Background:
The Revoke Sign in session via REST API is frequently used in Sentinel playbook. However the template is old and the 'Revoke user session' part could not work. What's more there is some updates about permission the Revoke Sign in Session. In this article, we will share the new way to use logic app to Revoke Sign in Session
Scope:
Preparation:
1. Client Permission:
Reference: user: revokeSignInSessions - Microsoft Graph v1.0 | Microsoft Learn
2. User permission:
Need at least: 'microsoft.directory/users/invalidateAllRefreshTokens' permission, can search in the following reference : Microsoft Entra built-in roles - Microsoft Entra ID | Microsoft Learn
Following are the permission met the request, lowest is 'User Administrator'
Design:
Step 1: Create a client and give 'User.ReadWrite.All' permission.
Step 2: Logic app design
1. Because in this part, we need user name and password to get user token. So we need to use the 'key vault' to protect our password. We can save the password in the key vault and use 'Get secret' to get user password
Can enable 'Security inputs' and 'Security outputs'.
2. We need to use Resource Owner Password Credentials
Scope:
Rest API example
// Line breaks and spaces are for legibility only. This is a public client, so no secret is required.
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
&scope=user.readwrite.all
&username=MyUsername@myTenant.com
&password=SuperS3cret
&grant_type=password
Tenant id and client id:
Example:
3. Use a 'Parse Json' to format output:
4. Use REST API to revoke user sign in session:
Reference:
user: revokeSignInSessions - Microsoft Graph v1.0 | Microsoft Learn
Url: https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/revokeSignInSessions
Example:
Then you can run and test your logic app :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.