Microsoft Entra ID
Microsoft Entra ID is an Identity and Access Management cloud solution that extends your on-premises directories to the cloud and provides single sign-on to thousands of cloud (SaaS) apps and access to web apps you run on-premises.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions |
Power Automate | Standard | All Power Automate regions |
Power Apps | Standard | All Power Apps regions |
Contact | |
---|---|
Name | Microsoft |
URL | https://support.microsoft.com |
Connector Metadata | |
---|---|
Publisher | Microsoft |
Privacy policy | https://privacy.microsoft.com/privacystatement |
Website | https://azure.microsoft.com/services/active-directory |
Categories | IT Operations;Security |
To use this integration, you will need access to an Microsoft Entra ID account with sufficient privileges. To make a connection, select Sign In. You will be prompted to provide your account information, follow the remainder of the screens to create a connection.
To use the Microsoft Entra ID connector, the account needs to have the following administrator permissions:
- Group.ReadWrite.All
- User.ReadWrite.All
- Directory.ReadWrite.All
More information on Graph permissions and how to configure them can be found here.
You're now ready to start using this integration.
Known issues and limitations
- The connector does not return custom attributes of Microsoft Entra ID entities.
- The connector does not support Mail-Enabled Security groups.
- Microsoft Entra ID group with the attribute "isAssignableToRole" are not supported for now.
- If you have deployed Azure Conditional Access (Microsoft Entra ID MFA) the connector will not work as expected. To workaround this issue, see this solution.
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 200 | 60 seconds |
Actions
Add user to group |
Add a user to a group in this Microsoft Entra ID tenant. |
Assign manager |
Assign a manager for a user. |
Check group membership (V2) |
If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty. |
Check group membership [DEPRECATED] |
This action has been deprecated. Please use Check group membership (V2) instead.
|
Create group |
Create a group in your Microsoft Entra ID tenant. |
Create Office 365 group |
Create an Office 365 group in your Microsoft Entra ID tenant. |
Create security group |
Create a security group in your Microsoft Entra ID tenant. |
Create user |
Create a new user in your Microsoft Entra ID tenant. |
Get group |
Get details for a group. |
Get group members |
Get the users who are members of a group. You can query up to 1000 items using the Top parameter. If you need to retrieve more than 1000 values, please turn on the Settings->Pagination feature and provide a Threshold limit. |
Get groups of a user (V2) |
Get the groups a user is a member of. |
Get groups of a user [DEPRECATED] |
This action has been deprecated. Please use Get groups of a user (V2) instead.
|
Get user |
Get details for a user. |
Refresh tokens |
Invalidate all refresh tokens for a user |
Remove Member From Group |
Remove Member From Group |
Update user |
Update the info for a user. |
Add user to group
Add a user to a group in this Microsoft Entra ID tenant.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Group Id
|
id | True | string |
Unique identifer of a group (Ex. '40639f36-46a6-73a6-91e2-9584b7913429'). |
User Id
|
@odata.id | True | string |
Unique identifer of a user (Ex. '5e6cf5c7-b511-4842-6aae-3f6b8ae5e95b'). |
Assign manager
Assign a manager for a user.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
User Id or Principal Name
|
id | True | string |
Unique identifier of a user (Ex. '[email protected]' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b'). |
User Id of the Manager
|
@odata.id | True | string |
Unique identifer of a manager (Ex. '5f6cf5c7-a561-4842-9aae-3e6d8ce5e95b'). |
Check group membership (V2)
If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
User Id or Principal Name
|
id | True | string |
Unique identifier of a user (Ex. '[email protected]' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b'). |
groupIds
|
groupIds | True | array of string |
Returns
Check group membership [DEPRECATED]
This action has been deprecated. Please use Check group membership (V2) instead.
If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
User Id or Principal Name
|
id | True | string |
Unique identifier of a user (Ex. '[email protected]' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b'). |
groupIds
|
groupIds | True | array of string |
Returns
- Items
- GetMemberGroups_Response
Create group
Create a group in your Microsoft Entra ID tenant.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Display Name
|
displayName | True | string |
Display name of the new group. |
Description
|
description | True | string |
Description of the new group. |
Mail Nickname
|
mailNickname | True | string |
The mail alias of the new group. |
groupTypes
|
groupTypes | True | array of string |
Choose 'Unified' for an O365 group. Choose 'None' for a security group. |
Security Enabled
|
securityEnabled | True | boolean |
True if the new group is a security group. |
Mail Enabled
|
mailEnabled | True | boolean |
True if the new group is a mailing group. |
Returns
- Body
- CreateGroup_Response
Create Office 365 group
Create an Office 365 group in your Microsoft Entra ID tenant.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Display Name
|
displayName | True | string |
Display name of the new group. |
Description
|
description | True | string |
Description of the new group. |
Mail Nickname
|
mailNickname | True | string |
The mail alias of the new group. |
groupTypes
|
groupTypes | True | array of string |
For Office 365, group type is 'Unified'. |
Security Enabled
|
securityEnabled | True | boolean |
True if the new group is a security group. |
Mail Enabled
|
mailEnabled | True | boolean |
True if the new group is a mailing group. |
Returns
- Body
- CreateGroup_Response
Create security group
Create a security group in your Microsoft Entra ID tenant.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Display Name
|
displayName | True | string |
Display name of the new group. |
Description
|
description | True | string |
Description of the new group. |
Mail Nickname
|
mailNickname | True | string |
The mail alias of the new group. |
Security Enabled
|
securityEnabled | True | boolean |
True if the new group is a security group. |
Mail Enabled
|
mailEnabled | True | boolean |
True if the new group is a mailing group. |
Returns
- Body
- CreateGroup_Response
Create user
Create a new user in your Microsoft Entra ID tenant.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Account Enabled
|
accountEnabled | True | boolean |
True if the new account should be enabled when it is created. |
Display Name
|
displayName | True | string |
The name displayed in the address book for the user. |
Mail Nickname
|
mailNickname | True | string |
The mail alias for the user. |
Password
|
password | True | string |
The password for the user. The user will be required to change the password on the next login. |
User Principal Name
|
userPrincipalName | True | string |
The user principal name (UPN) of the user. |
Given Name
|
givenName | string |
The user's given name (first name). |
|
Surname
|
surname | string |
The user's surname (family name or last name). |
|
businessPhones
|
businessPhones | array of string | ||
Department
|
department | string |
The name for the department in which the user works. |
|
Job Title
|
jobTitle | string |
The user's job title. |
|
Mobile Phone
|
mobilePhone | string |
The mobile phone number for the user in any format such as '1 (234) 567-8910'. |
|
Office Location
|
officeLocation | string |
The office location in the user's place of business. |
|
Preferred Language
|
preferredLanguage | string |
The preferred language for the user. Should follow ISO 639-1 Code; for example 'en-US'. |
Returns
- Body
- GetUser_Response
Get group
Get details for a group.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Group Id
|
id | True | string |
Unique identifer of a group (Ex. '40639f36-46a6-73a6-91e2-9584b7913429'). |
Returns
- Body
- GetGroup_Response
Get group members
Get the users who are members of a group. You can query up to 1000 items using the Top parameter. If you need to retrieve more than 1000 values, please turn on the Settings->Pagination feature and provide a Threshold limit.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Group Id
|
id | True | string |
Unique identifer of a group (Ex. '40639f36-46a6-73a6-91e2-9584b7913429'). |
Top
|
$top | integer |
Limit on the number of results to return (from 1 to 999, default is 100). |
Returns
Get groups of a user (V2)
Get the groups a user is a member of.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
User Id or Principal Name
|
id | True | string |
Unique identifier of a user (Ex. '[email protected]' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b'). |
Security Enabled Only
|
securityEnabledOnly | True | boolean |
Determines if only security enabled groups should be fetched. |
Returns
Get groups of a user [DEPRECATED]
This action has been deprecated. Please use Get groups of a user (V2) instead.
Get the groups a user is a member of.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
User Id or Principal Name
|
id | True | string |
Unique identifier of a user (Ex. '[email protected]' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b'). |
Security Enabled Only
|
securityEnabledOnly | True | boolean |
Determines if only security enabled groups should be fetched. |
Returns
- Items
- GetMemberGroups_Response
Get user
Get details for a user.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
User Id or Principal Name
|
id | True | string |
Unique identifier of a user (Ex. '[email protected]' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b'). |
Returns
- Body
- GetUser_Response
Refresh tokens
Invalidate all refresh tokens for a user
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
User Id or Principal Name
|
id | True | string |
Unique identifier of a user (Ex. '[email protected]' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b'). |
Remove Member From Group
Remove Member From Group
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Group Id
|
groupId | True | string |
The Id of the group. |
Member Id
|
memberId | True | string |
The Id of the member. |
Update user
Update the info for a user.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
User Id or Principal Name
|
id | True | string |
Unique identifier of a user (Ex. '[email protected]' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b'). |
User Principal Name
|
userPrincipalName | string |
The user principal name (UPN) of the user. |
|
Display Name
|
displayName | string |
The name displayed in the address book for the user. |
|
Mail Nickname
|
mailNickname | string |
The mail alias for the user. |
|
Given Name
|
givenName | string |
The given name (first name) of the user. |
|
Surname
|
surname | string |
The user's surname (family name or last name). |
|
Account Enabled
|
accountEnabled | boolean |
True if the new account should be enabled. |
|
Job Title
|
jobTitle | string |
The user's job title. |
|
Department
|
department | string |
The name for the department in which the user works. |
|
Mobile Phone
|
mobilePhone | string |
The mobile phone number for the user in any format such as '1 (234) 567-8910'. |
|
Office Location
|
officeLocation | string |
The office location in the user's place of business. |
|
Preferred Language
|
preferredLanguage | string |
The preferred language for the user. Should follow ISO 639-1 Code; for example 'en-US'. |
|
businessPhones
|
businessPhones | array of string | ||
Additional Properties
|
customProperties | object |
Free form property name and value for this user. |
|
First customizable extension attribute
|
extensionAttribute1 | string |
First customizable extension attribute. |
|
Second customizable extension attribute
|
extensionAttribute2 | string |
Second customizable extension attribute. |
|
Third customizable extension attribute
|
extensionAttribute3 | string |
Third customizable extension attribute. |
|
Fourth customizable extension attribute
|
extensionAttribute4 | string |
Fourth customizable extension attribute. |
|
Fifth customizable extension attribute
|
extensionAttribute5 | string |
Fifth customizable extension attribute. |
|
Sixth customizable extension attribute
|
extensionAttribute6 | string |
Sixth customizable extension attribute. |
|
Seventh customizable extension attribute
|
extensionAttribute7 | string |
Seventh customizable extension attribute. |
|
Eighth customizable extension attribute
|
extensionAttribute8 | string |
Eighth customizable extension attribute. |
|
Ninth customizable extension attribute
|
extensionAttribute9 | string |
Ninth customizable extension attribute. |
|
Tenth customizable extension attribute
|
extensionAttribute10 | string |
Tenth customizable extension attribute. |
|
Eleventh customizable extension attribute
|
extensionAttribute11 | string |
Eleventh customizable extension attribute. |
|
Twelfth customizable extension attribute
|
extensionAttribute12 | string |
Twelfth customizable extension attribute. |
|
Thirteenth customizable extension attribute
|
extensionAttribute13 | string |
Thirteenth customizable extension attribute. |
|
Fourteenth customizable extension attribute
|
extensionAttribute14 | string |
Fourteenth customizable extension attribute. |
|
Fifteenth customizable extension attribute
|
extensionAttribute15 | string |
Fifteenth customizable extension attribute. |
Definitions
CreateGroup_Response
Name | Path | Type | Description |
---|---|---|---|
@odata.context
|
@odata.context | string |
@odata.context |
id
|
id | string |
id |
deletedDateTime
|
deletedDateTime | string |
deletedDateTime |
classification
|
classification | string |
classification |
createdDateTime
|
createdDateTime | date-time |
createdDateTime |
description
|
description | string |
description |
displayName
|
displayName | date-time |
displayName |
groupTypes
|
groupTypes | array of string |
groupTypes |
mail
|
string |
|
|
mailEnabled
|
mailEnabled | boolean |
mailEnabled |
mailNickname
|
mailNickname | date-time |
mailNickname |
onPremisesLastSyncDateTime
|
onPremisesLastSyncDateTime | string |
onPremisesLastSyncDateTime |
onPremisesSecurityIdentifier
|
onPremisesSecurityIdentifier | string |
onPremisesSecurityIdentifier |
onPremisesSyncEnabled
|
onPremisesSyncEnabled | boolean |
onPremisesSyncEnabled |
proxyAddresses
|
proxyAddresses | array of string |
proxyAddresses |
renewedDateTime
|
renewedDateTime | date-time |
renewedDateTime |
securityEnabled
|
securityEnabled | boolean |
securityEnabled |
visibility
|
visibility | string |
visibility |
GetGroup_Response
Name | Path | Type | Description |
---|---|---|---|
Id
|
id | string |
The unique identifier for the group. |
Deleted Date Time
|
deletedDateTime | date-time |
Date-time the group was deleted. |
Created Date Time
|
createdDateTime | date-time |
Date-time the group was created. |
Description
|
description | string |
An optional description for the group. |
Display Name
|
displayName | string |
The display name for the group. |
Mail
|
string |
The SMTP address for the group. |
|
Mail Enabled
|
mailEnabled | boolean |
True if the group is mail-enabled. |
On Premises Last Sync Date Time
|
onPremisesLastSyncDateTime | date-time |
A date-time indicating the last time at which the group was synced with the on-premises directory. |
On Premises Sync Enabled
|
onPremisesSyncEnabled | boolean |
True if this group is synced from an on-premises directory. |
Security Enabled
|
securityEnabled | boolean |
True if the group is a security group. |
Visibility
|
visibility | string |
Visibility of the group (public or private). |
GetUser_Response
Name | Path | Type | Description |
---|---|---|---|
Id
|
id | string |
A unique identifer for the user. |
Business Phones
|
businessPhones | array of string | |
Display Name
|
displayName | string |
The name displayed in the address book for the user. |
Given Name
|
givenName | string |
The given name (first name) of the user. |
Job Title
|
jobTitle | string |
The user's job title. |
Mail
|
string |
The SMTP address for the user. |
|
Mobile Phone
|
mobilePhone | string |
The primary cellular telephone number for the user. |
Office Location
|
officeLocation | string |
The office location in the user's place of business. |
Preferred Language
|
preferredLanguage | string |
The preferred language for the user. Should follow ISO 639-1 Code; for example 'en-US'. |
Surname
|
surname | string |
The user's surname (family name or last name). |
User Principal Name
|
userPrincipalName | string |
The user principal name (UPN) of the user. |
GetMemberGroups_Response
Name | Path | Type | Description |
---|---|---|---|
Member Group Id
|
string |
An id of a group the user is a member of. |
GetMemberGroups_Response_V2
Name | Path | Type | Description |
---|---|---|---|
value
|
value | GetMemberGroups_Response |
GetGroupMembers_Response
Name | Path | Type | Description |
---|---|---|---|
Group Members
|
value | array of GetUser_Response |
Array of users that are members of the group. |