Microsoft Entra ID Component
Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources. Use the Microsoft Entra ID component to manage your users, groups, and applications.
Component key: ms-entra-idDescription
Microsoft Entra ID (Formerly Azure Active Directory) is a cloud-based identity and access management service from Microsoft that helps employees sign in and access resources.
Use the Microsoft Entra ID component to manage your users, groups, and applications.
API Documentation:
The component was built using the Microsoft Graph REST API v1.0
Connections
OAuth 2.0
This authentication method may be used when an App requires granting admin consent to API permissions, in addition to authorizing the integration with the App's configured client credentials.
The Microsoft Azure Active Directory component authenticates requests through the Microsoft Graph API.
Creating an App Registration
To configure OAuth 2.0 you must first create an App through Active Directory in the Microsoft Entra Admin Center or Microsoft Azure Portal.
- Navigate to App Registrations
- When creating the application you will be prompted to select Supported account types.
- Select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
- Navigate to Redirect URI and add the Web platform. Now enter the redirect URI as
https://oauth2.prismatic.io/callback
for US based integrations.- For integrations outside the US refer to this guide to find your region’s Callback URL.
- Select Register to complete.
- In the App, navigate to Certificates & Secrets and select New client secret. Copy/save the Value for use in the connection configuration of your integration (the value will not be shown again).
- Next, navigate to the Overview section and copy the Application (client) ID
- Navigate to the API Permissions section to assign the proper permissions for the integration. Select Add Permission, select all permissions that are required for your desired integration
and save these values for later. A full list of scopes can be found on
the Microsoft Graph API documentation 1. Recommended scopes for Active Directory can be found in Microsoft Graph > Delegated permissions: 1.
Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access
Configuring the Integration
Supply the following values to the OAuth 2.0 Authorization Code connection in your integration within Prismatic:
- Client ID enter the Application (client) ID
- Client Secret enter the Value provided (Do not use Secret ID)
- Provide the assigned API permissions as Scopes you assigned to your App. The default value will be set to the following:
- Default example:
Group.ReadWrite.All GroupMember.ReadWrite.All Application.ReadWrite.All User.Read.All offline_access
- Default example:
- If you didn't select Multitenant when creating the App, you will need to replace the Authorize URL and Token URL with ones specific to your tenant.
Triggers
Group Trigger
Get notified to this flow when a group changes. | key: groupTrigger
User Trigger
Get notified to this flow when a user changes. | key: userTrigger
Webhook
Receive and validate webhook requests from Microsoft Entra ID for webhooks you configure. | key: webhook
Data Sources
Select Application
Select an application from a picklist. | key: selectApplication | type: picklist
Select Group
Select a group from a picklist. | key: selectGroup | type: picklist
Select Group Member
Select a group member from a picklist. | key: selectGroupMember | type: picklist
Actions
Add Member to Group
Add a member to a group. | key: addMemberToGroup
Output Example Payload
{
"data": {
"success": true
}
}
Create Application
Creates (registers) a new application. | key: createApplication
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
"deletedDateTime": null,
"isFallbackPublicClient": null,
"appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
"applicationTemplateId": null,
"identifierUris": [],
"createdDateTime": "2019-09-17T19:10:35.2742618Z",
"displayName": "Display name",
"isDeviceOnlyAuthSupported": null,
"groupMembershipClaims": null,
"optionalClaims": null,
"addIns": [],
"publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"api": {
"requestedAccessTokenVersion": 2,
"acceptMappedClaims": null,
"knownClientApplications": [],
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"publicClient": {
"redirectUris": []
},
"info": {
"termsOfServiceUrl": null,
"supportUrl": null,
"privacyStatementUrl": null,
"marketingUrl": null,
"logoUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"requiredResourceAccess": [],
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
}
Create Group
Create a new group. It can be a Microsoft 365 group, dynamic group, or security group. | key: createGroup
Output Example Payload
{
"data": {
"id": "b320ee12-b1cd-4cca-b648-a437be61c5cd",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-12-22T00:51:37Z",
"description": "Self help community for library",
"displayName": "Library Assist",
"groupTypes": [
"Unified"
],
"mail": "library7423@contoso.com",
"mailEnabled": true,
"mailNickname": "library",
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"proxyAddresses": [
"SMTP:library7423@contoso.com"
],
"renewedDateTime": "2018-12-22T00:51:37Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"visibility": "Public",
"onPremisesProvisioningErrors": []
}
}
Create Subscription
Create a subscription to receive notifications when changes occur in the specified object. | key: createSubscription
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions/$entity",
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/mailFolders('Inbox')/messages",
"applicationId": "24d3b144-21ae-4080-943f-7067b395b913",
"changeType": "created",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "8ee44408-0679-472c-bc2a-692812af3437",
"latestSupportedTlsVersion": "v1_2",
"notificationContentType": "application/json"
}
}
Create User
Create a new user. | key: createUser
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"businessPhones": [],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Product Marketing Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com"
}
}
Delete Application
Delete application object. | key: deleteApplication
Output Example Payload
{
"data": {
"success": true
}
}
Delete Group
Delete group object. | key: deleteGroup
Output Example Payload
{
"data": {
"success": true
}
}
Delete Instanced Subscriptions
Delete all webhooks that point to a flow in this instance. | key: deleteInstancedSubscriptions
Output Example Payload
{
"data": {
"subscriptionsRemoved": [
"26ebd1e9-c54a-4bbe-9583-fc05974952a4",
"b9b27172-ee2e-4248-86df-fc98cb71d914"
]
}
}
Delete Subscription
Deletes a subscription object. | key: deleteSubscription
Output Example Payload
{
"data": {
"success": true
}
}
Delete User
Deletes a User. | key: deleteUser
Output Example Payload
{
"data": {
"success": true
}
}
Get Application
Read properties of an application object. | key: getApplication
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
"deletedDateTime": null,
"isFallbackPublicClient": null,
"appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
"applicationTemplateId": null,
"identifierUris": [],
"createdDateTime": "2019-09-17T19:10:35.2742618Z",
"displayName": "Display name",
"isDeviceOnlyAuthSupported": null,
"groupMembershipClaims": null,
"optionalClaims": null,
"addIns": [],
"publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"api": {
"requestedAccessTokenVersion": 2,
"acceptMappedClaims": null,
"knownClientApplications": [],
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"publicClient": {
"redirectUris": []
},
"info": {
"termsOfServiceUrl": null,
"supportUrl": null,
"privacyStatementUrl": null,
"marketingUrl": null,
"logoUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"requiredResourceAccess": [],
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
}
Get Group
Read properties of a group object. | key: getGroup
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
"id": "02bd9fd6-8f93-4758-87c3-1fb73740a315",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2017-07-31T18:56:16Z",
"description": "Welcome to the HR Taskforce team.",
"displayName": "HR Taskforce",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "HRTaskforce@contoso.com",
"mailEnabled": true,
"mailNickname": "HRTaskforce",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"preferredLanguage": null,
"proxyAddresses": [
"SMTP:HRTaskforce@contoso.com",
"SPO:SPO_896cf652-b200-4b74-8111-c013f64406cf@SPO_dcd219dd-bc68-4b9b-bf0b-4a33a796be35"
],
"renewedDateTime": "2020-01-24T19:01:14Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [
"Team"
],
"securityEnabled": false,
"securityIdentifier": "S-1-12-1-45981654-1196986259-3072312199-363020343",
"serviceProvisioningErrors": [],
"theme": null,
"visibility": "Private",
"onPremisesProvisioningErrors": []
}
}
Get Subscription
Read properties of a subscription object. | key: getSubscription
Output Example Payload
{
"data": {
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
}
Get User
Read properties and relationships of the User object. | key: getUser
Output Example Payload
{
"data": {
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
}
List Applications
Retrieve the list of applications in the organization. | key: listApplications
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications",
"value": [
{
"appId": "00000000-0000-0000-0000-000000000000",
"identifierUris": [
"http://contoso/"
],
"displayName": "My app",
"publisherDomain": "contoso.com",
"signInAudience": "AzureADMyOrg"
}
]
}
}
List Changes
Track changes in an object and its children over time. | key: listChanges
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"@odata.nextLink": "https://graph.microsoft.com/v1.0/users/delta?$skiptoken=pqwSUjGYvb3jQpbwVAwEL7yuI3dU1LecfkkfLPtnIjsXoYQp_dpA3cNJWc",
"value": [
{
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
]
}
}
List Group
List group objects and their properties. | key: listGroup
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
"value": [
{
"id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-12-22T02:21:05Z",
"description": "Self help community for golf",
"displayName": "Golf Assist",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "golfassist@contoso.com",
"mailEnabled": true,
"mailNickname": "golfassist",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"preferredLanguage": null,
"proxyAddresses": [
"smtp:golfassist@contoso.com",
"SMTP:golfassist@contoso.com"
],
"renewedDateTime": "2018-12-22T02:21:05Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"theme": null,
"visibility": "Public",
"onPremisesProvisioningErrors": []
},
{
"id": "d7797254-3084-44d0-99c9-a3b5ab149538",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-11-19T20:29:40Z",
"description": "Talk about golf",
"displayName": "Golf Discussion",
"expirationDateTime": null,
"groupTypes": [],
"isAssignableToRole": null,
"mail": "golftalk@contoso.com",
"mailEnabled": true,
"mailNickname": "golftalk",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"preferredLanguage": null,
"proxyAddresses": [
"smtp:golftalk@contoso.com",
"SMTP:golftalk@contoso.com"
],
"renewedDateTime": "2018-11-19T20:29:40Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"serviceProvisioningErrors": [],
"theme": null,
"visibility": null,
"onPremisesProvisioningErrors": []
}
]
}
}
List Group Members
Get the direct members of this group from the members navigation property. | key: listGroupMembers
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
"value": [
{
"id": "11111111-2222-3333-4444-555555555555",
"mail": "user1@contoso.com"
}
]
}
}
List Subscriptions
Lists active subscriptions. | key: listSubscriptions
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions",
"value": [
{
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
]
}
}
List Users
Retrieve a list of user objects. | key: listUsers
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"value": [
{
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
]
}
}
Raw Request
Send raw HTTP request to Microsoft Entra ID. | key: rawRequest
Remove Member of Group
Remove a member from a Microsoft 365 group or a security group through the members navigation property. | key: removeMemberOfGroup
Output Example Payload
{
"data": {
"success": true
}
}
Update Subscription
Updates a subscription expiration time for renewal and/or updates the notificationUrl for delivery. | key: updateSubscription
Output Example Payload
{
"data": {
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
}
Update User
Update the properties of a User object. | key: updateUser
Output Example Payload
{
"data": {
"success": true
}
}
Upsert Application
Create a new application if it doesn't exist, or update the properties of an existing application. | key: upsertApplication
Output Example Payload
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
"deletedDateTime": null,
"isFallbackPublicClient": null,
"appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
"applicationTemplateId": null,
"identifierUris": [],
"createdDateTime": "2019-09-17T19:10:35.2742618Z",
"displayName": "Display name",
"isDeviceOnlyAuthSupported": null,
"groupMembershipClaims": null,
"optionalClaims": null,
"addIns": [],
"publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"api": {
"requestedAccessTokenVersion": 2,
"acceptMappedClaims": null,
"knownClientApplications": [],
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"publicClient": {
"redirectUris": []
},
"info": {
"termsOfServiceUrl": null,
"supportUrl": null,
"privacyStatementUrl": null,
"marketingUrl": null,
"logoUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"requiredResourceAccess": [],
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
}
Upsert Group
Create a new group if it doesn't exist, or update the properties of an existing group. | key: upsertGroup
Output Example Payload
{
"data": {
"success": true
}
}