads(response.text)
    print(returnedData)
else:
    print("An error occurred:")
    returnedData = json.loads(response.text)
    print("Error code: " + returnedData["code"])
    print("Error message: " + returnedData["message"])

Note: As in the MyID Operator Client, the standard Edit Person operation is not permitted for PIV applicants. To specify the Edit PIV Applicant operation instead, add &op=200103 to the URL parameters; for example:

Copy

"https://" + server + "/rest.core/api/People/" + personID + "?confirm=false&op=200103",

3.3.3 PowerShell

Copy

# Set the server
$server = "myserver.example.com"

# Set the ID of the person in the MyID database
$personID = "A488BFA9-1460-4638-8C22-00DAB3B0F2BC"

# Set the ID of the person in Entra
$entraID = "C47486E7-DDFE-43A6-9954-BDD1DF6AA743"

# Get the access token
$token = "<YOUR TOKEN>"

# Build the payload
$certData = "{'externalReferences': {'id1' : '" + $entraID + "'}}"

# Set up the call for the API
$authHeader = @{
    'Content-Type'='application/json'
    'Authorization'="Bearer $token"
    'x-api-version'= '1'
 }
$URI = 'https://' + $server + '/rest.core/api/People/' + $personID + '?confirm=false'
$person  = @{
    Headers =  $authHeader
    Uri = $URI
    Method = "PATCH"
    Body = $certData
}

# Display the response
try {
    $result = Invoke-WebRequest @person | ConvertFrom-Json
    Write-Host $result
}
catch {
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd() | ConvertFrom-Json
    Write-Host "An error occurred:"
    Write-Host "Error code:" $responseBody.code
    Write-Host "Error message:" $responseBody.message
}

Note: As in the MyID Operator Client, the standard Edit Person operation is not permitted for PIV applicants. To specify the Edit PIV Applicant operation instead, add &op=200103 to the URL parameters; for example:

Copy

$URI = 'https://' + $server + '/rest.core/api/People/' + $personID + '?confirm=false&op=200103'