Azure AD Identity and Access (Preview)
A connector for Azure AD Identity and Access. This connector will contain multiple actions to manage Azure AD Identity and Access. An example of this is for instance inviting guest users. In the future, more actions will be added.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Contact | |
---|---|
Name | Microsoft, Daniel Laskewitz |
URL | https://youtube.com/daniellaskewitz |
[email protected] |
Connector Metadata | |
---|---|
Publisher | Microsoft, Daniel Laskewitz |
Website | https://docs.microsoft.com/en-us/graph/api/resources/invitation?view=graph-rest-1.0 |
Privacy policy | https://privacy.microsoft.com/en-us/privacystatement |
Categories | IT Operations |
Microsoft Entra ID Identity and Access
The Graph API is a powerful and very extensive REST API. Using this API, you can create and manage objects (e.g. users, groups etc.) in Microsoft Entra ID, create Microsoft Teams teams, and a lot more.
This connector exposes the Identity and Access resources of the Graph API in the Microsoft Power Platform.
Publisher: Daniel Laskewitz | Sogeti
Pre-requisites
You will need the following to proceed:
- A Microsoft PowerApps or Microsoft Flow plan with custom connector feature
- An Azure subscription
- The Power platform CLI tools
Building the connector
Since the APIs used by the connector are secured by Microsoft Entra ID, we first need to set up a few things in Microsoft Entra ID for connector to securely access them. After this setup, you can create and test the connector.
Set up an Microsoft Entra ID application for your custom connector
Since the connector uses OAuth as authentication type, we first need to register an application in Microsoft Entra ID. This application will be used to get the authorization token required to invoke rest APIs used by the connector on user's behalf. You can read more about this here and follow the steps below:
Create an Microsoft Entra ID application This can be done using [Azure Portal] (https://portal.azure.com), by following the steps here. Once created, note down the value of Application (Client) ID. You will need this later.
Configure (Update) your Microsoft Entra ID application to access the Graph API API This step will ensure that your application can successfully retrieve an access token to invoke Graph API calls on behalf of your users. To do this, follow the steps here. - For redirect URI, use "https://global.consent.azure-apim.net/redirect" - For the credentials, use a client secret (and not certificates). Remember to note the secret down, you will need this later and it is shown only once. - For API permissions, make sure the Graph API "User.Invite.All" permission is added.
At this point, we now have a valid Microsoft Entra ID application that can be used to get permissions from end users and access Microsoft Entra ID. The next step for us is to create a custom connector.
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
Actions
Create invitation |
Create an invitation for an external user. |
Create invitation
Create an invitation for an external user.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Invited User Display Name
|
invitedUserDisplayName | string |
The display name of the user being invited. |
|
Invited User Email Address
|
invitedUserEmailAddress | string |
The email address of the user being invited. |
|
Email
|
address | string |
The email address of the person or entity. |
|
Name
|
name | string |
The display name of the person or entity. |
|
Customized Message
|
customizedMessageBody | string |
Customized message body you want to send if you don't want the default message. |
|
Message Language
|
messageLanguage | string |
The language you want to send the default message in. If the customized message body is specified, this property is ignored, and the message is sent using the customized message body. The language format should be in ISO 639. The default is en-US. |
|
Invited User Type
|
invitedUserType | string |
The user type of the user being invited. You can invite as Member if you are a company administrator. |
|
Invite Redirect URL
|
inviteRedirectUrl | string |
inviteRedirectUrl |
|
Reset Redemption
|
resetRedemption | boolean |
Reset the user's redemption status and reinvite a user while retaining their user identifier, group memberships, and app assignments. This property allows you to enable a user to sign-in using a different email address from the one in the previous invitation. |
|
Send Invitation Message
|
sendInvitationMessage | boolean |
Indicates whether an email should be sent to the user being invited. |
Returns
Name | Path | Type | Description |
---|---|---|---|
Invite Redeem URL
|
inviteRedeemUrl | inviteRedeemUrl |
The URL the user can use to redeem their invitation. |
Invited User Display Name
|
invitedUserDisplayName | invitedUserDisplayName |
The display name of the user being invited. |
Invited User Email Address
|
invitedUserEmailAddress | invitedUserEmailAddress |
The email address of the user being invited. |
Send Invitation Message
|
sendInvitationMessage | sendInvitationMessage |
Indicates whether an email should be sent to the user being invited. |
invitedUserMessageInfo
|
invitedUserMessageInfo | invitedUserMessageInfo |
Additional configuration for the message being sent to the invited user, including customizing message text, language and cc recipient list. |
Invite Redirect URL
|
inviteRedirectUrl | inviteRedirectUrl |
inviteRedirectUrl |
status
|
status | status |
The status of the invitation. |
Invited User
|
invitedUser | invitedUser |
The user created as part of the invitation creation. |
Definitions
ccRecipients
Additional recipients the invitation message should be sent to. Currently only 1 additional recipient is supported.
Name | Path | Type | Description |
---|---|---|---|
emailAddress
|
emailAddress | emailAddress |
The email address object (both display name and email address) of the person or entity. |
emailAddress
The email address object (both display name and email address) of the person or entity.
Name | Path | Type | Description |
---|---|---|---|
Email
|
address | string |
The email address of the person or entity. |
Name
|
name | string |
The display name of the person or entity. |
invitedUser
The user created as part of the invitation creation.
Name | Path | Type | Description |
---|---|---|---|
ID
|
id | string |
The id of the invited user. |
invitedUserDisplayName
The display name of the user being invited.
The display name of the user being invited.
- Invited User Display Name
- string
invitedUserEmailAddress
The email address of the user being invited.
The email address of the user being invited.
- Invited User Email Address
- string
invitedUserMessageInfo
Additional configuration for the message being sent to the invited user, including customizing message text, language and cc recipient list.
Name | Path | Type | Description |
---|---|---|---|
CC Recipients
|
ccRecipients | ccRecipients |
Additional recipients the invitation message should be sent to. Currently only 1 additional recipient is supported. |
Customized Message
|
customizedMessageBody | string |
Customized message body you want to send if you don't want the default message. |
Message Language
|
messageLanguage | string |
The language you want to send the default message in. If the customized message body is specified, this property is ignored, and the message is sent using the customized message body. The language format should be in ISO 639. The default is en-US. |
inviteRedeemUrl
The URL the user can use to redeem their invitation.
The URL the user can use to redeem their invitation.
- Invite Redeem URL
- string
inviteRedirectUrl
sendInvitationMessage
Indicates whether an email should be sent to the user being invited.
Indicates whether an email should be sent to the user being invited.
- Send Invitation Message
- boolean