Skip to main content

Microsoft Entra ID Component

Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources. Use the Microsoft Entra ID component to manage your users, groups, and applications.

Component key: ms-entra-id

Description

Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources.

Use the Microsoft Entra ID component to manage your users, groups, and applications.

API Documentation:

The component was built using the Microsoft Graph REST API v1.0

Connections

OAuth 2.0

This authentication method may be used when an App requires granting admin consent to API permissions, in addition to authorizing the integration with the App's configured client credentials.

The Microsoft Azure Active Directory component authenticates requests through the Microsoft Graph API.

Creating an App Registration

To configure OAuth 2.0 you must first create an App through Active Directory in the Microsoft Entra Admin Center or Microsoft Azure Portal.

  1. Navigate to App Registrations
  2. When creating the application you will be prompted to select Supported account types.
  3. Select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
  4. Navigate to Redirect URI and add the Web platform. Now enter the redirect URI as https://oauth2.prismatic.io/callback for US based integrations.
    1. For integrations outside the US refer to this guide to find your region’s Callback URL.
  5. Select Register to complete.
  6. In the App, navigate to Certificates & Secrets and select New client secret. Copy/save the Value for use in the connection configuration of your integration (the value will not be shown again).
  7. Next, navigate to the Overview section and copy the Application (client) ID
  8. Navigate to the API Permissions section to assign the proper permissions for the integration. Select Add Permission, select all permissions that are required for your desired integration and save these values for later. A full list of scopes can be found on the Microsoft Graph API documentation 1. Recommended scopes for Active Directory can be found in Microsoft Graph > Delegated permissions: 1. Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access

Configuring the Integration

Supply the following values to the OAuth 2.0 Authorization Code connection in your integration within Prismatic:

  • Client ID enter the Application (client) ID
  • Client Secret enter the Value provided (Do not use Secret ID)
  • Provide the assigned API permissions as Scopes you assigned to your App. The default value will be set to the following:
    • Default example: Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access
  • If you didn't select Multitenant when creating the App, you will need to replace the Authorize URL and Token URL with ones specific to your tenant.
InputDefaultNotes
Authorize URL
string
/ Required
Hidden Field
authorizeUrl
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
The OAuth 2.0 Authorization URL for Microsoft Entra ID
Client ID
string
/ Required
clientId
Get this value from your App Registration in the Azure Portal
Client Secret
password
/ Required
clientSecret
Get this value from your App Registration in the Azure Portal
Scopes
string
scopes
Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access
Microsoft Entra ID Scopes.
Token URL
string
/ Required
Hidden Field
tokenUrl
https://login.microsoftonline.com/common/oauth2/v2.0/token
The OAuth 2.0 Token URL for Microsoft Entra ID

Triggers

Group Trigger

Get notified to this flow when a group changes. | key: groupTrigger

InputNotesExample
Change Type
string
/ Required
Value List
changeType
Indicates the type of change that raises a notification.
created
Connection
connection
/ Required
connection
 
 
Expiration Date Time
string
expirationTriggerDateTime
The date and time when the trigger subscription expires. If not specified, the subscription defaults to 29 days from the current date and time. This trigger must be reactivated after expiration.
2016-11-20T18:23:45.9356913Z

User Trigger

Get notified to this flow when a user changes. | key: userTrigger

InputNotesExample
Change Type
string
/ Required
Value List
changeType
Indicates the type of change that raises a notification.
created
Connection
connection
/ Required
connection
 
 
Expiration Date Time
string
expirationTriggerDateTime
The date and time when the trigger subscription expires. If not specified, the subscription defaults to 29 days from the current date and time. This trigger must be reactivated after expiration.
2016-11-20T18:23:45.9356913Z

Webhook

Receive and validate webhook requests from Microsoft Entra ID for webhooks you configure. | key: webhook


Data Sources

Select Application

Select an application from a picklist. | key: selectApplication | type: picklist

InputNotes
Connection
connection
/ Required
connection
 

Select Group

Select a group from a picklist. | key: selectGroup | type: picklist

InputNotes
Connection
connection
/ Required
connection
 

Select Group Member

Select a group member from a picklist. | key: selectGroupMember | type: picklist

InputNotesExample
Connection
connection
/ Required
connection
 
 
Group Id
string
/ Required
groupId
 
b320ee12-b1cd-4cca-b648-a437be61c5cd

Actions

Add Member to Group

Add a member to a group. | key: addMemberToGroup

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Group Id
string
/ Required
groupId
The ID of the group to add the member to.
b320ee12-b1cd-4cca-b648-a437be61c5cd
Group Member OData ID
string
/ Required
groupMemberOdataId
The @odata.id property with a reference by ID to a supported group member object type.
https://graph.microsoft.com/v1.0/directoryObjects/{id}

{
"data": {
"success": true
}
}

Create Application

Creates (registers) a new application. | key: createApplication

InputDefaultNotesExample
Additional Properties
code
additionalProperties
Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/application-post-applications
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Display Name
string
/ Required
displayName
The display name of the application.
My Application

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
"deletedDateTime": null,
"isFallbackPublicClient": null,
"appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
"applicationTemplateId": null,
"identifierUris": [],
"createdDateTime": "2019-09-17T19:10:35.2742618Z",
"displayName": "Display name",
"isDeviceOnlyAuthSupported": null,
"groupMembershipClaims": null,
"optionalClaims": null,
"addIns": [],
"publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"api": {
"requestedAccessTokenVersion": 2,
"acceptMappedClaims": null,
"knownClientApplications": [],
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"publicClient": {
"redirectUris": []
},
"info": {
"termsOfServiceUrl": null,
"supportUrl": null,
"privacyStatementUrl": null,
"marketingUrl": null,
"logoUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"requiredResourceAccess": [],
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
}

Create Group

Create a new group. It can be a Microsoft 365 group, dynamic group, or security group. | key: createGroup

InputDefaultNotesExample
Additional Properties
code
additionalProperties
Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/group-post-groups
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Display Name
string
/ Required
displayName
The name to display in the address book for the group.
Marketing Team
Group Types
string
groupTypes
The type of group and its membership.
 
Mail Enabled
boolean
/ Required
mailEnabled
true
Set to true for mail-enabled groups.
 
Mail Nickname
string
/ Required
mailNickname
The mail alias for the group, unique for Microsoft 365 groups in the organization. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : <> , SPACE.
MarketingTeam
Security Enabled
boolean
/ Required
securityEnabled
true
Set to true for security-enabled groups, including Microsoft 365 groups. Note: Groups created using the Microsoft Entra admin center or the Azure portal always have securityEnabled initially set to true.
 

{
"data": {
"id": "b320ee12-b1cd-4cca-b648-a437be61c5cd",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-12-22T00:51:37Z",
"description": "Self help community for library",
"displayName": "Library Assist",
"groupTypes": [
"Unified"
],
"mail": "library7423@contoso.com",
"mailEnabled": true,
"mailNickname": "library",
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"proxyAddresses": [
"SMTP:library7423@contoso.com"
],
"renewedDateTime": "2018-12-22T00:51:37Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"visibility": "Public",
"onPremisesProvisioningErrors": []
}
}

Create Subscription

Create a subscription to receive notifications when changes occur in the specified object. | key: createSubscription

InputDefaultNotesExample
Additional Properties
code
additionalProperties
Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions
Change Type
string
/ Required
changeType
Indicates the type of change in the subscribed resource that raises a change notification. The supported values are: created, updated, deleted. Multiple values can be combined using a comma-separated list.
created
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Expiration Date Time
string
/ Required
expirationDateTime
Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to.
2016-11-20T18:23:45.9356913Z
Header
string
Key Value List
headers
A list of headers to send with the request.
User-Agent: curl/7.64.1
Notification URL
string
/ Required
notificationUrl
The URL of the endpoint that receives the change notifications.
https://webhook.azurewebsites.net/api/send/myNotifyClient
Resource
string
/ Required
resource
The resource that will be monitored for changes. See https://learn.microsoft.com/en-us/graph/api/resources/change-notifications-api-overview?view=graph-rest-1.0
/users

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions/$entity",
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/mailFolders('Inbox')/messages",
"applicationId": "24d3b144-21ae-4080-943f-7067b395b913",
"changeType": "created",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "8ee44408-0679-472c-bc2a-692812af3437",
"latestSupportedTlsVersion": "v1_2",
"notificationContentType": "application/json"
}
}

Create User

Create a new user. | key: createUser

InputDefaultNotesExample
Account Enabled
boolean
/ Required
accountEnabled
true
Indicates if the account is enabled.
 
Additional Properties
code
additionalProperties
Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/user-post-users
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Display Name
string
/ Required
displayName
The display name of the user.
John
Domain
string
/ Required
domain
The domain for the user, this must be an existing domain in the tenant.
domain.onmicrosoft.com
Force Change Password Next Sign In
boolean
/ Required
forceChangePasswordNextSignIn
true
Indicates if the user is forced to change their password on next sign in.
 
Password
password
/ Required
password
The password of the user.
Jaka889740
User Principal Name
string
/ Required
userPrincipalName
The user principal name of the user.
John

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"businessPhones": [],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Product Marketing Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com"
}
}

Delete Application

Delete application object. | key: deleteApplication

InputDefaultNotesExample
Application Object ID
string
/ Required
applicationObjectId
The ID of the application to delete.
03ef14b0-ca33-4840-8f4f-d6e91916010e
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 

{
"data": {
"success": true
}
}

Delete Group

Delete group object. | key: deleteGroup

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Group Id
string
/ Required
groupId
The ID of the group to delete.
b320ee12-b1cd-4cca-b648-a437be61c5cd

{
"data": {
"success": true
}
}

Delete Instanced Subscriptions

Delete all webhooks that point to a flow in this instance. | key: deleteInstancedSubscriptions

InputDefaultNotes
Connection
connection
/ Required
connection
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.

{
"data": {
"subscriptionsRemoved": [
"26ebd1e9-c54a-4bbe-9583-fc05974952a4",
"b9b27172-ee2e-4248-86df-fc98cb71d914"
]
}
}

Delete Subscription

Deletes a subscription object. | key: deleteSubscription

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Subscription ID
string
/ Required
subscriptionId
The ID of the subscription to delete.
12345678-1234-1234-1234-123456789012

{
"data": {
"success": true
}
}

Delete User

Deletes a User. | key: deleteUser

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
User Id
string
/ Required
userId
Unique Identifier for the user to delete. This can be the user's id or userPrincipalName.
d36894ae-94ae-d368-ae94-68d3ae9468d3

{
"data": {
"success": true
}
}

Get Application

Read properties of an application object. | key: getApplication

InputDefaultNotesExample
Application Object ID
string
/ Required
applicationObjectId
The ID of the application to read.
03ef14b0-ca33-4840-8f4f-d6e91916010e
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
"deletedDateTime": null,
"isFallbackPublicClient": null,
"appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
"applicationTemplateId": null,
"identifierUris": [],
"createdDateTime": "2019-09-17T19:10:35.2742618Z",
"displayName": "Display name",
"isDeviceOnlyAuthSupported": null,
"groupMembershipClaims": null,
"optionalClaims": null,
"addIns": [],
"publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"api": {
"requestedAccessTokenVersion": 2,
"acceptMappedClaims": null,
"knownClientApplications": [],
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"publicClient": {
"redirectUris": []
},
"info": {
"termsOfServiceUrl": null,
"supportUrl": null,
"privacyStatementUrl": null,
"marketingUrl": null,
"logoUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"requiredResourceAccess": [],
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
}

Get Group

Read properties of a group object. | key: getGroup

InputDefaultNotesExample
Select
string
$select
Filters properties (columns).
givenName,surname
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Group Id
string
/ Required
groupId
 
b320ee12-b1cd-4cca-b648-a437be61c5cd

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
"id": "02bd9fd6-8f93-4758-87c3-1fb73740a315",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2017-07-31T18:56:16Z",
"description": "Welcome to the HR Taskforce team.",
"displayName": "HR Taskforce",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "HRTaskforce@contoso.com",
"mailEnabled": true,
"mailNickname": "HRTaskforce",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"preferredLanguage": null,
"proxyAddresses": [
"SMTP:HRTaskforce@contoso.com",
"SPO:SPO_896cf652-b200-4b74-8111-c013f64406cf@SPO_dcd219dd-bc68-4b9b-bf0b-4a33a796be35"
],
"renewedDateTime": "2020-01-24T19:01:14Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [
"Team"
],
"securityEnabled": false,
"securityIdentifier": "S-1-12-1-45981654-1196986259-3072312199-363020343",
"serviceProvisioningErrors": [],
"theme": null,
"visibility": "Private",
"onPremisesProvisioningErrors": []
}
}

Get Subscription

Read properties of a subscription object. | key: getSubscription

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Subscription ID
string
/ Required
subscriptionId
The ID of the subscription to read.
12345678-1234-1234-1234-123456789012

{
"data": {
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
}

Get User

Read properties and relationships of the User object. | key: getUser

InputDefaultNotesExample
Select
string
$select
Filters properties (columns).
givenName,surname
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
User Id
string
/ Required
userId
Unique Identifier for the user to get. This can be the user's id or userPrincipalName.
d36894ae-94ae-d368-ae94-68d3ae9468d3

{
"data": {
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
}

List Applications

Retrieve the list of applications in the organization. | key: listApplications

InputDefaultNotesExample
Count
boolean
$count
false
Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.
 
Expand
string
$expand
Retrieves related resources.
members
Filter
string
$filter
Filters results (rows).
startswith(givenName,'J')
Order By
string
$orderby
Orders results.
displayName desc
Search
string
$search
Returns results based on search criteria.
pizza
Select
string
$select
Filters properties (columns).
givenName,surname
Top
string
$top
Sets the page size of results.
10
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Eventual Consistency Level Header
boolean
eventualConsistencyLevelHeader
false
Add the header to the request to specify the eventual consistency level. Required for some OData properties.
 
Get All Paginated Results
boolean
getAllPaginatedResults
false
Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.
 

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications",
"value": [
{
"appId": "00000000-0000-0000-0000-000000000000",
"identifierUris": [
"http://contoso/"
],
"displayName": "My app",
"publisherDomain": "contoso.com",
"signInAudience": "AzureADMyOrg"
}
]
}
}

List Changes

Track changes in an object and its children over time. | key: listChanges

InputDefaultNotesExample
Delta Token
string
$deltatoken
A state token returned in the @odata.deltaLink URL of the previous delta function call for the same user collection, indicating the completion of that round of change tracking.
deltatoken
Filter
string
$filter
Filters results (rows).
startswith(givenName,'J')
Select
string
$select
Filters properties (columns).
givenName,surname
Skip Token
string
$skiptoken
A state token returned in the @odata.nextLink URL of the previous delta function call, indicating there are further changes to be tracked in the same user collection.
skiptoken
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
URL to fetch for delta
string
/ Required
deltaURL
The URL to track changes in an object and its children over time. You can use @odata.nextLink or @odata.deltaLink here to get the next set of changes.
/users/delta
Return Minimal
boolean
returnMinimal
false
Returns only the object properties that have changed since the last round when using @odata.deltaLink.
 

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"@odata.nextLink": "https://graph.microsoft.com/v1.0/users/delta?$skiptoken=pqwSUjGYvb3jQpbwVAwEL7yuI3dU1LecfkkfLPtnIjsXoYQp_dpA3cNJWc",
"value": [
{
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
]
}
}

List Group

List group objects and their properties. | key: listGroup

InputDefaultNotesExample
Count
boolean
$count
false
Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.
 
Expand
string
$expand
Retrieves related resources.
members
Filter
string
$filter
Filters results (rows).
startswith(givenName,'J')
Order By
string
$orderby
Orders results.
displayName desc
Search
string
$search
Returns results based on search criteria.
pizza
Select
string
$select
Filters properties (columns).
givenName,surname
Top
string
$top
Sets the page size of results.
10
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Eventual Consistency Level Header
boolean
eventualConsistencyLevelHeader
false
Add the header to the request to specify the eventual consistency level. Required for some OData properties.
 
Get All Paginated Results
boolean
getAllPaginatedResults
false
Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.
 

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
"value": [
{
"id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-12-22T02:21:05Z",
"description": "Self help community for golf",
"displayName": "Golf Assist",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "golfassist@contoso.com",
"mailEnabled": true,
"mailNickname": "golfassist",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"preferredLanguage": null,
"proxyAddresses": [
"smtp:golfassist@contoso.com",
"SMTP:golfassist@contoso.com"
],
"renewedDateTime": "2018-12-22T02:21:05Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"theme": null,
"visibility": "Public",
"onPremisesProvisioningErrors": []
},
{
"id": "d7797254-3084-44d0-99c9-a3b5ab149538",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-11-19T20:29:40Z",
"description": "Talk about golf",
"displayName": "Golf Discussion",
"expirationDateTime": null,
"groupTypes": [],
"isAssignableToRole": null,
"mail": "golftalk@contoso.com",
"mailEnabled": true,
"mailNickname": "golftalk",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"preferredLanguage": null,
"proxyAddresses": [
"smtp:golftalk@contoso.com",
"SMTP:golftalk@contoso.com"
],
"renewedDateTime": "2018-11-19T20:29:40Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"serviceProvisioningErrors": [],
"theme": null,
"visibility": null,
"onPremisesProvisioningErrors": []
}
]
}
}

List Group Members

Get the direct members of this group from the members navigation property. | key: listGroupMembers

InputDefaultNotesExample
Count
boolean
$count
false
Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.
 
Expand
string
$expand
Retrieves related resources.
members
Filter
string
$filter
Filters results (rows).
startswith(givenName,'J')
Search
string
$search
Returns results based on search criteria.
pizza
Select
string
$select
Filters properties (columns).
givenName,surname
Top
string
$top
Sets the page size of results.
10
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Eventual Consistency Level Header
boolean
eventualConsistencyLevelHeader
false
Add the header to the request to specify the eventual consistency level. Required for some OData properties.
 
Get All Paginated Results
boolean
getAllPaginatedResults
false
Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.
 
Group Id
string
/ Required
groupId
 
b320ee12-b1cd-4cca-b648-a437be61c5cd

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
"value": [
{
"id": "11111111-2222-3333-4444-555555555555",
"mail": "user1@contoso.com"
}
]
}
}

List Subscriptions

Lists active subscriptions. | key: listSubscriptions

InputDefaultNotes
Connection
connection
/ Required
connection
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
Get All Paginated Results
boolean
getAllPaginatedResults
false
Set to true to retrieve all subscriptions.

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions",
"value": [
{
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
]
}
}

List Users

Retrieve a list of user objects. | key: listUsers

InputDefaultNotesExample
Count
boolean
$count
false
Retrieves the total count of matching resources. Requires 'Eventual Consistency Level Header' turned on to work.
 
Expand
string
$expand
Retrieves related resources.
members
Filter
string
$filter
Filters results (rows).
startswith(givenName,'J')
Order By
string
$orderby
Orders results.
displayName desc
Search
string
$search
Returns results based on search criteria.
pizza
Select
string
$select
Filters properties (columns).
givenName,surname
Top
string
$top
Sets the page size of results.
10
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Eventual Consistency Level Header
boolean
eventualConsistencyLevelHeader
false
Add the header to the request to specify the eventual consistency level. Required for some OData properties.
 
Get All Paginated Results
boolean
getAllPaginatedResults
false
Retrieves all paginated results. Ignores the 'Top' input and retrieves all results.
 

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"value": [
{
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
]
}
}

Raw Request

Send raw HTTP request to Microsoft Entra ID. | key: rawRequest

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Data
string
data
The HTTP body payload to send to the URL.
{"exampleKey": "Example Data"}
Debug Request
boolean
debugRequest
false
Enabling this flag will log out the current request.
 
File Data
string
Key Value List
fileData
File Data to be sent as a multipart form upload.
[{key: "example.txt", value: "My File Contents"}]
File Data File Names
string
Key Value List
fileDataFileNames
File names to apply to the file data inputs. Keys must match the file data keys above.
 
Form Data
string
Key Value List
formData
The Form Data to be sent as a multipart form upload.
[{"key": "Example Key", "value": new Buffer("Hello World")}]
Header
string
Key Value List
headers
A list of headers to send with the request.
User-Agent: curl/7.64.1
Max Retry Count
string
maxRetries
0
The maximum number of retries to attempt. Specify 0 for no retries.
 
Method
string
/ Required
method
The HTTP method to use.
 
Query Parameter
string
Key Value List
queryParams
A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2.
 
Response Type
string
/ Required
responseType
json
The type of data you expect in the response. You can request json, text, or binary data.
 
Retry On All Errors
boolean
retryAllErrors
false
If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors.
 
Retry Delay (ms)
string
retryDelayMS
0
The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled.
 
Timeout
string
timeout
The maximum time that a client will await a response to its request
2000
URL
string
/ Required
url
Input the path only (/users), The base URL is already included (https://graph.microsoft.com/v1.0). For example, to connect to https://graph.microsoft.com/v1.0/users, only /users is entered in this field.
/users
Use Exponential Backoff
boolean
useExponentialBackoff
false
Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored.
 

Remove Member of Group

Remove a member from a Microsoft 365 group or a security group through the members navigation property. | key: removeMemberOfGroup

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Group Id
string
/ Required
groupId
The ID of the group to remove the member from.
b320ee12-b1cd-4cca-b648-a437be61c5cd
Member ID
string
/ Required
memberId
The ID of the member to remove from the group.
12345678-1234-1234-1234-123456789012

{
"data": {
"success": true
}
}

Update Subscription

Updates a subscription expiration time for renewal and/or updates the notificationUrl for delivery. | key: updateSubscription

InputDefaultNotesExample
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Expiration Date Time
string
expirationDateTime
Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to.
2016-11-20T18:23:45.9356913Z
Notification URL
string
notificationUrl
The URL of the endpoint that receives the change notifications.
https://webhook.azurewebsites.net/api/send/myNotifyClient
Subscription ID
string
/ Required
subscriptionId
The ID of the subscription to update.
12345678-1234-1234-1234-123456789012

{
"data": {
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
}

Update User

Update the properties of a User object. | key: updateUser

InputDefaultNotesExample
Account Enabled
string
accountEnabled
Indicates if the account is enabled.
 
Additional Properties
code
additionalProperties
Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/user-update
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Display Name
string
displayName
The display name of the user.
John
Domain
string
domain
The updated domain for the user, this must be an existing domain in the tenant. Required if 'User Principal Name' input is provided.
domain.onmicrosoft.com
First Name
string
givenName
The updated first name of the user.
John
Job Title
string
jobTitle
The updated job title of the user.
Software Engineer
Last Name
string
surname
The updated last name of the user.
Doe
User Id
string
/ Required
userId
Unique Identifier for the user to update. This can be the user's id or userPrincipalName.
d36894ae-94ae-d368-ae94-68d3ae9468d3
User Principal Name
string
userPrincipalName
The updated user principal name of the user. Required if 'Domain' input is provided.
John

{
"data": {
"success": true
}
}

Upsert Application

Create a new application if it doesn't exist, or update the properties of an existing application. | key: upsertApplication

InputDefaultNotesExample
Additional Properties
code
additionalProperties
Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/application-upsert
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Display Name
string
/ Required
displayName
The display name of the application.
My Application
Unique Name
string
/ Required
uniqueName
The unique name of the application to update or create.
MyApplication
Use as Upsert
boolean
/ Required
useAsUpsert
true
Set to true to create a new application if it doesn't exist. Set to false to only update an existing application.
 

{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
"deletedDateTime": null,
"isFallbackPublicClient": null,
"appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
"applicationTemplateId": null,
"identifierUris": [],
"createdDateTime": "2019-09-17T19:10:35.2742618Z",
"displayName": "Display name",
"isDeviceOnlyAuthSupported": null,
"groupMembershipClaims": null,
"optionalClaims": null,
"addIns": [],
"publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"api": {
"requestedAccessTokenVersion": 2,
"acceptMappedClaims": null,
"knownClientApplications": [],
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"publicClient": {
"redirectUris": []
},
"info": {
"termsOfServiceUrl": null,
"supportUrl": null,
"privacyStatementUrl": null,
"marketingUrl": null,
"logoUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"requiredResourceAccess": [],
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
}

Upsert Group

Create a new group if it doesn't exist, or update the properties of an existing group. | key: upsertGroup

InputDefaultNotesExample
Additional Properties
code
additionalProperties
Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. https://learn.microsoft.com/en-us/graph/api/group-upsert
Connection
connection
/ Required
connection
 
 
 
Debug Request
boolean
debug
false
Enabling this flag will log out the current request.
 
Display Name
string
displayName
The name to display in the address book for the group.
Marketing Team
Group Types
string
groupTypes
The type of group and its membership.
 
Mail Enabled
string
mailEnabled
Set to true for mail-enabled groups.
 
Mail Nickname
string
mailNickname
The mail alias for the group, unique for Microsoft 365 groups in the organization. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : <> , SPACE.
MarketingTeam
Security Enabled
string
securityEnabled
Set to true for security-enabled groups, including Microsoft 365 groups. Note: Groups created using the Microsoft Entra admin center or the Azure portal always have securityEnabled initially set to true.
 
Unique Name
string
/ Required
uniqueName
The unique name of the group to update or create.
MarketingTeam
Use as Upsert
boolean
/ Required
useAsUpsert
true
Set to true to create a new group if it doesn't exist. Set to false to only update an existing group.
 

{
"data": {
"success": true
}
}