Skip to main content

Microsoft Entra ID Component

Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources. Use the Microsoft Entra ID component to manage your users, groups, and applications.

Component key: ms-entra-id

Description

Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources.

Use the Microsoft Entra ID component to manage your users, groups, and applications.

API Documentation:

The component was built using the Microsoft Graph REST API v1.0

Connections

OAuth 2.0

This authentication method may be used when an App requires granting admin consent to API permissions, in addition to authorizing the integration with the App's configured client credentials.

The Microsoft Azure Active Directory component authenticates requests through the Microsoft Graph API.

Creating an App Registration

To configure OAuth 2.0 you must first create an App through Active Directory in the Microsoft Entra Admin Center or Microsoft Azure Portal.

  1. Navigate to App Registrations
  2. When creating the application you will be prompted to select Supported account types.
  3. Select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
  4. Navigate to Redirect URI and add the Web platform. Now enter the redirect URI as https://oauth2.prismatic.io/callback.
  5. Select Register to complete.
  6. In the App, navigate to Certificates & Secrets and select New client secret. Copy/save the Value for use in the connection configuration of your integration (the value will not be shown again).
  7. Next, navigate to the Overview section and copy the Application (client) ID
  8. Navigate to the API Permissions section to assign the proper permissions for the integration. Select Add Permission, select all permissions that are required for your desired integration and save these values for later. A full list of scopes can be found on the Microsoft Graph API documentation 1. Recommended scopes for Active Directory can be found in Microsoft Graph > Delegated permissions: 1. Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access

Configuring the Integration

Supply the following values to the OAuth 2.0 Authorization Code connection:

  • Client ID enter the Application (client) ID
  • Client Secret enter the Value provided (Do not use Secret ID)
  • Provide the assigned API permissions as Scopes you assigned to your App. The default value will be set to the following:
    • Default example: Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access
  • If you didn't select Multitenant when creating the App, you will need to replace the Authorize URL and Token URL with ones specific to your tenant.
InputNotesExample
Authorize URL

The OAuth 2.0 Authorization URL for Microsoft Entra ID

https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Client ID

Get this value from your App Registration in the Azure Portal

Client Secret

Get this value from your App Registration in the Azure Portal

Scopes

Microsoft Entra ID Scopes.

Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access
Token URL

The OAuth 2.0 Token URL for Microsoft Entra ID

https://login.microsoftonline.com/common/oauth2/v2.0/token

Triggers

Group Trigger

Get notified to this flow when a group changes. | key: groupTrigger

InputNotesExample
Change Type

Indicates the type of change that raises a notification.

created
Connection
Expiration Date Time

The date and time when the trigger subscription expires. If not specified, the subscription defaults to 29 days from the current date and time. This trigger must be reactivated after expiration.

2016-11-20T18:23:45.9356913Z

User Trigger

Get notified to this flow when a user changes. | key: userTrigger

InputNotesExample
Change Type

Indicates the type of change that raises a notification.

created
Connection
Expiration Date Time

The date and time when the trigger subscription expires. If not specified, the subscription defaults to 29 days from the current date and time. This trigger must be reactivated after expiration.

2016-11-20T18:23:45.9356913Z

Webhook

Receive and validate webhook requests from Microsoft Entra ID for webhooks you configure. | key: webhook

Data Sources

Select Application

Select an application from a picklist. | key: selectApplication | type: picklist

InputNotesExample
Connection

Select Group

Select a group from a picklist. | key: selectGroup | type: picklist

InputNotesExample
Connection

Select Group Member

Select a group member from a picklist. | key: selectGroupMember | type: picklist

InputNotesExample
Connection
Group Idb320ee12-b1cd-4cca-b648-a437be61c5cd

Actions

Add Member to Group

Add a member to a group. | key: addMemberToGroup

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
Group Id

The ID of the group to add the member to.

b320ee12-b1cd-4cca-b648-a437be61c5cd
Group Member OData ID

The @odata.id property with a reference by ID to a supported group member object type.

https://graph.microsoft.com/v1.0/directoryObjects/{id}

{
  "data": {
    "success": true
  }
}

Create Application

Creates (registers) a new application. | key: createApplication

InputNotesExample
Additional Properties

Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/application-post-applications

Connection
Debug Request

Enabling this flag will log out the current request.

false
Display Name

The display name of the application.

My Application

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
    "id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
    "deletedDateTime": null,
    "isFallbackPublicClient": null,
    "appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
    "applicationTemplateId": null,
    "identifierUris": [],
    "createdDateTime": "2019-09-17T19:10:35.2742618Z",
    "displayName": "Display name",
    "isDeviceOnlyAuthSupported": null,
    "groupMembershipClaims": null,
    "optionalClaims": null,
    "addIns": [],
    "publisherDomain": "contoso.com",
    "samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
    "signInAudience": "AzureADandPersonalMicrosoftAccount",
    "tags": [],
    "tokenEncryptionKeyId": null,
    "api": {
      "requestedAccessTokenVersion": 2,
      "acceptMappedClaims": null,
      "knownClientApplications": [],
      "oauth2PermissionScopes": [],
      "preAuthorizedApplications": []
    },
    "appRoles": [],
    "publicClient": {
      "redirectUris": []
    },
    "info": {
      "termsOfServiceUrl": null,
      "supportUrl": null,
      "privacyStatementUrl": null,
      "marketingUrl": null,
      "logoUrl": null
    },
    "keyCredentials": [],
    "parentalControlSettings": {
      "countriesBlockedForMinors": [],
      "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [],
    "requiredResourceAccess": [],
    "web": {
      "redirectUris": [],
      "homePageUrl": null,
      "logoutUrl": null,
      "implicitGrantSettings": {
        "enableIdTokenIssuance": false,
        "enableAccessTokenIssuance": false
      }
    }
  }
}

Create Group

Create a new group. It can be a Microsoft 365 group, dynamic group, or security group. | key: createGroup

InputNotesExample
Additional Properties

Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/group-post-groups

Connection
Debug Request

Enabling this flag will log out the current request.

false
Display Name

The name to display in the address book for the group.

Marketing Team
Group Types

The type of group and its membership.

Mail Enabled

Set to true for mail-enabled groups.

true
Mail Nickname

The mail alias for the group, unique for Microsoft 365 groups in the organization. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : <> , SPACE.

MarketingTeam
Security Enabled

Set to true for security-enabled groups, including Microsoft 365 groups. Note: Groups created using the Microsoft Entra admin center or the Azure portal always have securityEnabled initially set to true.

true

{
  "data": {
    "id": "b320ee12-b1cd-4cca-b648-a437be61c5cd",
    "deletedDateTime": null,
    "classification": null,
    "createdDateTime": "2018-12-22T00:51:37Z",
    "description": "Self help community for library",
    "displayName": "Library Assist",
    "groupTypes": [
      "Unified"
    ],
    "mail": "library7423@contoso.com",
    "mailEnabled": true,
    "mailNickname": "library",
    "onPremisesLastSyncDateTime": null,
    "onPremisesSecurityIdentifier": null,
    "onPremisesSyncEnabled": null,
    "preferredDataLocation": "CAN",
    "proxyAddresses": [
      "SMTP:library7423@contoso.com"
    ],
    "renewedDateTime": "2018-12-22T00:51:37Z",
    "resourceBehaviorOptions": [],
    "resourceProvisioningOptions": [],
    "securityEnabled": false,
    "visibility": "Public",
    "onPremisesProvisioningErrors": []
  }
}

Create Subscription

Create a subscription to receive notifications when changes occur in the specified object. | key: createSubscription

InputNotesExample
Additional Properties

Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions

Change Type

Indicates the type of change in the subscribed resource that raises a change notification. The supported values are: created, updated, deleted. Multiple values can be combined using a comma-separated list.

created
Connection
Debug Request

Enabling this flag will log out the current request.

false
Expiration Date Time

Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to.

2016-11-20T18:23:45.9356913Z
Header

A list of headers to send with the request.

User-Agent: curl/7.64.1
Notification URL

The URL of the endpoint that receives the change notifications.

https://webhook.azurewebsites.net/api/send/myNotifyClient
Resource

The resource that will be monitored for changes. See https://learn.microsoft.com/en-us/graph/api/resources/change-notifications-api-overview?view=graph-rest-1.0

/users

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions/$entity",
    "id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
    "resource": "me/mailFolders('Inbox')/messages",
    "applicationId": "24d3b144-21ae-4080-943f-7067b395b913",
    "changeType": "created",
    "clientState": "secretClientValue",
    "notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
    "expirationDateTime": "2016-11-20T18:23:45.9356913Z",
    "creatorId": "8ee44408-0679-472c-bc2a-692812af3437",
    "latestSupportedTlsVersion": "v1_2",
    "notificationContentType": "application/json"
  }
}

Create User

Create a new user. | key: createUser

InputNotesExample
Account Enabled

Indicates if the account is enabled.

true
Additional Properties

Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/user-post-users

Connection
Debug Request

Enabling this flag will log out the current request.

false
Display Name

The display name of the user.

John
Domain

The domain for the user, this must be an existing domain in the tenant.

domain.onmicrosoft.com
Force Change Password Next Sign In

Indicates if the user is forced to change their password on next sign in.

true
Password

The password of the user.

Jaka889740
User Principal Name

The user principal name of the user.

John

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
    "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
    "businessPhones": [],
    "displayName": "Adele Vance",
    "givenName": "Adele",
    "jobTitle": "Product Marketing Manager",
    "mail": "AdeleV@contoso.com",
    "mobilePhone": "+1 425 555 0109",
    "officeLocation": "18/2111",
    "preferredLanguage": "en-US",
    "surname": "Vance",
    "userPrincipalName": "AdeleV@contoso.com"
  }
}

Delete Application

Delete application object. | key: deleteApplication

InputNotesExample
Application Object ID

The ID of the application to delete.

03ef14b0-ca33-4840-8f4f-d6e91916010e
Connection
Debug Request

Enabling this flag will log out the current request.

false

{
  "data": {
    "success": true
  }
}

Delete Group

Delete group object. | key: deleteGroup

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
Group Id

The ID of the group to delete.

b320ee12-b1cd-4cca-b648-a437be61c5cd

{
  "data": {
    "success": true
  }
}

Delete Instanced Subscriptions

Delete all webhooks that point to a flow in this instance. | key: deleteInstancedSubscriptions

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false

{
  "data": {
    "subscriptionsRemoved": [
      "26ebd1e9-c54a-4bbe-9583-fc05974952a4",
      "b9b27172-ee2e-4248-86df-fc98cb71d914"
    ]
  }
}

Delete Subscription

Deletes a subscription object. | key: deleteSubscription

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
Subscription ID

The ID of the subscription to delete.

12345678-1234-1234-1234-123456789012

{
  "data": {
    "success": true
  }
}

Delete User

Deletes a User. | key: deleteUser

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
User Id

Unique Identifier for the user to delete. This can be the user's id or userPrincipalName.

d36894ae-94ae-d368-ae94-68d3ae9468d3

{
  "data": {
    "success": true
  }
}

Get Application

Read properties of an application object. | key: getApplication

InputNotesExample
Application Object ID

The ID of the application to read.

03ef14b0-ca33-4840-8f4f-d6e91916010e
Connection
Debug Request

Enabling this flag will log out the current request.

false

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
    "id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
    "deletedDateTime": null,
    "isFallbackPublicClient": null,
    "appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
    "applicationTemplateId": null,
    "identifierUris": [],
    "createdDateTime": "2019-09-17T19:10:35.2742618Z",
    "displayName": "Display name",
    "isDeviceOnlyAuthSupported": null,
    "groupMembershipClaims": null,
    "optionalClaims": null,
    "addIns": [],
    "publisherDomain": "contoso.com",
    "samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
    "signInAudience": "AzureADandPersonalMicrosoftAccount",
    "tags": [],
    "tokenEncryptionKeyId": null,
    "api": {
      "requestedAccessTokenVersion": 2,
      "acceptMappedClaims": null,
      "knownClientApplications": [],
      "oauth2PermissionScopes": [],
      "preAuthorizedApplications": []
    },
    "appRoles": [],
    "publicClient": {
      "redirectUris": []
    },
    "info": {
      "termsOfServiceUrl": null,
      "supportUrl": null,
      "privacyStatementUrl": null,
      "marketingUrl": null,
      "logoUrl": null
    },
    "keyCredentials": [],
    "parentalControlSettings": {
      "countriesBlockedForMinors": [],
      "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [],
    "requiredResourceAccess": [],
    "web": {
      "redirectUris": [],
      "homePageUrl": null,
      "logoutUrl": null,
      "implicitGrantSettings": {
        "enableIdTokenIssuance": false,
        "enableAccessTokenIssuance": false
      }
    }
  }
}

Get Group

Read properties of a group object. | key: getGroup

InputNotesExample
Select

Filters properties (columns).

givenName,surname
Connection
Debug Request

Enabling this flag will log out the current request.

false
Group Idb320ee12-b1cd-4cca-b648-a437be61c5cd

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
    "id": "02bd9fd6-8f93-4758-87c3-1fb73740a315",
    "deletedDateTime": null,
    "classification": null,
    "createdDateTime": "2017-07-31T18:56:16Z",
    "description": "Welcome to the HR Taskforce team.",
    "displayName": "HR Taskforce",
    "expirationDateTime": null,
    "groupTypes": [
      "Unified"
    ],
    "isAssignableToRole": null,
    "mail": "HRTaskforce@contoso.com",
    "mailEnabled": true,
    "mailNickname": "HRTaskforce",
    "membershipRule": null,
    "membershipRuleProcessingState": null,
    "onPremisesDomainName": null,
    "onPremisesLastSyncDateTime": null,
    "onPremisesNetBiosName": null,
    "onPremisesSamAccountName": null,
    "onPremisesSecurityIdentifier": null,
    "onPremisesSyncEnabled": null,
    "preferredDataLocation": null,
    "preferredLanguage": null,
    "proxyAddresses": [
      "SMTP:HRTaskforce@contoso.com",
      "SPO:SPO_896cf652-b200-4b74-8111-c013f64406cf@SPO_dcd219dd-bc68-4b9b-bf0b-4a33a796be35"
    ],
    "renewedDateTime": "2020-01-24T19:01:14Z",
    "resourceBehaviorOptions": [],
    "resourceProvisioningOptions": [
      "Team"
    ],
    "securityEnabled": false,
    "securityIdentifier": "S-1-12-1-45981654-1196986259-3072312199-363020343",
    "serviceProvisioningErrors": [],
    "theme": null,
    "visibility": "Private",
    "onPremisesProvisioningErrors": []
  }
}

Get Subscription

Read properties of a subscription object. | key: getSubscription

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
Subscription ID

The ID of the subscription to read.

12345678-1234-1234-1234-123456789012

{
  "data": {
    "id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
    "resource": "me/messages",
    "applicationId": "string",
    "changeType": "created,updated",
    "clientState": "secretClientValue",
    "notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
    "lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
    "expirationDateTime": "2016-11-20T18:23:45.9356913Z",
    "creatorId": "string",
    "latestSupportedTlsVersion": "v1_2",
    "encryptionCertificate": "",
    "encryptionCertificateId": "",
    "includeResourceData": false,
    "notificationContentType": "application/json"
  }
}

Get User

Read properties and relationships of the User object. | key: getUser

InputNotesExample
Select

Filters properties (columns).

givenName,surname
Connection
Debug Request

Enabling this flag will log out the current request.

false
User Id

Unique Identifier for the user to get. This can be the user's id or userPrincipalName.

d36894ae-94ae-d368-ae94-68d3ae9468d3

{
  "data": {
    "businessPhones": [
      "+1 425 555 0109"
    ],
    "displayName": "Adele Vance",
    "givenName": "Adele",
    "jobTitle": "Retail Manager",
    "mail": "AdeleV@contoso.com",
    "mobilePhone": "+1 425 555 0109",
    "officeLocation": "18/2111",
    "preferredLanguage": "en-US",
    "surname": "Vance",
    "userPrincipalName": "AdeleV@contoso.com",
    "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
  }
}

List Applications

Retrieve the list of applications in the organization. | key: listApplications

InputNotesExample
Count

Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.

false
Expand

Retrieves related resources.

members
Filter

Filters results (rows).

startswith(givenName,'J')
Order By

Orders results.

displayName desc
Search

Returns results based on search criteria.

pizza
Select

Filters properties (columns).

givenName,surname
Top

Sets the page size of results.

10
Connection
Debug Request

Enabling this flag will log out the current request.

false
Eventual Consistency Level Header

Add the header to the request to specify the eventual consistency level. Required for some OData properties.

false
Get All Paginated Results

Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.

false

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications",
    "value": [
      {
        "appId": "00000000-0000-0000-0000-000000000000",
        "identifierUris": [
          "http://contoso/"
        ],
        "displayName": "My app",
        "publisherDomain": "contoso.com",
        "signInAudience": "AzureADMyOrg"
      }
    ]
  }
}

List Changes

Track changes in an object and its children over time. | key: listChanges

InputNotesExample
Delta Token

A state token returned in the @odata.deltaLink URL of the previous delta function call for the same user collection, indicating the completion of that round of change tracking.

deltatoken
Filter

Filters results (rows).

startswith(givenName,'J')
Select

Filters properties (columns).

givenName,surname
Skip Token

A state token returned in the @odata.nextLink URL of the previous delta function call, indicating there are further changes to be tracked in the same user collection.

skiptoken
Connection
Debug Request

Enabling this flag will log out the current request.

false
URL to fetch for delta

The URL to track changes in an object and its children over time. You can use @odata.nextLink or @odata.deltaLink here to get the next set of changes.

/users/delta
Return Minimal

Returns only the object properties that have changed since the last round when using @odata.deltaLink.

false

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
    "@odata.nextLink": "https://graph.microsoft.com/v1.0/users/delta?$skiptoken=pqwSUjGYvb3jQpbwVAwEL7yuI3dU1LecfkkfLPtnIjsXoYQp_dpA3cNJWc",
    "value": [
      {
        "businessPhones": [
          "+1 425 555 0109"
        ],
        "displayName": "Adele Vance",
        "givenName": "Adele",
        "jobTitle": "Retail Manager",
        "mail": "AdeleV@contoso.com",
        "mobilePhone": "+1 425 555 0109",
        "officeLocation": "18/2111",
        "preferredLanguage": "en-US",
        "surname": "Vance",
        "userPrincipalName": "AdeleV@contoso.com",
        "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
      }
    ]
  }
}

List Group

List group objects and their properties. | key: listGroup

InputNotesExample
Count

Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.

false
Expand

Retrieves related resources.

members
Filter

Filters results (rows).

startswith(givenName,'J')
Order By

Orders results.

displayName desc
Search

Returns results based on search criteria.

pizza
Select

Filters properties (columns).

givenName,surname
Top

Sets the page size of results.

10
Connection
Debug Request

Enabling this flag will log out the current request.

false
Eventual Consistency Level Header

Add the header to the request to specify the eventual consistency level. Required for some OData properties.

false
Get All Paginated Results

Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.

false

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
    "value": [
      {
        "id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",
        "deletedDateTime": null,
        "classification": null,
        "createdDateTime": "2018-12-22T02:21:05Z",
        "description": "Self help community for golf",
        "displayName": "Golf Assist",
        "expirationDateTime": null,
        "groupTypes": [
          "Unified"
        ],
        "isAssignableToRole": null,
        "mail": "golfassist@contoso.com",
        "mailEnabled": true,
        "mailNickname": "golfassist",
        "membershipRule": null,
        "membershipRuleProcessingState": null,
        "onPremisesLastSyncDateTime": null,
        "onPremisesSecurityIdentifier": null,
        "onPremisesSyncEnabled": null,
        "preferredDataLocation": "CAN",
        "preferredLanguage": null,
        "proxyAddresses": [
          "smtp:golfassist@contoso.com",
          "SMTP:golfassist@contoso.com"
        ],
        "renewedDateTime": "2018-12-22T02:21:05Z",
        "resourceBehaviorOptions": [],
        "resourceProvisioningOptions": [],
        "securityEnabled": false,
        "theme": null,
        "visibility": "Public",
        "onPremisesProvisioningErrors": []
      },
      {
        "id": "d7797254-3084-44d0-99c9-a3b5ab149538",
        "deletedDateTime": null,
        "classification": null,
        "createdDateTime": "2018-11-19T20:29:40Z",
        "description": "Talk about golf",
        "displayName": "Golf Discussion",
        "expirationDateTime": null,
        "groupTypes": [],
        "isAssignableToRole": null,
        "mail": "golftalk@contoso.com",
        "mailEnabled": true,
        "mailNickname": "golftalk",
        "membershipRule": null,
        "membershipRuleProcessingState": null,
        "onPremisesLastSyncDateTime": null,
        "onPremisesSecurityIdentifier": null,
        "onPremisesSyncEnabled": null,
        "preferredDataLocation": "CAN",
        "preferredLanguage": null,
        "proxyAddresses": [
          "smtp:golftalk@contoso.com",
          "SMTP:golftalk@contoso.com"
        ],
        "renewedDateTime": "2018-11-19T20:29:40Z",
        "resourceBehaviorOptions": [],
        "resourceProvisioningOptions": [],
        "securityEnabled": false,
        "serviceProvisioningErrors": [],
        "theme": null,
        "visibility": null,
        "onPremisesProvisioningErrors": []
      }
    ]
  }
}

List Group Members

Get the direct members of this group from the members navigation property. | key: listGroupMembers

InputNotesExample
Count

Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.

false
Expand

Retrieves related resources.

members
Filter

Filters results (rows).

startswith(givenName,'J')
Search

Returns results based on search criteria.

pizza
Select

Filters properties (columns).

givenName,surname
Top

Sets the page size of results.

10
Connection
Debug Request

Enabling this flag will log out the current request.

false
Eventual Consistency Level Header

Add the header to the request to specify the eventual consistency level. Required for some OData properties.

false
Get All Paginated Results

Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.

false
Group Idb320ee12-b1cd-4cca-b648-a437be61c5cd

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
    "value": [
      {
        "id": "11111111-2222-3333-4444-555555555555",
        "mail": "user1@contoso.com"
      }
    ]
  }
}

List Subscriptions

Lists active subscriptions. | key: listSubscriptions

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
Get All Paginated Results

Set to true to retrieve all subscriptions.

false

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions",
    "value": [
      {
        "id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
        "resource": "me/messages",
        "applicationId": "string",
        "changeType": "created,updated",
        "clientState": "secretClientValue",
        "notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
        "lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
        "expirationDateTime": "2016-11-20T18:23:45.9356913Z",
        "creatorId": "string",
        "latestSupportedTlsVersion": "v1_2",
        "encryptionCertificate": "",
        "encryptionCertificateId": "",
        "includeResourceData": false,
        "notificationContentType": "application/json"
      }
    ]
  }
}

List Users

Retrieve a list of user objects. | key: listUsers

InputNotesExample
Count

Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.

false
Expand

Retrieves related resources.

members
Filter

Filters results (rows).

startswith(givenName,'J')
Order By

Orders results.

displayName desc
Search

Returns results based on search criteria.

pizza
Select

Filters properties (columns).

givenName,surname
Top

Sets the page size of results.

10
Connection
Debug Request

Enabling this flag will log out the current request.

false
Eventual Consistency Level Header

Add the header to the request to specify the eventual consistency level. Required for some OData properties.

false
Get All Paginated Results

Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.

false

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
    "value": [
      {
        "businessPhones": [
          "+1 425 555 0109"
        ],
        "displayName": "Adele Vance",
        "givenName": "Adele",
        "jobTitle": "Retail Manager",
        "mail": "AdeleV@contoso.com",
        "mobilePhone": "+1 425 555 0109",
        "officeLocation": "18/2111",
        "preferredLanguage": "en-US",
        "surname": "Vance",
        "userPrincipalName": "AdeleV@contoso.com",
        "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
      }
    ]
  }
}

Raw Request

Send raw HTTP request to Microsoft Entra ID. | key: rawRequest

InputNotesExample
Connection
Data

The HTTP body payload to send to the URL.

{"exampleKey": "Example Data"}
Debug Request

Enabling this flag will log out the current request.

false
File Data

File Data to be sent as a multipart form upload.

[{key: "example.txt", value: "My File Contents"}]
File Data File Names

File names to apply to the file data inputs. Keys must match the file data keys above.

Form Data

The Form Data to be sent as a multipart form upload.

[{"key": "Example Key", "value": new Buffer("Hello World")}]
Header

A list of headers to send with the request.

User-Agent: curl/7.64.1
Max Retry Count

The maximum number of retries to attempt. Specify 0 for no retries.

0
Method

The HTTP method to use.

Query Parameter

A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.

Response Type

The type of data you expect in the response. You can request json, text, or binary data.

json
Retry On All Errors

If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.

false
Retry Delay (ms)

The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled.

0
Timeout

The maximum time that a client will await a response to its request

2000
URL

Input the path only (/users), The base URL is already included (https://graph.microsoft.com/v1.0). For example, to connect to https://graph.microsoft.com/v1.0/users, only /users is entered in this field.

/users
Use Exponential Backoff

Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored.

false

Remove Member of Group

Remove a member from a Microsoft 365 group or a security group through the members navigation property. | key: removeMemberOfGroup

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
Group Id

The ID of the group to remove the member from.

b320ee12-b1cd-4cca-b648-a437be61c5cd
Member ID

The ID of the member to remove from the group.

12345678-1234-1234-1234-123456789012

{
  "data": {
    "success": true
  }
}

Update Subscription

Updates a subscription expiration time for renewal and/or updates the notificationUrl for delivery. | key: updateSubscription

InputNotesExample
Connection
Debug Request

Enabling this flag will log out the current request.

false
Expiration Date Time

Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to.

2016-11-20T18:23:45.9356913Z
Notification URL

The URL of the endpoint that receives the change notifications.

https://webhook.azurewebsites.net/api/send/myNotifyClient
Subscription ID

The ID of the subscription to update.

12345678-1234-1234-1234-123456789012

{
  "data": {
    "id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
    "resource": "me/messages",
    "applicationId": "string",
    "changeType": "created,updated",
    "clientState": "secretClientValue",
    "notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
    "lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
    "expirationDateTime": "2016-11-20T18:23:45.9356913Z",
    "creatorId": "string",
    "latestSupportedTlsVersion": "v1_2",
    "encryptionCertificate": "",
    "encryptionCertificateId": "",
    "includeResourceData": false,
    "notificationContentType": "application/json"
  }
}

Update User

Update the properties of a User object. | key: updateUser

InputNotesExample
Account Enabled

Indicates if the account is enabled.

Additional Properties

Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/user-update

Connection
Debug Request

Enabling this flag will log out the current request.

false
Display Name

The display name of the user.

John
Domain

The updated domain for the user, this must be an existing domain in the tenant. Required if 'User Principal Name' input is provided.

domain.onmicrosoft.com
First Name

The updated first name of the user.

John
Job Title

The updated job title of the user.

Software Engineer
Last Name

The updated last name of the user.

Doe
User Id

Unique Identifier for the user to update. This can be the user's id or userPrincipalName.

d36894ae-94ae-d368-ae94-68d3ae9468d3
User Principal Name

The updated user principal name of the user. Required if 'Domain' input is provided.

John

{
  "data": {
    "success": true
  }
}

Upsert Application

Create a new application if it doesn't exist, or update the properties of an existing application. | key: upsertApplication

InputNotesExample
Additional Properties

Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/application-upsert

Connection
Debug Request

Enabling this flag will log out the current request.

false
Display Name

The display name of the application.

My Application
Unique Name

The unique name of the application to update or create.

MyApplication
Use as Upsert

Set to true to create a new application if it doesn't exist. Set to false to only update an existing application.

true

{
  "data": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
    "id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
    "deletedDateTime": null,
    "isFallbackPublicClient": null,
    "appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
    "applicationTemplateId": null,
    "identifierUris": [],
    "createdDateTime": "2019-09-17T19:10:35.2742618Z",
    "displayName": "Display name",
    "isDeviceOnlyAuthSupported": null,
    "groupMembershipClaims": null,
    "optionalClaims": null,
    "addIns": [],
    "publisherDomain": "contoso.com",
    "samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
    "signInAudience": "AzureADandPersonalMicrosoftAccount",
    "tags": [],
    "tokenEncryptionKeyId": null,
    "api": {
      "requestedAccessTokenVersion": 2,
      "acceptMappedClaims": null,
      "knownClientApplications": [],
      "oauth2PermissionScopes": [],
      "preAuthorizedApplications": []
    },
    "appRoles": [],
    "publicClient": {
      "redirectUris": []
    },
    "info": {
      "termsOfServiceUrl": null,
      "supportUrl": null,
      "privacyStatementUrl": null,
      "marketingUrl": null,
      "logoUrl": null
    },
    "keyCredentials": [],
    "parentalControlSettings": {
      "countriesBlockedForMinors": [],
      "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [],
    "requiredResourceAccess": [],
    "web": {
      "redirectUris": [],
      "homePageUrl": null,
      "logoutUrl": null,
      "implicitGrantSettings": {
        "enableIdTokenIssuance": false,
        "enableAccessTokenIssuance": false
      }
    }
  }
}

Upsert Group

Create a new group if it doesn't exist, or update the properties of an existing group. | key: upsertGroup

InputNotesExample
Additional Properties

Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/group-upsert

Connection
Debug Request

Enabling this flag will log out the current request.

false
Display Name

The name to display in the address book for the group.

Marketing Team
Group Types

The type of group and its membership.

Mail Enabled

Set to true for mail-enabled groups.

Mail Nickname

The mail alias for the group, unique for Microsoft 365 groups in the organization. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : <> , SPACE.

MarketingTeam
Security Enabled

Set to true for security-enabled groups, including Microsoft 365 groups. Note: Groups created using the Microsoft Entra admin center or the Azure portal always have securityEnabled initially set to true.

Unique Name

The unique name of the group to update or create.

MarketingTeam
Use as Upsert

Set to true to create a new group if it doesn't exist. Set to false to only update an existing group.

true

{
  "data": {
    "success": true
  }
}