datahub/metadata-ingestion/docs/sources/azure-ad/README.md

### Extracting DataHub Users

#### Usernames

Usernames serve as unique identifiers for users on DataHub. This connector extracts usernames using the
"userPrincipalName" field of an [Azure AD User Response](https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http#response-1),
which is the unique identifier for your Azure AD users.

If this is not how you wish to map to DataHub usernames, you can provide a custom mapping using the configurations options detailed below. Namely, `azure_ad_response_to_username_attr`
and `azure_ad_response_to_username_regex`.

#### Responses

This connector also extracts basic user response information from Azure. The following fields of the Azure User Response are extracted
and mapped to the DataHub `CorpUserInfo` aspect:

- display name
- first name
- last name
- email
- title
- country

### Extracting DataHub Groups

#### Group Names

Group names serve as unique identifiers for groups on DataHub. This connector extracts group names using the "name" attribute of an Azure Group Response.
By default, a URL-encoded version of the full group name is used as the unique identifier (CorpGroupKey) and the raw "name" attribute is mapped
as the display name that will appear in DataHub's UI.

If this is not how you wish to map to DataHub group names, you can provide a custom mapping using the configurations options detailed below. Namely, `azure_ad_response_to_groupname_attr`
and `azure_ad_response_to_groupname_regex`.

#### Responses

This connector also extracts basic group information from Azure. The following fields of the [Azure AD Group Response](https://docs.microsoft.com/en-us/graph/api/group-list?view=graph-rest-1.0&tabs=http#response-1) are extracted and mapped to the
DataHub `CorpGroupInfo` aspect:

- name
- description

### Extracting Group Membership

This connector additional extracts the edges between Users and Groups that are stored in [Azure AD](https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http#response-1). It maps them to the `GroupMembership` aspect
associated with DataHub users (CorpUsers). Today this has the unfortunate side effect of **overwriting** any Group Membership information that
was created outside of the connector. That means if you've used the DataHub REST API to assign users to groups, this information will be overridden
when the Azure AD Source is executed. If you intend to _always_ pull users, groups, and their relationships from your Identity Provider, then
this should not matter.

This is a known limitation in our data model that is being tracked by [this ticket](https://github.com/datahub-project/datahub/issues/3065).
feat(ingest): docs - overhaul source connector docs to make it code driven (#4798) Co-authored-by: MugdhaHardikar-GSLab <mugdha.hardikar@gslab.com> 2022-05-02 00:18:15 -07:00			`### Extracting DataHub Users`

			`#### Usernames`

ci(graphql,workflows): Format .md, .graphql, and workflow .yml files via prettier (#13220) 2025-04-16 16:55:51 -07:00			`Usernames serve as unique identifiers for users on DataHub. This connector extracts usernames using the`
feat(ingest): docs - overhaul source connector docs to make it code driven (#4798) Co-authored-by: MugdhaHardikar-GSLab <mugdha.hardikar@gslab.com> 2022-05-02 00:18:15 -07:00			`"userPrincipalName" field of an [Azure AD User Response](https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http#response-1),`
			`which is the unique identifier for your Azure AD users.`

ci(graphql,workflows): Format .md, .graphql, and workflow .yml files via prettier (#13220) 2025-04-16 16:55:51 -07:00			If this is not how you wish to map to DataHub usernames, you can provide a custom mapping using the configurations options detailed below. Namely, `azure_ad_response_to_username_attr`
			and `azure_ad_response_to_username_regex`.
feat(ingest): docs - overhaul source connector docs to make it code driven (#4798) Co-authored-by: MugdhaHardikar-GSLab <mugdha.hardikar@gslab.com> 2022-05-02 00:18:15 -07:00
			`#### Responses`

			`This connector also extracts basic user response information from Azure. The following fields of the Azure User Response are extracted`
			and mapped to the DataHub `CorpUserInfo` aspect:

ci(graphql,workflows): Format .md, .graphql, and workflow .yml files via prettier (#13220) 2025-04-16 16:55:51 -07:00			`- display name`
feat(ingest): docs - overhaul source connector docs to make it code driven (#4798) Co-authored-by: MugdhaHardikar-GSLab <mugdha.hardikar@gslab.com> 2022-05-02 00:18:15 -07:00			`- first name`
			`- last name`
			`- email`
			`- title`
			`- country`

			`### Extracting DataHub Groups`

			`#### Group Names`

			`Group names serve as unique identifiers for groups on DataHub. This connector extracts group names using the "name" attribute of an Azure Group Response.`
			`By default, a URL-encoded version of the full group name is used as the unique identifier (CorpGroupKey) and the raw "name" attribute is mapped`
ci(graphql,workflows): Format .md, .graphql, and workflow .yml files via prettier (#13220) 2025-04-16 16:55:51 -07:00			`as the display name that will appear in DataHub's UI.`
feat(ingest): docs - overhaul source connector docs to make it code driven (#4798) Co-authored-by: MugdhaHardikar-GSLab <mugdha.hardikar@gslab.com> 2022-05-02 00:18:15 -07:00
			If this is not how you wish to map to DataHub group names, you can provide a custom mapping using the configurations options detailed below. Namely, `azure_ad_response_to_groupname_attr`
			and `azure_ad_response_to_groupname_regex`.

ci(graphql,workflows): Format .md, .graphql, and workflow .yml files via prettier (#13220) 2025-04-16 16:55:51 -07:00			`#### Responses`
feat(ingest): docs - overhaul source connector docs to make it code driven (#4798) Co-authored-by: MugdhaHardikar-GSLab <mugdha.hardikar@gslab.com> 2022-05-02 00:18:15 -07:00
			`This connector also extracts basic group information from Azure. The following fields of the [Azure AD Group Response](https://docs.microsoft.com/en-us/graph/api/group-list?view=graph-rest-1.0&tabs=http#response-1) are extracted and mapped to the`
			DataHub `CorpGroupInfo` aspect:

			`- name`
			`- description`

			`### Extracting Group Membership`

			This connector additional extracts the edges between Users and Groups that are stored in [Azure AD](https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http#response-1). It maps them to the `GroupMembership` aspect
			`associated with DataHub users (CorpUsers). Today this has the unfortunate side effect of overwriting any Group Membership information that`
			`was created outside of the connector. That means if you've used the DataHub REST API to assign users to groups, this information will be overridden`
ci(graphql,workflows): Format .md, .graphql, and workflow .yml files via prettier (#13220) 2025-04-16 16:55:51 -07:00			`when the Azure AD Source is executed. If you intend to _always_ pull users, groups, and their relationships from your Identity Provider, then`
			`this should not matter.`
feat(ingest): docs - overhaul source connector docs to make it code driven (#4798) Co-authored-by: MugdhaHardikar-GSLab <mugdha.hardikar@gslab.com> 2022-05-02 00:18:15 -07:00
ci(graphql,workflows): Format .md, .graphql, and workflow .yml files via prettier (#13220) 2025-04-16 16:55:51 -07:00			`This is a known limitation in our data model that is being tracked by [this ticket](https://github.com/datahub-project/datahub/issues/3065).`