This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 16%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
I might want to run a query against Graph API from a Logic App to search sharepoint for URLs, to do so I want to use a system-assigned identity, which will be given permissions to query sharepoint.
However, when I read https://learn.microsoft.com/en-us/graph/api/resources/search-api-overview?view=graph-rest-1.0 it explicitly says:
'Search requests run in the context of the signed-in user, identified using an access token with delegated permissions.'
While I have the idea that the managed identity will have application permissions and not delegated permissions. Does this mean that the managed identity will not be able to use this endpoint at all? Or is this wrongly documented?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi,
You are right. You need to use delegated permissions for that API - managed identity will not work.
There are some other discussions on this issue:
Hope this helps!
Hi Christian,
Thank you for answering this! It seems like I need to use some sort of service account which will be used to create an app, which will in turn be able to get permissions using this flow: https://learn.microsoft.com/en-us/graph/auth-v2-user. However, here I can see that there is some manual consent step required (see the Consent experience paragraph), which is not really something that I can manage in the context of a logic app.
Do you perhaps see any way to circumvent this or is it impossible to call the search API from the logic app?
Nevermind, it looks like this should be possible anyway in the following way!:
https://techcommunity.microsoft.com/t5/integrations-on-azure-blog/calling-graph-api-from-azure-logic-apps-using-delegated/ba-p/1997666