Microsoft Entra ID Component

Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources. Use the Microsoft Entra ID component to manage your users, groups, and applications.

Component key: ms-entra-id

Description

Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources.

Use the Microsoft Entra ID component to manage your users, groups, and applications.

API Documentation:

The component was built using the Microsoft Graph REST API v1.0

Connections

OAuth 2.0

This authentication method may be used when an App requires granting admin consent to API permissions, in addition to authorizing the integration with the App's configured client credentials.

The Microsoft Azure Active Directory component authenticates requests through the Microsoft Graph API.

Creating an App Registration

To configure OAuth 2.0 you must first create an App through Active Directory in the Microsoft Entra Admin Center or Microsoft Azure Portal.

Navigate to App Registrations
When creating the application you will be prompted to select Supported account types.
Select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
Navigate to Redirect URI and add the Web platform. Now enter the redirect URI as https://oauth2.prismatic.io/callback for US based integrations.
1. For integrations outside the US refer to this guide to find your region’s Callback URL.
Select Register to complete.
In the App, navigate to Certificates & Secrets and select New client secret. Copy/save the Value for use in the connection configuration of your integration (the value will not be shown again).
Next, navigate to the Overview section and copy the Application (client) ID
Navigate to the API Permissions section to assign the proper permissions for the integration. Select Add Permission, select all permissions that are required for your desired integration and save these values for later. A full list of scopes can be found on the Microsoft Graph API documentation
1. Recommended scopes for Active Directory can be found in Microsoft Graph > Delegated permissions:
  1. Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access

Configuring the Integration

Supply the following values to the OAuth 2.0 Authorization Code connection in your integration within Prismatic:

Client ID enter the Application (client) ID
Client Secret enter the Value provided (Do not use Secret ID)
Provide the assigned API permissions as Scopes you assigned to your App. The default value will be set to the following:
- Default example: Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access
If you didn't select Multitenant when creating the App, you will need to replace the Authorize URL and Token URL with ones specific to your tenant.

Input	Default	Notes
Authorize URL string / Required Hidden Field authorizeUrl	https://login.microsoftonline.com/common/oauth2/v2.0/authorize	The OAuth 2.0 Authorization URL for Microsoft Entra ID
Client ID string / Required clientId		Get this value from your App Registration in the Azure Portal
Client Secret password / Required clientSecret		Get this value from your App Registration in the Azure Portal
Scopes string scopes	Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access	Microsoft Entra ID Scopes.
Token URL string / Required Hidden Field tokenUrl	https://login.microsoftonline.com/common/oauth2/v2.0/token	The OAuth 2.0 Token URL for Microsoft Entra ID

Triggers

Group Trigger

Get notified to this flow when a group changes. | key: groupTrigger

Input	Notes	Example
Change Type string / Required Value List changeType	Indicates the type of change that raises a notification.	created
Connection connection / Required connection
Expiration Date Time string expirationTriggerDateTime	The date and time when the trigger subscription expires. If not specified, the subscription defaults to 29 days from the current date and time. This trigger must be reactivated after expiration.	2016-11-20T18:23:45.9356913Z

User Trigger

Get notified to this flow when a user changes. | key: userTrigger

Input	Notes	Example
Change Type string / Required Value List changeType	Indicates the type of change that raises a notification.	created
Connection connection / Required connection
Expiration Date Time string expirationTriggerDateTime	The date and time when the trigger subscription expires. If not specified, the subscription defaults to 29 days from the current date and time. This trigger must be reactivated after expiration.	2016-11-20T18:23:45.9356913Z

Webhook

Receive and validate webhook requests from Microsoft Entra ID for webhooks you configure. | key: webhook

Data Sources

Select Application

Select an application from a picklist. | key: selectApplication | type: picklist

Input	Notes
Connection connection / Required connection

Select Group

Select a group from a picklist. | key: selectGroup | type: picklist

Input	Notes
Connection connection / Required connection

Select Group Member

Select a group member from a picklist. | key: selectGroupMember | type: picklist

Input	Notes	Example
Connection connection / Required connection
Group Id string / Required groupId		b320ee12-b1cd-4cca-b648-a437be61c5cd

Actions

Add Member to Group

Add a member to a group. | key: addMemberToGroup

Input	Default	Notes	Example
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Group Id string / Required groupId		The ID of the group to add the member to.	b320ee12-b1cd-4cca-b648-a437be61c5cd
Group Member OData ID string / Required groupMemberOdataId		The @odata.id property with a reference by ID to a supported group member object type.	https://graph.microsoft.com/v1.0/directoryObjects/{id}

Example Payload for Add Member to Group

{
  "data": {
    "success": true
  }
}

Create Application

Creates (registers) a new application. | key: createApplication

Input	Default	Notes	Example
Additional Properties code additionalProperties		Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/application-post-applications
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Display Name string / Required displayName		The display name of the application.	My Application

Example Payload for Create Application

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
    "id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
    "deletedDateTime": null,
    "isFallbackPublicClient": null,
    "appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
    "applicationTemplateId": null,
    "identifierUris": [],
    "createdDateTime": "2019-09-17T19:10:35.2742618Z",
    "displayName": "Display name",
    "isDeviceOnlyAuthSupported": null,
    "groupMembershipClaims": null,
    "optionalClaims": null,
    "addIns": [],
    "publisherDomain": "contoso.com",
    "samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
    "signInAudience": "AzureADandPersonalMicrosoftAccount",
    "tags": [],
    "tokenEncryptionKeyId": null,
    "api": {
      "requestedAccessTokenVersion": 2,
      "acceptMappedClaims": null,
      "knownClientApplications": [],
      "oauth2PermissionScopes": [],
      "preAuthorizedApplications": []
    },
    "appRoles": [],
    "publicClient": {
      "redirectUris": []
    },
    "info": {
      "termsOfServiceUrl": null,
      "supportUrl": null,
      "privacyStatementUrl": null,
      "marketingUrl": null,
      "logoUrl": null
    },
    "keyCredentials": [],
    "parentalControlSettings": {
      "countriesBlockedForMinors": [],
      "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [],
    "requiredResourceAccess": [],
    "web": {
      "redirectUris": [],
      "homePageUrl": null,
      "logoutUrl": null,
      "implicitGrantSettings": {
        "enableIdTokenIssuance": false,
        "enableAccessTokenIssuance": false
      }
    }
  }
}

Create Group

Create a new group. It can be a Microsoft 365 group, dynamic group, or security group. | key: createGroup

Input	Default	Notes	Example
Additional Properties code additionalProperties		Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/group-post-groups
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Display Name string / Required displayName		The name to display in the address book for the group.	Marketing Team
Group Types string groupTypes		The type of group and its membership.
Mail Enabled boolean / Required mailEnabled	true	Set to true for mail-enabled groups.
Mail Nickname string / Required mailNickname		The mail alias for the group, unique for Microsoft 365 groups in the organization. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : <> , SPACE.	MarketingTeam
Security Enabled boolean / Required securityEnabled	true	Set to true for security-enabled groups, including Microsoft 365 groups. Note: Groups created using the Microsoft Entra admin center or the Azure portal always have securityEnabled initially set to true.

Example Payload for Create Group

{
  "data": {
    "id": "b320ee12-b1cd-4cca-b648-a437be61c5cd",
    "deletedDateTime": null,
    "classification": null,
    "createdDateTime": "2018-12-22T00:51:37Z",
    "description": "Self help community for library",
    "displayName": "Library Assist",
    "groupTypes": [
      "Unified"
    ],
    "mail": "library7423@contoso.com",
    "mailEnabled": true,
    "mailNickname": "library",
    "onPremisesLastSyncDateTime": null,
    "onPremisesSecurityIdentifier": null,
    "onPremisesSyncEnabled": null,
    "preferredDataLocation": "CAN",
    "proxyAddresses": [
      "SMTP:library7423@contoso.com"
    ],
    "renewedDateTime": "2018-12-22T00:51:37Z",
    "resourceBehaviorOptions": [],
    "resourceProvisioningOptions": [],
    "securityEnabled": false,
    "visibility": "Public",
    "onPremisesProvisioningErrors": []
  }
}

Create Subscription

Create a subscription to receive notifications when changes occur in the specified object. | key: createSubscription

Input	Default	Notes	Example
Additional Properties code additionalProperties		Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions
Change Type string / Required changeType		Indicates the type of change in the subscribed resource that raises a change notification. The supported values are: created, updated, deleted. Multiple values can be combined using a comma-separated list.	created
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Expiration Date Time string / Required expirationDateTime		Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to.	2016-11-20T18:23:45.9356913Z
Header string Key Value List headers		A list of headers to send with the request.	User-Agent: curl/7.64.1
Notification URL string / Required notificationUrl		The URL of the endpoint that receives the change notifications.	https://webhook.azurewebsites.net/api/send/myNotifyClient
Resource string / Required resource		The resource that will be monitored for changes. See https://learn.microsoft.com/en-us/graph/api/resources/change-notifications-api-overview?view=graph-rest-1.0	/users

Example Payload for Create Subscription

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions/$entity",
    "id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
    "resource": "me/mailFolders('Inbox')/messages",
    "applicationId": "24d3b144-21ae-4080-943f-7067b395b913",
    "changeType": "created",
    "clientState": "secretClientValue",
    "notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
    "expirationDateTime": "2016-11-20T18:23:45.9356913Z",
    "creatorId": "8ee44408-0679-472c-bc2a-692812af3437",
    "latestSupportedTlsVersion": "v1_2",
    "notificationContentType": "application/json"
  }
}

Create User

Create a new user. | key: createUser

Input	Default	Notes	Example
Account Enabled boolean / Required accountEnabled	true	Indicates if the account is enabled.
Additional Properties code additionalProperties		Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/user-post-users
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Display Name string / Required displayName		The display name of the user.	John
Domain string / Required domain		The domain for the user, this must be an existing domain in the tenant.	domain.onmicrosoft.com
Force Change Password Next Sign In boolean / Required forceChangePasswordNextSignIn	true	Indicates if the user is forced to change their password on next sign in.
Password password / Required password		The password of the user.	Jaka889740
User Principal Name string / Required userPrincipalName		The user principal name of the user.	John

Example Payload for Create User

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
    "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
    "businessPhones": [],
    "displayName": "Adele Vance",
    "givenName": "Adele",
    "jobTitle": "Product Marketing Manager",
    "mail": "AdeleV@contoso.com",
    "mobilePhone": "+1 425 555 0109",
    "officeLocation": "18/2111",
    "preferredLanguage": "en-US",
    "surname": "Vance",
    "userPrincipalName": "AdeleV@contoso.com"
  }
}

Delete Application

Delete application object. | key: deleteApplication

Input	Default	Notes	Example
Application Object ID string / Required applicationObjectId		The ID of the application to delete.	03ef14b0-ca33-4840-8f4f-d6e91916010e
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.

Example Payload for Delete Application

{
  "data": {
    "success": true
  }
}

Delete Group

Delete group object. | key: deleteGroup

Input	Default	Notes	Example
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Group Id string / Required groupId		The ID of the group to delete.	b320ee12-b1cd-4cca-b648-a437be61c5cd

Example Payload for Delete Group

{
  "data": {
    "success": true
  }
}

Delete Instanced Subscriptions

Delete all webhooks that point to a flow in this instance. | key: deleteInstancedSubscriptions

Input	Default	Notes
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.

Example Payload for Delete Instanced Subscriptions

{
  "data": {
    "subscriptionsRemoved": [
      "26ebd1e9-c54a-4bbe-9583-fc05974952a4",
      "b9b27172-ee2e-4248-86df-fc98cb71d914"
    ]
  }
}

Delete Subscription

Deletes a subscription object. | key: deleteSubscription

Input	Default	Notes	Example
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Subscription ID string / Required subscriptionId		The ID of the subscription to delete.	12345678-1234-1234-1234-123456789012

Example Payload for Delete Subscription

{
  "data": {
    "success": true
  }
}

Delete User

Deletes a User. | key: deleteUser

Input	Default	Notes	Example
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
User Id string / Required userId		Unique Identifier for the user to delete. This can be the user's id or userPrincipalName.	d36894ae-94ae-d368-ae94-68d3ae9468d3

Example Payload for Delete User

{
  "data": {
    "success": true
  }
}

Get Application

Read properties of an application object. | key: getApplication

Input	Default	Notes	Example
Application Object ID string / Required applicationObjectId		The ID of the application to read.	03ef14b0-ca33-4840-8f4f-d6e91916010e
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.

Example Payload for Get Application

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
    "id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
    "deletedDateTime": null,
    "isFallbackPublicClient": null,
    "appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
    "applicationTemplateId": null,
    "identifierUris": [],
    "createdDateTime": "2019-09-17T19:10:35.2742618Z",
    "displayName": "Display name",
    "isDeviceOnlyAuthSupported": null,
    "groupMembershipClaims": null,
    "optionalClaims": null,
    "addIns": [],
    "publisherDomain": "contoso.com",
    "samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
    "signInAudience": "AzureADandPersonalMicrosoftAccount",
    "tags": [],
    "tokenEncryptionKeyId": null,
    "api": {
      "requestedAccessTokenVersion": 2,
      "acceptMappedClaims": null,
      "knownClientApplications": [],
      "oauth2PermissionScopes": [],
      "preAuthorizedApplications": []
    },
    "appRoles": [],
    "publicClient": {
      "redirectUris": []
    },
    "info": {
      "termsOfServiceUrl": null,
      "supportUrl": null,
      "privacyStatementUrl": null,
      "marketingUrl": null,
      "logoUrl": null
    },
    "keyCredentials": [],
    "parentalControlSettings": {
      "countriesBlockedForMinors": [],
      "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [],
    "requiredResourceAccess": [],
    "web": {
      "redirectUris": [],
      "homePageUrl": null,
      "logoutUrl": null,
      "implicitGrantSettings": {
        "enableIdTokenIssuance": false,
        "enableAccessTokenIssuance": false
      }
    }
  }
}

Get Group

Read properties of a group object. | key: getGroup

Input	Default	Notes	Example
Select string $select		Filters properties (columns).	givenName,surname
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Group Id string / Required groupId			b320ee12-b1cd-4cca-b648-a437be61c5cd

Example Payload for Get Group

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
    "id": "02bd9fd6-8f93-4758-87c3-1fb73740a315",
    "deletedDateTime": null,
    "classification": null,
    "createdDateTime": "2017-07-31T18:56:16Z",
    "description": "Welcome to the HR Taskforce team.",
    "displayName": "HR Taskforce",
    "expirationDateTime": null,
    "groupTypes": [
      "Unified"
    ],
    "isAssignableToRole": null,
    "mail": "HRTaskforce@contoso.com",
    "mailEnabled": true,
    "mailNickname": "HRTaskforce",
    "membershipRule": null,
    "membershipRuleProcessingState": null,
    "onPremisesDomainName": null,
    "onPremisesLastSyncDateTime": null,
    "onPremisesNetBiosName": null,
    "onPremisesSamAccountName": null,
    "onPremisesSecurityIdentifier": null,
    "onPremisesSyncEnabled": null,
    "preferredDataLocation": null,
    "preferredLanguage": null,
    "proxyAddresses": [
      "SMTP:HRTaskforce@contoso.com",
      "SPO:SPO_896cf652-b200-4b74-8111-c013f64406cf@SPO_dcd219dd-bc68-4b9b-bf0b-4a33a796be35"
    ],
    "renewedDateTime": "2020-01-24T19:01:14Z",
    "resourceBehaviorOptions": [],
    "resourceProvisioningOptions": [
      "Team"
    ],
    "securityEnabled": false,
    "securityIdentifier": "S-1-12-1-45981654-1196986259-3072312199-363020343",
    "serviceProvisioningErrors": [],
    "theme": null,
    "visibility": "Private",
    "onPremisesProvisioningErrors": []
  }
}

Get Subscription

Read properties of a subscription object. | key: getSubscription

Input	Default	Notes	Example
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Subscription ID string / Required subscriptionId		The ID of the subscription to read.	12345678-1234-1234-1234-123456789012

Example Payload for Get Subscription

{
  "data": {
    "id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
    "resource": "me/messages",
    "applicationId": "string",
    "changeType": "created,updated",
    "clientState": "secretClientValue",
    "notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
    "lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
    "expirationDateTime": "2016-11-20T18:23:45.9356913Z",
    "creatorId": "string",
    "latestSupportedTlsVersion": "v1_2",
    "encryptionCertificate": "",
    "encryptionCertificateId": "",
    "includeResourceData": false,
    "notificationContentType": "application/json"
  }
}

Get User

Read properties and relationships of the User object. | key: getUser

Input	Default	Notes	Example
Select string $select		Filters properties (columns).	givenName,surname
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
User Id string / Required userId		Unique Identifier for the user to get. This can be the user's id or userPrincipalName.	d36894ae-94ae-d368-ae94-68d3ae9468d3

Example Payload for Get User

{
  "data": {
    "businessPhones": [
      "+1 425 555 0109"
    ],
    "displayName": "Adele Vance",
    "givenName": "Adele",
    "jobTitle": "Retail Manager",
    "mail": "AdeleV@contoso.com",
    "mobilePhone": "+1 425 555 0109",
    "officeLocation": "18/2111",
    "preferredLanguage": "en-US",
    "surname": "Vance",
    "userPrincipalName": "AdeleV@contoso.com",
    "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
  }
}

List Applications

Retrieve the list of applications in the organization. | key: listApplications

Input	Default	Notes	Example
Count boolean $count	false	Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.
Expand string $expand		Retrieves related resources.	members
Filter string $filter		Filters results (rows).	startswith(givenName,'J')
Order By string $orderby		Orders results.	displayName desc
Search string $search		Returns results based on search criteria.	pizza
Select string $select		Filters properties (columns).	givenName,surname
Top string $top		Sets the page size of results.	10
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Eventual Consistency Level Header boolean eventualConsistencyLevelHeader	false	Add the header to the request to specify the eventual consistency level. Required for some OData properties.
Get All Paginated Results boolean getAllPaginatedResults	false	Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.

Example Payload for List Applications

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications",
    "value": [
      {
        "appId": "00000000-0000-0000-0000-000000000000",
        "identifierUris": [
          "http://contoso/"
        ],
        "displayName": "My app",
        "publisherDomain": "contoso.com",
        "signInAudience": "AzureADMyOrg"
      }
    ]
  }
}

List Changes

Track changes in an object and its children over time. | key: listChanges

Input	Default	Notes	Example
Delta Token string $deltatoken		A state token returned in the @odata.deltaLink URL of the previous delta function call for the same user collection, indicating the completion of that round of change tracking.	deltatoken
Filter string $filter		Filters results (rows).	startswith(givenName,'J')
Select string $select		Filters properties (columns).	givenName,surname
Skip Token string $skiptoken		A state token returned in the @odata.nextLink URL of the previous delta function call, indicating there are further changes to be tracked in the same user collection.	skiptoken
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
URL to fetch for delta string / Required deltaURL		The URL to track changes in an object and its children over time. You can use @odata.nextLink or @odata.deltaLink here to get the next set of changes.	/users/delta
Return Minimal boolean returnMinimal	false	Returns only the object properties that have changed since the last round when using @odata.deltaLink.

Example Payload for List Changes

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
    "@odata.nextLink": "https://graph.microsoft.com/v1.0/users/delta?$skiptoken=pqwSUjGYvb3jQpbwVAwEL7yuI3dU1LecfkkfLPtnIjsXoYQp_dpA3cNJWc",
    "value": [
      {
        "businessPhones": [
          "+1 425 555 0109"
        ],
        "displayName": "Adele Vance",
        "givenName": "Adele",
        "jobTitle": "Retail Manager",
        "mail": "AdeleV@contoso.com",
        "mobilePhone": "+1 425 555 0109",
        "officeLocation": "18/2111",
        "preferredLanguage": "en-US",
        "surname": "Vance",
        "userPrincipalName": "AdeleV@contoso.com",
        "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
      }
    ]
  }
}

List Group

List group objects and their properties. | key: listGroup

Input	Default	Notes	Example
Count boolean $count	false	Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.
Expand string $expand		Retrieves related resources.	members
Filter string $filter		Filters results (rows).	startswith(givenName,'J')
Order By string $orderby		Orders results.	displayName desc
Search string $search		Returns results based on search criteria.	pizza
Select string $select		Filters properties (columns).	givenName,surname
Top string $top		Sets the page size of results.	10
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Eventual Consistency Level Header boolean eventualConsistencyLevelHeader	false	Add the header to the request to specify the eventual consistency level. Required for some OData properties.
Get All Paginated Results boolean getAllPaginatedResults	false	Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.

Example Payload for List Group

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
    "value": [
      {
        "id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",
        "deletedDateTime": null,
        "classification": null,
        "createdDateTime": "2018-12-22T02:21:05Z",
        "description": "Self help community for golf",
        "displayName": "Golf Assist",
        "expirationDateTime": null,
        "groupTypes": [
          "Unified"
        ],
        "isAssignableToRole": null,
        "mail": "golfassist@contoso.com",
        "mailEnabled": true,
        "mailNickname": "golfassist",
        "membershipRule": null,
        "membershipRuleProcessingState": null,
        "onPremisesLastSyncDateTime": null,
        "onPremisesSecurityIdentifier": null,
        "onPremisesSyncEnabled": null,
        "preferredDataLocation": "CAN",
        "preferredLanguage": null,
        "proxyAddresses": [
          "smtp:golfassist@contoso.com",
          "SMTP:golfassist@contoso.com"
        ],
        "renewedDateTime": "2018-12-22T02:21:05Z",
        "resourceBehaviorOptions": [],
        "resourceProvisioningOptions": [],
        "securityEnabled": false,
        "theme": null,
        "visibility": "Public",
        "onPremisesProvisioningErrors": []
      },
      {
        "id": "d7797254-3084-44d0-99c9-a3b5ab149538",
        "deletedDateTime": null,
        "classification": null,
        "createdDateTime": "2018-11-19T20:29:40Z",
        "description": "Talk about golf",
        "displayName": "Golf Discussion",
        "expirationDateTime": null,
        "groupTypes": [],
        "isAssignableToRole": null,
        "mail": "golftalk@contoso.com",
        "mailEnabled": true,
        "mailNickname": "golftalk",
        "membershipRule": null,
        "membershipRuleProcessingState": null,
        "onPremisesLastSyncDateTime": null,
        "onPremisesSecurityIdentifier": null,
        "onPremisesSyncEnabled": null,
        "preferredDataLocation": "CAN",
        "preferredLanguage": null,
        "proxyAddresses": [
          "smtp:golftalk@contoso.com",
          "SMTP:golftalk@contoso.com"
        ],
        "renewedDateTime": "2018-11-19T20:29:40Z",
        "resourceBehaviorOptions": [],
        "resourceProvisioningOptions": [],
        "securityEnabled": false,
        "serviceProvisioningErrors": [],
        "theme": null,
        "visibility": null,
        "onPremisesProvisioningErrors": []
      }
    ]
  }
}

List Group Members

Get the direct members of this group from the members navigation property. | key: listGroupMembers

Input	Default	Notes	Example
Count boolean $count	false	Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.
Expand string $expand		Retrieves related resources.	members
Filter string $filter		Filters results (rows).	startswith(givenName,'J')
Search string $search		Returns results based on search criteria.	pizza
Select string $select		Filters properties (columns).	givenName,surname
Top string $top		Sets the page size of results.	10
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Eventual Consistency Level Header boolean eventualConsistencyLevelHeader	false	Add the header to the request to specify the eventual consistency level. Required for some OData properties.
Get All Paginated Results boolean getAllPaginatedResults	false	Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.
Group Id string / Required groupId			b320ee12-b1cd-4cca-b648-a437be61c5cd

Example Payload for List Group Members

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
    "value": [
      {
        "id": "11111111-2222-3333-4444-555555555555",
        "mail": "user1@contoso.com"
      }
    ]
  }
}

List Subscriptions

Lists active subscriptions. | key: listSubscriptions

Input	Default	Notes
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Get All Paginated Results boolean getAllPaginatedResults	false	Set to true to retrieve all subscriptions.

Example Payload for List Subscriptions

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions",
    "value": [
      {
        "id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
        "resource": "me/messages",
        "applicationId": "string",
        "changeType": "created,updated",
        "clientState": "secretClientValue",
        "notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
        "lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
        "expirationDateTime": "2016-11-20T18:23:45.9356913Z",
        "creatorId": "string",
        "latestSupportedTlsVersion": "v1_2",
        "encryptionCertificate": "",
        "encryptionCertificateId": "",
        "includeResourceData": false,
        "notificationContentType": "application/json"
      }
    ]
  }
}

List Users

Retrieve a list of user objects. | key: listUsers

Input	Default	Notes	Example
Count boolean $count	false	Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.
Expand string $expand		Retrieves related resources.	members
Filter string $filter		Filters results (rows).	startswith(givenName,'J')
Order By string $orderby		Orders results.	displayName desc
Search string $search		Returns results based on search criteria.	pizza
Select string $select		Filters properties (columns).	givenName,surname
Top string $top		Sets the page size of results.	10
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Eventual Consistency Level Header boolean eventualConsistencyLevelHeader	false	Add the header to the request to specify the eventual consistency level. Required for some OData properties.
Get All Paginated Results boolean getAllPaginatedResults	false	Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.

Example Payload for List Users

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
    "value": [
      {
        "businessPhones": [
          "+1 425 555 0109"
        ],
        "displayName": "Adele Vance",
        "givenName": "Adele",
        "jobTitle": "Retail Manager",
        "mail": "AdeleV@contoso.com",
        "mobilePhone": "+1 425 555 0109",
        "officeLocation": "18/2111",
        "preferredLanguage": "en-US",
        "surname": "Vance",
        "userPrincipalName": "AdeleV@contoso.com",
        "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
      }
    ]
  }
}

Raw Request

Send raw HTTP request to Microsoft Entra ID. | key: rawRequest

Input	Default	Notes	Example
Connection connection / Required connection
Data string data		The HTTP body payload to send to the URL.	{"exampleKey": "Example Data"}
Debug Request boolean debugRequest	false	Enabling this flag will log out the current request.
File Data string Key Value List fileData		File Data to be sent as a multipart form upload.	[{key: "example.txt", value: "My File Contents"}]
File Data File Names string Key Value List fileDataFileNames		File names to apply to the file data inputs. Keys must match the file data keys above.
Form Data string Key Value List formData		The Form Data to be sent as a multipart form upload.	[{"key": "Example Key", "value": new Buffer("Hello World")}]
Header string Key Value List headers		A list of headers to send with the request.	User-Agent: curl/7.64.1
Max Retry Count string maxRetries	0	The maximum number of retries to attempt. Specify 0 for no retries.
Method string / Required method		The HTTP method to use.
Query Parameter string Key Value List queryParams		A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.
Response Type string / Required responseType	json	The type of data you expect in the response. You can request json, text, or binary data.
Retry On All Errors boolean retryAllErrors	false	If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.
Retry Delay (ms) string retryDelayMS	0	The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled.
Timeout string timeout		The maximum time that a client will await a response to its request	2000
URL string / Required url		Input the path only (/users), The base URL is already included (https://graph.microsoft.com/v1.0). For example, to connect to https://graph.microsoft.com/v1.0/users, only /users is entered in this field.	/users
Use Exponential Backoff boolean useExponentialBackoff	false	Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored.

Remove Member of Group

Remove a member from a Microsoft 365 group or a security group through the members navigation property. | key: removeMemberOfGroup

Input	Default	Notes	Example
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Group Id string / Required groupId		The ID of the group to remove the member from.	b320ee12-b1cd-4cca-b648-a437be61c5cd
Member ID string / Required memberId		The ID of the member to remove from the group.	12345678-1234-1234-1234-123456789012

Example Payload for Remove Member of Group

{
  "data": {
    "success": true
  }
}

Update Subscription

Updates a subscription expiration time for renewal and/or updates the notificationUrl for delivery. | key: updateSubscription

Input	Default	Notes	Example
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Expiration Date Time string expirationDateTime		Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to.	2016-11-20T18:23:45.9356913Z
Notification URL string notificationUrl		The URL of the endpoint that receives the change notifications.	https://webhook.azurewebsites.net/api/send/myNotifyClient
Subscription ID string / Required subscriptionId		The ID of the subscription to update.	12345678-1234-1234-1234-123456789012

Example Payload for Update Subscription

{
  "data": {
    "id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
    "resource": "me/messages",
    "applicationId": "string",
    "changeType": "created,updated",
    "clientState": "secretClientValue",
    "notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
    "lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
    "expirationDateTime": "2016-11-20T18:23:45.9356913Z",
    "creatorId": "string",
    "latestSupportedTlsVersion": "v1_2",
    "encryptionCertificate": "",
    "encryptionCertificateId": "",
    "includeResourceData": false,
    "notificationContentType": "application/json"
  }
}

Update User

Update the properties of a User object. | key: updateUser

Input	Default	Notes	Example
Account Enabled string accountEnabled		Indicates if the account is enabled.
Additional Properties code additionalProperties		Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/user-update
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Display Name string displayName		The display name of the user.	John
Domain string domain		The updated domain for the user, this must be an existing domain in the tenant. Required if 'User Principal Name' input is provided.	domain.onmicrosoft.com
First Name string givenName		The updated first name of the user.	John
Job Title string jobTitle		The updated job title of the user.	Software Engineer
Last Name string surname		The updated last name of the user.	Doe
User Id string / Required userId		Unique Identifier for the user to update. This can be the user's id or userPrincipalName.	d36894ae-94ae-d368-ae94-68d3ae9468d3
User Principal Name string userPrincipalName		The updated user principal name of the user. Required if 'Domain' input is provided.	John

Example Payload for Update User

{
  "data": {
    "success": true
  }
}

Upsert Application

Create a new application if it doesn't exist, or update the properties of an existing application. | key: upsertApplication

Input	Default	Notes	Example
Additional Properties code additionalProperties		Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/application-upsert
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Display Name string / Required displayName		The display name of the application.	My Application
Unique Name string / Required uniqueName		The unique name of the application to update or create.	MyApplication
Use as Upsert boolean / Required useAsUpsert	true	Set to true to create a new application if it doesn't exist. Set to false to only update an existing application.

Example Payload for Upsert Application

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
    "id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
    "deletedDateTime": null,
    "isFallbackPublicClient": null,
    "appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
    "applicationTemplateId": null,
    "identifierUris": [],
    "createdDateTime": "2019-09-17T19:10:35.2742618Z",
    "displayName": "Display name",
    "isDeviceOnlyAuthSupported": null,
    "groupMembershipClaims": null,
    "optionalClaims": null,
    "addIns": [],
    "publisherDomain": "contoso.com",
    "samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
    "signInAudience": "AzureADandPersonalMicrosoftAccount",
    "tags": [],
    "tokenEncryptionKeyId": null,
    "api": {
      "requestedAccessTokenVersion": 2,
      "acceptMappedClaims": null,
      "knownClientApplications": [],
      "oauth2PermissionScopes": [],
      "preAuthorizedApplications": []
    },
    "appRoles": [],
    "publicClient": {
      "redirectUris": []
    },
    "info": {
      "termsOfServiceUrl": null,
      "supportUrl": null,
      "privacyStatementUrl": null,
      "marketingUrl": null,
      "logoUrl": null
    },
    "keyCredentials": [],
    "parentalControlSettings": {
      "countriesBlockedForMinors": [],
      "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [],
    "requiredResourceAccess": [],
    "web": {
      "redirectUris": [],
      "homePageUrl": null,
      "logoutUrl": null,
      "implicitGrantSettings": {
        "enableIdTokenIssuance": false,
        "enableAccessTokenIssuance": false
      }
    }
  }
}

Upsert Group

Create a new group if it doesn't exist, or update the properties of an existing group. | key: upsertGroup

Input	Default	Notes	Example
Additional Properties code additionalProperties		Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/group-upsert
Connection connection / Required connection
Debug Request boolean debug	false	Enabling this flag will log out the current request.
Display Name string displayName		The name to display in the address book for the group.	Marketing Team
Group Types string groupTypes		The type of group and its membership.
Mail Enabled string mailEnabled		Set to true for mail-enabled groups.
Mail Nickname string mailNickname		The mail alias for the group, unique for Microsoft 365 groups in the organization. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : <> , SPACE.	MarketingTeam
Security Enabled string securityEnabled		Set to true for security-enabled groups, including Microsoft 365 groups. Note: Groups created using the Microsoft Entra admin center or the Azure portal always have securityEnabled initially set to true.
Unique Name string / Required uniqueName		The unique name of the group to update or create.	MarketingTeam
Use as Upsert boolean / Required useAsUpsert	true	Set to true to create a new group if it doesn't exist. Set to false to only update an existing group.

Example Payload for Upsert Group

{
  "data": {
    "success": true
  }
}

Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources. Use the Microsoft Entra ID component to manage your users, groups, and applications.

Description​

API Documentation:​

Connections​

OAuth 2.0​

Creating an App Registration​

Configuring the Integration​

Triggers​

Group Trigger​

User Trigger​

Webhook​

Data Sources​

Select Application​

Select Group​

Select Group Member​

Actions​

Add Member to Group​

Create Application​

Create Group​

Create Subscription​

Create User​

Delete Application​

Delete Group​

Delete Instanced Subscriptions​

Delete Subscription​

Delete User​

Get Application​

Get Group​

Get Subscription​

Get User​

List Applications​

List Changes​

List Group​

List Group Members​

List Subscriptions​

List Users​

Raw Request​

Remove Member of Group​

Update Subscription​

Update User​

Upsert Application​

Upsert Group​