🔍 Code Extractor

class IdentityGovernance

Maturity: 51

A singleton container class that provides access to Azure Active Directory identity governance features including access reviews, entitlement management, app consent, and terms of use.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/identitygovernance/governance.py
Lines:
12 - 59
Complexity:
moderate

Purpose

This class serves as the main entry point for Azure AD identity governance operations. It inherits from Entity and provides lazy-loaded property accessors to different identity governance subsystems. The class follows a singleton pattern and acts as a container that organizes and exposes various identity governance APIs through specialized sub-resources. It's designed to be used within the Microsoft Graph API context for managing organizational identity governance policies and workflows.

Source Code

class IdentityGovernance(Entity):
    """
    The identity governance singleton is the container for the following Azure Active Directory identity governance
    features that are exposed through the following resources and APIs:

       - Access reviews
       - Entitlement management
       - App consent
       - Terms of use
    """

    @property
    def app_consent(self):
        """
        Container for base resources that expose the app consent request API and features.
        Currently, exposes only the appConsentRequests resource.
        """
        return self.properties.get(
            "appConsent",
            AppConsentApprovalRoute(
                self.context, ResourcePath("appConsent", self.resource_path)
            ),
        )

    @property
    def access_reviews(self):
        """
        Container for the base resources that expose the access reviews API and features.
        """
        return self.properties.get(
            "accessReviews",
            AccessReviewSet(
                self.context, ResourcePath("accessReviews", self.resource_path)
            ),
        )

    @property
    def terms_of_use(self):
        """
        Container for the resources that expose the terms of use API and its features, including agreements
        and agreementAcceptances.
        """
        return self.properties.get(
            "termsOfUse",
            TermsOfUseContainer(
                self.context, ResourcePath("termsOfUse", self.resource_path)
            ),
        )

Parameters

Name Type Default Kind
bases Entity -

Parameter Details

context: Inherited from Entity base class. The execution context containing authentication and connection information for Microsoft Graph API calls.

resource_path: Inherited from Entity base class. The ResourcePath object representing the API endpoint path for this identity governance resource.

Return Value

Instantiation returns an IdentityGovernance object that provides access to identity governance features. The property methods return specialized resource objects: app_consent returns AppConsentApprovalRoute, access_reviews returns AccessReviewSet, and terms_of_use returns TermsOfUseContainer. These are lazily initialized and cached in the properties dictionary.

Class Interface

Methods

@property app_consent(self) -> AppConsentApprovalRoute property

Purpose: Provides access to the app consent approval route container, which exposes app consent request APIs and features

Returns: AppConsentApprovalRoute object that provides access to app consent requests and related operations. The object is lazily initialized and cached in the properties dictionary.

@property access_reviews(self) -> AccessReviewSet property

Purpose: Provides access to the access reviews container, which exposes access review APIs and features for reviewing and managing access to resources

Returns: AccessReviewSet object that provides access to access review definitions, instances, and related operations. The object is lazily initialized and cached in the properties dictionary.

@property terms_of_use(self) -> TermsOfUseContainer property

Purpose: Provides access to the terms of use container, which exposes APIs for managing agreements and agreement acceptances

Returns: TermsOfUseContainer object that provides access to agreements, agreement acceptances, and related operations. The object is lazily initialized and cached in the properties dictionary.

Attributes

Name Type Description Scope
context ClientContext Inherited from Entity. Contains the execution context with authentication and connection information for API calls instance
resource_path ResourcePath Inherited from Entity. Represents the API endpoint path for this identity governance resource instance
properties dict Inherited from Entity. Dictionary that caches lazily-loaded property objects like app_consent, access_reviews, and terms_of_use instance

Dependencies

  • office365

Required Imports

from office365.directory.identitygovernance.accessreview.set import AccessReviewSet
from office365.directory.identitygovernance.appconsent.approval_route import AppConsentApprovalRoute
from office365.directory.identitygovernance.termsofuse.container import TermsOfUseContainer
from office365.entity import Entity
from office365.runtime.paths.resource_path import ResourcePath

Usage Example

# Assuming you have a configured GraphClient instance
from office365.graph_client import GraphClient

# Initialize the client with credentials
client = GraphClient.with_credentials('tenant_id', 'client_id', 'client_secret')

# Access the identity governance singleton
identity_gov = client.identity_governance

# Access app consent requests
app_consent = identity_gov.app_consent
app_consent_requests = app_consent.user_consent_requests.get().execute_query()

# Access access reviews
access_reviews = identity_gov.access_reviews
review_definitions = access_reviews.definitions.get().execute_query()

# Access terms of use
terms = identity_gov.terms_of_use
agreements = terms.agreements.get().execute_query()

Best Practices

  • This class is designed as a singleton and should be accessed through the GraphClient's identity_governance property rather than instantiated directly
  • Properties are lazily loaded and cached, so repeated access to the same property returns the same instance
  • Ensure proper authentication and permissions are configured before accessing any identity governance features
  • Each property returns a specialized resource object that provides its own set of methods and operations
  • The class inherits from Entity, so it has access to standard entity properties like context and resource_path
  • Always use the execute_query() method after building queries to actually execute the API calls
  • Handle exceptions appropriately as API calls may fail due to permissions, network issues, or invalid requests

Tags

azure-ad identity-governance access-reviews app-consent terms-of-use microsoft-graph singleton entity compliance governance

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class IdentityContainer 70.5% similar

    A container class that serves as the entry point for accessing various External Identities features in Azure Active Directory (Azure AD) and Azure AD B2C tenants.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/identities/container.py

  • class DeviceAppManagement 63.4% similar

    A singleton entity class that serves as a container for device and app management functionality in Microsoft Intune, providing access to managed app registrations.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/intune/devices/app_management.py

  • class TermsOfUseContainer 63.2% similar

    A container class that provides access to Azure Active Directory's terms of use API, exposing relationships for managing agreements and agreement acceptances.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/identitygovernance/termsofuse/container.py

  • class AuthorizationPolicy 62.8% similar

    A singleton class representing Azure Active Directory authorization policy settings that control tenant-level authorization behaviors.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authorization.py

  • class IdentityProtectionRoot 62.5% similar

    Container class for Microsoft Graph identity protection resources, providing access to risk detections and risky users through navigation properties.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/protection/root.py
← Back to Browse