Scripts/Create-AzApiManagementUserAccount.ps1
param( [string][Parameter(Mandatory = $true)] $ResourceGroupName = $(throw "Resource group name is required"), [string][parameter(Mandatory = $true)] $ServiceName = $(throw "API management service name is required"), [string][parameter(Mandatory = $true)] $FirstName = $(throw "The first name of the user is required"), [string][parameter(Mandatory = $true)] $LastName = $(throw "The last name of the user is required"), [string][parameter(Mandatory = $true)] $MailAddress = $(throw "The mail-address of the user is required"), [string][parameter(Mandatory = $false)] $UserId = $($MailAddress -replace '\W', '-'), [string][parameter(Mandatory = $false)] $Password, [string][parameter(Mandatory = $false)] $Note, [switch][parameter(Mandatory = $false)] $SendNotification = $false, [string][parameter(Mandatory = $false)][ValidateSet('invite', 'signup')] $ConfirmationType = "invite", [string][parameter(Mandatory = $false)] $ApiVersion = "2021-08-01", [string][parameter(Mandatory = $false)] $SubscriptionId, [string][parameter(Mandatory = $false)] $AccessToken ) $apimContext = Get-AzApiManagement -ResourceGroupName $ResourceGroupName -Name $ServiceName if ($apimContext -eq $null) { throw "Unable to find the Azure API Management service '$ServiceName' in resource group '$ResourceGroupName'" } if ($SubscriptionId -eq "" -or $AccessToken -eq "") { # Request accessToken in case the script contains no records $token = Get-AzCachedAccessToken $AccessToken = $token.AccessToken $SubscriptionId = $token.SubscriptionId } $apimMgmtEndpoint = "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.ApiManagement/service/$ServiceName/users/$($UserId)?notify=$SendNotification&api-version=$ApiVersion" $fullUrl = $apimMgmtEndpoint.Replace('{subscriptionId}', $SubscriptionId) try { if($ConfirmationType -eq 'invite') { Write-Verbose "Attempting to invite $FirstName $LastName ($mailAddress) for Azure API Management service '$ServiceName' in resource group '$ResourceGroupName'" } else { Write-Verbose "Attempting to create account for $FirstName $LastName ($mailAddress) for Azure API Management service '$ServiceName' in resource group '$ResourceGroupName'" } $jsonRequest = ConvertTo-Json -Depth 3 @{ 'properties' = @{ 'firstName' = $FirstName 'lastName' = $LastName 'email' = $MailAddress 'confirmation' = $ConfirmationType 'password' = $Password 'note' = $Note } } $params = @{ Method = 'Put' Headers = @{ 'authorization'="Bearer $AccessToken" } URI = $fullUrl Body = $jsonRequest } $web = Invoke-WebRequest @params -ErrorAction Stop Write-Verbose $web if($ConfirmationType -eq 'invite') { Write-Host "Invitation has been sent to $FirstName $LastName ($mailAddress) for Azure API Management service '$ServiceName' in resource group '$ResourceGroupName'" -ForegroundColor Green } else { Write-Host "Account has been created for $FirstName $LastName ($mailAddress) for Azure API Management service '$ServiceName' in resource group '$ResourceGroupName'" -ForegroundColor Green if($Password -eq $null -or $Password -eq ""){ Write-Warning "Since no password was provided, one has been generated. Please advise the user to change this password the first time logging in for the Azure API Management service '$($ServiceName)' in resource group '$($ResourceGroupName)'" } } return $UserId } catch { Write-Host $_ throw "Failed to create an account for $FirstName $LastName ($MailAddress) for Azure API Management service '$ServiceName' in resource group '$ResourceGroupName'" } |