Microsoft Entra ID Component
Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources. Use the Microsoft Entra ID component to manage your users, groups, and applications.
Component key: ms-entra-id
Description
Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources.
Use the Microsoft Entra ID component to manage your users, groups, and applications.
API Documentation:
The component was built using the Microsoft Graph REST API v1.0
Connections
OAuth 2.0
This authentication method may be used when an App requires granting admin consent to API permissions, in addition to authorizing the integration with the App's configured client credentials.
The Microsoft Azure Active Directory component authenticates requests through the Microsoft Graph API.
Creating an App Registration
To configure OAuth 2.0 you must first create an App through Active Directory in the Microsoft Entra Admin Center or Microsoft Azure Portal.
- Navigate to App Registrations
- When creating the application you will be prompted to select Supported account types.
- Select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
- Navigate to Redirect URI and add the Web platform. Now enter the redirect URI as
https://oauth2.prismatic.io/callback
for US based integrations.- For integrations outside the US refer to this guide to find your region’s Callback URL.
- Select Register to complete.
- In the App, navigate to Certificates & Secrets and select New client secret. Copy/save the Value for use in the connection configuration of your integration (the value will not be shown again).
- Next, navigate to the Overview section and copy the Application (client) ID
- Navigate to the API Permissions section to assign the proper permissions for the integration. Select Add Permission, select all permissions that are required for your desired integration
and save these values for later. A full list of scopes can be found on
the Microsoft Graph API documentation 1. Recommended scopes for Active Directory can be found in Microsoft Graph > Delegated permissions: 1.
Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access
Configuring the Integration
Supply the following values to the OAuth 2.0 Authorization Code connection in your integration within Prismatic:
- Client ID enter the Application (client) ID
- Client Secret enter the Value provided (Do not use Secret ID)
- Provide the assigned API permissions as Scopes you assigned to your App. The default value will be set to the following:
- Default example:
Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access
- Default example:
- If you didn't select Multitenant when creating the App, you will need to replace the Authorize URL and Token URL with ones specific to your tenant.
Input | Default | Notes |
---|---|---|
Authorize URL string / Required Hidden Field authorizeUrl | https://login.microsoftonline.com/common/oauth2/v2.0/authorize | The OAuth 2.0 Authorization URL for Microsoft Entra ID |
Client ID string / Required clientId | Get this value from your App Registration in the Azure Portal | |
Client Secret password / Required clientSecret | Get this value from your App Registration in the Azure Portal | |
Scopes string scopes | Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access | Microsoft Entra ID Scopes. |
Token URL string / Required Hidden Field tokenUrl | https://login.microsoftonline.com/common/oauth2/v2.0/token | The OAuth 2.0 Token URL for Microsoft Entra ID |
Triggers
Group Trigger
Get notified to this flow when a group changes. | key: groupTrigger
Input | Notes | Example |
---|---|---|
Change Type string / Required Value List changeType | Indicates the type of change that raises a notification. | created |
Connection connection / Required connection | ||
Expiration Date Time string expirationTriggerDateTime | The date and time when the trigger subscription expires. If not specified, the subscription defaults to 29 days from the current date and time. This trigger must be reactivated after expiration. | 2016-11-20T18:23:45.9356913Z |
User Trigger
Get notified to this flow when a user changes. | key: userTrigger
Input | Notes | Example |
---|---|---|
Change Type string / Required Value List changeType | Indicates the type of change that raises a notification. | created |
Connection connection / Required connection | ||
Expiration Date Time string expirationTriggerDateTime | The date and time when the trigger subscription expires. If not specified, the subscription defaults to 29 days from the current date and time. This trigger must be reactivated after expiration. | 2016-11-20T18:23:45.9356913Z |
Webhook
Receive and validate webhook requests from Microsoft Entra ID for webhooks you configure. | key: webhook
Data Sources
Select Application
Select an application from a picklist. | key: selectApplication | type: picklist
Input | Notes |
---|---|
Connection connection / Required connection |
Select Group
Select a group from a picklist. | key: selectGroup | type: picklist
Input | Notes |
---|---|
Connection connection / Required connection |
Select Group Member
Select a group member from a picklist. | key: selectGroupMember | type: picklist
Input | Notes | Example |
---|---|---|
Connection connection / Required connection | ||
Group Id string / Required groupId | b320ee12-b1cd-4cca-b648-a437be61c5cd |
Actions
Add Member to Group
Add a member to a group. | key: addMemberToGroup
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group Id string / Required groupId | The ID of the group to add the member to. | b320ee12-b1cd-4cca-b648-a437be61c5cd | |
Group Member OData ID string / Required groupMemberOdataId | The @odata.id property with a reference by ID to a supported group member object type. | https://graph.microsoft.com/v1.0/directoryObjects/{id} |
Example Payload for Add Member to Group
{
"data": {
"success": true
}
}
Create Application
Creates (registers) a new application. | key: createApplication
Input | Default | Notes | Example |
---|---|---|---|
Additional Properties code additionalProperties | Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/application-post-applications | ||
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Display Name string / Required displayName | The display name of the application. | My Application |
Example Payload for Create Application
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
"deletedDateTime": null,
"isFallbackPublicClient": null,
"appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
"applicationTemplateId": null,
"identifierUris": [],
"createdDateTime": "2019-09-17T19:10:35.2742618Z",
"displayName": "Display name",
"isDeviceOnlyAuthSupported": null,
"groupMembershipClaims": null,
"optionalClaims": null,
"addIns": [],
"publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"api": {
"requestedAccessTokenVersion": 2,
"acceptMappedClaims": null,
"knownClientApplications": [],
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"publicClient": {
"redirectUris": []
},
"info": {
"termsOfServiceUrl": null,
"supportUrl": null,
"privacyStatementUrl": null,
"marketingUrl": null,
"logoUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"requiredResourceAccess": [],
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
}
Create Group
Create a new group. It can be a Microsoft 365 group, dynamic group, or security group. | key: createGroup
Input | Default | Notes | Example |
---|---|---|---|
Additional Properties code additionalProperties | Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/group-post-groups | ||
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Display Name string / Required displayName | The name to display in the address book for the group. | Marketing Team | |
Group Types string groupTypes | The type of group and its membership. | ||
Mail Enabled boolean / Required mailEnabled | true | Set to true for mail-enabled groups. | |
Mail Nickname string / Required mailNickname | The mail alias for the group, unique for Microsoft 365 groups in the organization. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : <> , SPACE. | MarketingTeam | |
Security Enabled boolean / Required securityEnabled | true | Set to true for security-enabled groups, including Microsoft 365 groups. Note: Groups created using the Microsoft Entra admin center or the Azure portal always have securityEnabled initially set to true. |
Example Payload for Create Group
{
"data": {
"id": "b320ee12-b1cd-4cca-b648-a437be61c5cd",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-12-22T00:51:37Z",
"description": "Self help community for library",
"displayName": "Library Assist",
"groupTypes": [
"Unified"
],
"mail": "library7423@contoso.com",
"mailEnabled": true,
"mailNickname": "library",
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"proxyAddresses": [
"SMTP:library7423@contoso.com"
],
"renewedDateTime": "2018-12-22T00:51:37Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"visibility": "Public",
"onPremisesProvisioningErrors": []
}
}
Create Subscription
Create a subscription to receive notifications when changes occur in the specified object. | key: createSubscription
Input | Default | Notes | Example |
---|---|---|---|
Additional Properties code additionalProperties | Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions | ||
Change Type string / Required changeType | Indicates the type of change in the subscribed resource that raises a change notification. The supported values are: created, updated, deleted. Multiple values can be combined using a comma-separated list. | created | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Expiration Date Time string / Required expirationDateTime | Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to. | 2016-11-20T18:23:45.9356913Z | |
Header string Key Value List headers | A list of headers to send with the request. | User-Agent: curl/7.64.1 | |
Notification URL string / Required notificationUrl | The URL of the endpoint that receives the change notifications. | https://webhook.azurewebsites.net/api/send/myNotifyClient | |
Resource string / Required resource | The resource that will be monitored for changes. See https://learn.microsoft.com/en-us/graph/api/resources/change-notifications-api-overview?view=graph-rest-1.0 | /users |
Example Payload for Create Subscription
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions/$entity",
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/mailFolders('Inbox')/messages",
"applicationId": "24d3b144-21ae-4080-943f-7067b395b913",
"changeType": "created",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "8ee44408-0679-472c-bc2a-692812af3437",
"latestSupportedTlsVersion": "v1_2",
"notificationContentType": "application/json"
}
}
Create User
Create a new user. | key: createUser
Input | Default | Notes | Example |
---|---|---|---|
Account Enabled boolean / Required accountEnabled | true | Indicates if the account is enabled. | |
Additional Properties code additionalProperties | Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/user-post-users | ||
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Display Name string / Required displayName | The display name of the user. | John | |
Domain string / Required domain | The domain for the user, this must be an existing domain in the tenant. | domain.onmicrosoft.com | |
Force Change Password Next Sign In boolean / Required forceChangePasswordNextSignIn | true | Indicates if the user is forced to change their password on next sign in. | |
Password password / Required password | The password of the user. | Jaka889740 | |
User Principal Name string / Required userPrincipalName | The user principal name of the user. | John |
Example Payload for Create User
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"businessPhones": [],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Product Marketing Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com"
}
}
Delete Application
Delete application object. | key: deleteApplication
Input | Default | Notes | Example |
---|---|---|---|
Application Object ID string / Required applicationObjectId | The ID of the application to delete. | 03ef14b0-ca33-4840-8f4f-d6e91916010e | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Delete Application
{
"data": {
"success": true
}
}
Delete Group
Delete group object. | key: deleteGroup
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group Id string / Required groupId | The ID of the group to delete. | b320ee12-b1cd-4cca-b648-a437be61c5cd |
Example Payload for Delete Group
{
"data": {
"success": true
}
}
Delete Instanced Subscriptions
Delete all webhooks that point to a flow in this instance. | key: deleteInstancedSubscriptions
Input | Default | Notes |
---|---|---|
Connection connection / Required connection | ||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Delete Instanced Subscriptions
{
"data": {
"subscriptionsRemoved": [
"26ebd1e9-c54a-4bbe-9583-fc05974952a4",
"b9b27172-ee2e-4248-86df-fc98cb71d914"
]
}
}
Delete Subscription
Deletes a subscription object. | key: deleteSubscription
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Subscription ID string / Required subscriptionId | The ID of the subscription to delete. | 12345678-1234-1234-1234-123456789012 |
Example Payload for Delete Subscription
{
"data": {
"success": true
}
}
Delete User
Deletes a User. | key: deleteUser
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
User Id string / Required userId | Unique Identifier for the user to delete. This can be the user's id or userPrincipalName. | d36894ae-94ae-d368-ae94-68d3ae9468d3 |
Example Payload for Delete User
{
"data": {
"success": true
}
}
Get Application
Read properties of an application object. | key: getApplication
Input | Default | Notes | Example |
---|---|---|---|
Application Object ID string / Required applicationObjectId | The ID of the application to read. | 03ef14b0-ca33-4840-8f4f-d6e91916010e | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Example Payload for Get Application
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
"deletedDateTime": null,
"isFallbackPublicClient": null,
"appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
"applicationTemplateId": null,
"identifierUris": [],
"createdDateTime": "2019-09-17T19:10:35.2742618Z",
"displayName": "Display name",
"isDeviceOnlyAuthSupported": null,
"groupMembershipClaims": null,
"optionalClaims": null,
"addIns": [],
"publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"api": {
"requestedAccessTokenVersion": 2,
"acceptMappedClaims": null,
"knownClientApplications": [],
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"publicClient": {
"redirectUris": []
},
"info": {
"termsOfServiceUrl": null,
"supportUrl": null,
"privacyStatementUrl": null,
"marketingUrl": null,
"logoUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"requiredResourceAccess": [],
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
}
Get Group
Read properties of a group object. | key: getGroup
Input | Default | Notes | Example |
---|---|---|---|
Select string $select | Filters properties (columns). | givenName,surname | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group Id string / Required groupId | b320ee12-b1cd-4cca-b648-a437be61c5cd |
Example Payload for Get Group
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
"id": "02bd9fd6-8f93-4758-87c3-1fb73740a315",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2017-07-31T18:56:16Z",
"description": "Welcome to the HR Taskforce team.",
"displayName": "HR Taskforce",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "HRTaskforce@contoso.com",
"mailEnabled": true,
"mailNickname": "HRTaskforce",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"preferredLanguage": null,
"proxyAddresses": [
"SMTP:HRTaskforce@contoso.com",
"SPO:SPO_896cf652-b200-4b74-8111-c013f64406cf@SPO_dcd219dd-bc68-4b9b-bf0b-4a33a796be35"
],
"renewedDateTime": "2020-01-24T19:01:14Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [
"Team"
],
"securityEnabled": false,
"securityIdentifier": "S-1-12-1-45981654-1196986259-3072312199-363020343",
"serviceProvisioningErrors": [],
"theme": null,
"visibility": "Private",
"onPremisesProvisioningErrors": []
}
}
Get Subscription
Read properties of a subscription object. | key: getSubscription
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Subscription ID string / Required subscriptionId | The ID of the subscription to read. | 12345678-1234-1234-1234-123456789012 |
Example Payload for Get Subscription
{
"data": {
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
}
Get User
Read properties and relationships of the User object. | key: getUser
Input | Default | Notes | Example |
---|---|---|---|
Select string $select | Filters properties (columns). | givenName,surname | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
User Id string / Required userId | Unique Identifier for the user to get. This can be the user's id or userPrincipalName. | d36894ae-94ae-d368-ae94-68d3ae9468d3 |
Example Payload for Get User
{
"data": {
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
}
List Applications
Retrieve the list of applications in the organization. | key: listApplications
Input | Default | Notes | Example |
---|---|---|---|
Count boolean $count | false | Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work. | |
Expand string $expand | Retrieves related resources. | members | |
Filter string $filter | Filters results (rows). | startswith(givenName,'J') | |
Order By string $orderby | Orders results. | displayName desc | |
Search string $search | Returns results based on search criteria. | pizza | |
Select string $select | Filters properties (columns). | givenName,surname | |
Top string $top | Sets the page size of results. | 10 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Eventual Consistency Level Header boolean eventualConsistencyLevelHeader | false | Add the header to the request to specify the eventual consistency level. Required for some OData properties. | |
Get All Paginated Results boolean getAllPaginatedResults | false | Retrieves all paginated results. Ignores the 'Top' input and retrieves all results. |
Example Payload for List Applications
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications",
"value": [
{
"appId": "00000000-0000-0000-0000-000000000000",
"identifierUris": [
"http://contoso/"
],
"displayName": "My app",
"publisherDomain": "contoso.com",
"signInAudience": "AzureADMyOrg"
}
]
}
}
List Changes
Track changes in an object and its children over time. | key: listChanges
Input | Default | Notes | Example |
---|---|---|---|
Delta Token string $deltatoken | A state token returned in the @odata.deltaLink URL of the previous delta function call for the same user collection, indicating the completion of that round of change tracking. | deltatoken | |
Filter string $filter | Filters results (rows). | startswith(givenName,'J') | |
Select string $select | Filters properties (columns). | givenName,surname | |
Skip Token string $skiptoken | A state token returned in the @odata.nextLink URL of the previous delta function call, indicating there are further changes to be tracked in the same user collection. | skiptoken | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
URL to fetch for delta string / Required deltaURL | The URL to track changes in an object and its children over time. You can use @odata.nextLink or @odata.deltaLink here to get the next set of changes. | /users/delta | |
Return Minimal boolean returnMinimal | false | Returns only the object properties that have changed since the last round when using @odata.deltaLink. |
Example Payload for List Changes
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"@odata.nextLink": "https://graph.microsoft.com/v1.0/users/delta?$skiptoken=pqwSUjGYvb3jQpbwVAwEL7yuI3dU1LecfkkfLPtnIjsXoYQp_dpA3cNJWc",
"value": [
{
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
]
}
}
List Group
List group objects and their properties. | key: listGroup
Input | Default | Notes | Example |
---|---|---|---|
Count boolean $count | false | Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work. | |
Expand string $expand | Retrieves related resources. | members | |
Filter string $filter | Filters results (rows). | startswith(givenName,'J') | |
Order By string $orderby | Orders results. | displayName desc | |
Search string $search | Returns results based on search criteria. | pizza | |
Select string $select | Filters properties (columns). | givenName,surname | |
Top string $top | Sets the page size of results. | 10 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Eventual Consistency Level Header boolean eventualConsistencyLevelHeader | false | Add the header to the request to specify the eventual consistency level. Required for some OData properties. | |
Get All Paginated Results boolean getAllPaginatedResults | false | Retrieves all paginated results. Ignores the 'Top' input and retrieves all results. |
Example Payload for List Group
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
"value": [
{
"id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-12-22T02:21:05Z",
"description": "Self help community for golf",
"displayName": "Golf Assist",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "golfassist@contoso.com",
"mailEnabled": true,
"mailNickname": "golfassist",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"preferredLanguage": null,
"proxyAddresses": [
"smtp:golfassist@contoso.com",
"SMTP:golfassist@contoso.com"
],
"renewedDateTime": "2018-12-22T02:21:05Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"theme": null,
"visibility": "Public",
"onPremisesProvisioningErrors": []
},
{
"id": "d7797254-3084-44d0-99c9-a3b5ab149538",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-11-19T20:29:40Z",
"description": "Talk about golf",
"displayName": "Golf Discussion",
"expirationDateTime": null,
"groupTypes": [],
"isAssignableToRole": null,
"mail": "golftalk@contoso.com",
"mailEnabled": true,
"mailNickname": "golftalk",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"preferredLanguage": null,
"proxyAddresses": [
"smtp:golftalk@contoso.com",
"SMTP:golftalk@contoso.com"
],
"renewedDateTime": "2018-11-19T20:29:40Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"serviceProvisioningErrors": [],
"theme": null,
"visibility": null,
"onPremisesProvisioningErrors": []
}
]
}
}
List Group Members
Get the direct members of this group from the members navigation property. | key: listGroupMembers
Input | Default | Notes | Example |
---|---|---|---|
Count boolean $count | false | Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work. | |
Expand string $expand | Retrieves related resources. | members | |
Filter string $filter | Filters results (rows). | startswith(givenName,'J') | |
Search string $search | Returns results based on search criteria. | pizza | |
Select string $select | Filters properties (columns). | givenName,surname | |
Top string $top | Sets the page size of results. | 10 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Eventual Consistency Level Header boolean eventualConsistencyLevelHeader | false | Add the header to the request to specify the eventual consistency level. Required for some OData properties. | |
Get All Paginated Results boolean getAllPaginatedResults | false | Retrieves all paginated results. Ignores the 'Top' input and retrieves all results. | |
Group Id string / Required groupId | b320ee12-b1cd-4cca-b648-a437be61c5cd |
Example Payload for List Group Members
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
"value": [
{
"id": "11111111-2222-3333-4444-555555555555",
"mail": "user1@contoso.com"
}
]
}
}
List Subscriptions
Lists active subscriptions. | key: listSubscriptions
Input | Default | Notes |
---|---|---|
Connection connection / Required connection | ||
Debug Request boolean debug | false | Enabling this flag will log out the current request. |
Get All Paginated Results boolean getAllPaginatedResults | false | Set to true to retrieve all subscriptions. |
Example Payload for List Subscriptions
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions",
"value": [
{
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
]
}
}
List Users
Retrieve a list of user objects. | key: listUsers
Input | Default | Notes | Example |
---|---|---|---|
Count boolean $count | false | Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work. | |
Expand string $expand | Retrieves related resources. | members | |
Filter string $filter | Filters results (rows). | startswith(givenName,'J') | |
Order By string $orderby | Orders results. | displayName desc | |
Search string $search | Returns results based on search criteria. | pizza | |
Select string $select | Filters properties (columns). | givenName,surname | |
Top string $top | Sets the page size of results. | 10 | |
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Eventual Consistency Level Header boolean eventualConsistencyLevelHeader | false | Add the header to the request to specify the eventual consistency level. Required for some OData properties. | |
Get All Paginated Results boolean getAllPaginatedResults | false | Retrieves all paginated results. Ignores the 'Top' input and retrieves all results. |
Example Payload for List Users
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"value": [
{
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
]
}
}
Raw Request
Send raw HTTP request to Microsoft Entra ID. | key: rawRequest
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Data string data | The HTTP body payload to send to the URL. | {"exampleKey": "Example Data"} | |
Debug Request boolean debugRequest | false | Enabling this flag will log out the current request. | |
File Data string Key Value List fileData | File Data to be sent as a multipart form upload. | [{key: "example.txt", value: "My File Contents"}] | |
File Data File Names string Key Value List fileDataFileNames | File names to apply to the file data inputs. Keys must match the file data keys above. | ||
Form Data string Key Value List formData | The Form Data to be sent as a multipart form upload. | [{"key": "Example Key", "value": new Buffer("Hello World")}] | |
Header string Key Value List headers | A list of headers to send with the request. | User-Agent: curl/7.64.1 | |
Max Retry Count string maxRetries | 0 | The maximum number of retries to attempt. Specify 0 for no retries. | |
Method string / Required method | The HTTP method to use. | ||
Query Parameter string Key Value List queryParams | A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2. | ||
Response Type string / Required responseType | json | The type of data you expect in the response. You can request json, text, or binary data. | |
Retry On All Errors boolean retryAllErrors | false | If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors. | |
Retry Delay (ms) string retryDelayMS | 0 | The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled. | |
Timeout string timeout | The maximum time that a client will await a response to its request | 2000 | |
URL string / Required url | Input the path only (/users), The base URL is already included (https://graph.microsoft.com/v1.0). For example, to connect to https://graph.microsoft.com/v1.0/users, only /users is entered in this field. | /users | |
Use Exponential Backoff boolean useExponentialBackoff | false | Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored. |
Remove Member of Group
Remove a member from a Microsoft 365 group or a security group through the members navigation property. | key: removeMemberOfGroup
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Group Id string / Required groupId | The ID of the group to remove the member from. | b320ee12-b1cd-4cca-b648-a437be61c5cd | |
Member ID string / Required memberId | The ID of the member to remove from the group. | 12345678-1234-1234-1234-123456789012 |
Example Payload for Remove Member of Group
{
"data": {
"success": true
}
}
Update Subscription
Updates a subscription expiration time for renewal and/or updates the notificationUrl for delivery. | key: updateSubscription
Input | Default | Notes | Example |
---|---|---|---|
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Expiration Date Time string expirationDateTime | Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to. | 2016-11-20T18:23:45.9356913Z | |
Notification URL string notificationUrl | The URL of the endpoint that receives the change notifications. | https://webhook.azurewebsites.net/api/send/myNotifyClient | |
Subscription ID string / Required subscriptionId | The ID of the subscription to update. | 12345678-1234-1234-1234-123456789012 |
Example Payload for Update Subscription
{
"data": {
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
}
Update User
Update the properties of a User object. | key: updateUser
Input | Default | Notes | Example |
---|---|---|---|
Account Enabled string accountEnabled | Indicates if the account is enabled. | ||
Additional Properties code additionalProperties | Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/user-update | ||
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Display Name string displayName | The display name of the user. | John | |
Domain string domain | The updated domain for the user, this must be an existing domain in the tenant. Required if 'User Principal Name' input is provided. | domain.onmicrosoft.com | |
First Name string givenName | The updated first name of the user. | John | |
Job Title string jobTitle | The updated job title of the user. | Software Engineer | |
Last Name string surname | The updated last name of the user. | Doe | |
User Id string / Required userId | Unique Identifier for the user to update. This can be the user's id or userPrincipalName. | d36894ae-94ae-d368-ae94-68d3ae9468d3 | |
User Principal Name string userPrincipalName | The updated user principal name of the user. Required if 'Domain' input is provided. | John |
Example Payload for Update User
{
"data": {
"success": true
}
}
Upsert Application
Create a new application if it doesn't exist, or update the properties of an existing application. | key: upsertApplication
Input | Default | Notes | Example |
---|---|---|---|
Additional Properties code additionalProperties | Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/application-upsert | ||
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Display Name string / Required displayName | The display name of the application. | My Application | |
Unique Name string / Required uniqueName | The unique name of the application to update or create. | MyApplication | |
Use as Upsert boolean / Required useAsUpsert | true | Set to true to create a new application if it doesn't exist. Set to false to only update an existing application. |
Example Payload for Upsert Application
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
"deletedDateTime": null,
"isFallbackPublicClient": null,
"appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
"applicationTemplateId": null,
"identifierUris": [],
"createdDateTime": "2019-09-17T19:10:35.2742618Z",
"displayName": "Display name",
"isDeviceOnlyAuthSupported": null,
"groupMembershipClaims": null,
"optionalClaims": null,
"addIns": [],
"publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"api": {
"requestedAccessTokenVersion": 2,
"acceptMappedClaims": null,
"knownClientApplications": [],
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"publicClient": {
"redirectUris": []
},
"info": {
"termsOfServiceUrl": null,
"supportUrl": null,
"privacyStatementUrl": null,
"marketingUrl": null,
"logoUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"requiredResourceAccess": [],
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
}
Upsert Group
Create a new group if it doesn't exist, or update the properties of an existing group. | key: upsertGroup
Input | Default | Notes | Example |
---|---|---|---|
Additional Properties code additionalProperties | Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/group-upsert | ||
Connection connection / Required connection | |||
Debug Request boolean debug | false | Enabling this flag will log out the current request. | |
Display Name string displayName | The name to display in the address book for the group. | Marketing Team | |
Group Types string groupTypes | The type of group and its membership. | ||
Mail Enabled string mailEnabled | Set to true for mail-enabled groups. | ||
Mail Nickname string mailNickname | The mail alias for the group, unique for Microsoft 365 groups in the organization. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : <> , SPACE. | MarketingTeam | |
Security Enabled string securityEnabled | Set to true for security-enabled groups, including Microsoft 365 groups. Note: Groups created using the Microsoft Entra admin center or the Azure portal always have securityEnabled initially set to true. | ||
Unique Name string / Required uniqueName | The unique name of the group to update or create. | MarketingTeam | |
Use as Upsert boolean / Required useAsUpsert | true | Set to true to create a new group if it doesn't exist. Set to false to only update an existing group. |
Example Payload for Upsert Group
{
"data": {
"success": true
}
}