Using a Service Principal to get all Entra ID Group Members into JSON File using a Python Notebook
Using a Service Principal to get all Entra ID Group Members into JSON File using a Python Notebook
Sometimes it is useful to get all Group Members into a JSON file so that this could be used for reporting purposes.
Reference Notebook: Get Entra ID Group Members – Power BI
In the steps below I will show you how I did this using a Notebook.
The first part is where I needed to setup and configure the Service Principal Permissions.
The second part is where I am using my Notebook to query and extract the data to a JSON file in my Lakehouse.
Service Principal Permissions
I am using my existing Power BI Service Principal, where I will then add the permissions required to query Entra ID Group and group members.
NOTE: To complete the steps below I had to log in with Admin permissions in Azure to grant the required permissions.
- I logged into the Azure Portal, then went into my Service Principal permissions.
- I then clicked on API Permissions.
- I then clicked on Add a permission
- Next, I clicked on Microsoft Graph and selected Delegated permissions
- I then selected the following API permissions as shown below.
- NOTE: You can search for the permissions.
- Which were
- Group.Read.All
- GroupMember.Read.All
- User.Read.All
- I then had to click on the Grant admin consent for fourmoo.com
- Once that was completed, I could then see my permissions were successfully granted
Next, I had to grant permission for my service principal to get the Directory Readers role.
NOTE: If this role is not added the later steps will fail due to not having enough privileges.
- In Entra ID click on “Role and administrators”
- Then search for and select “Directory Readers”
- Then click on Add assignments
- As in my example, when I looked at the list of users I could not see my service principal. I had to search for it as shown below.
- I then clicked on Add.
- Once completed I could then see it in the Directory Readers role
Python Code to get all group members from all groups
The code below was created by ChatGPT, where I modified it to save the JSON file into my Lakehouse Files section.
I am going to explain the pieces of code I think are important below.
I will also have a link to the notebook where you can download the notebook to run in your own Fabric environment.
Fabric/BLOG – Entra ID All Group Members.ipynb at main · GilbertQue/Fabric (github.com)
- The first part is where I am getting the credentials from my Key Vault.
- The next code cell there are 2 area’s where you might want to change.
- LINE 60:
- Here I wanted to add the jobTitle and companyName attributes from Entra ID so I added them in.
- LINE 72:
- This is the location where I wanted to save the JSON file to in my Lakehouse where I created the folder.
This is what it looks like when I run the notebook.
Summary
In this blog post I have shown you how to configure your Service Principal so that it will be able to read the Entra ID Group and associated members. You can then download the JSON file to your Lakehouse, which can be later used for reporting or analysis in your Lakehouse or in a Power BI Sematic Model.
Thanks for reading I hope you found this helpful!
[…] Gilbert Quevauvilliers wants to know who’s in your group: […]