How to automate Azure AD users and groups provisioning through APIs?

Anil Kumar Akuthota 0 Reputation points
2023-04-26T05:36:35.87+00:00

How to automate Azure AD users and groups provisioning through APIs? We have our App in Azure AD to provision users and groups. I would like to automate the full flow using rest APIs. Can someone share the APIs for the following:

  • Create a User
  • Create a group
  • PATCH user and group
  • Update the user
  • Update the group
  • Add the user and group to my App
  • Provision User and group Thanks in advance. Thanks, Anil
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,072 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 29,781 Reputation points Microsoft Employee
    2023-04-28T09:58:44.3866667+00:00

    Hi @Anil Kumar Akuthota ,

    Thanks for reaching out.

    You can enable automatic provisioning of users and groups between your application and Azure Active Directory (Azure AD) using SCIM user management API which uses two endpoints for /users and /Groups.

    Below article has the SCIM examples to create user and group using Rest API endpoint

    https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#user-operations

    However, you can also automate Azure AD users and groups provisioning through APIs

    User: You can use the Microsoft Graph API to create a user in Azure AD. Here's an example of the API call:

    
    POST https://graph.microsoft.com/v1.0/users
    Content-Type: application/json
    
    {
      "displayName": "My Group",
      "mailNickname": "mygroup",
      "mailEnabled": false,
      "securityEnabled": true
    }
    
    
    
    1. Create a Group: You can use the Microsoft Graph API to create a group in Azure AD. Here's an example of the API call:
    POST https://graph.microsoft.com/v1.0/groups
    Content-Type: application/json
    
    {
      "displayName": "My Group",
      "mailNickname": "mygroup",
      "mailEnabled": false,
      "securityEnabled": true
    }
    
    

    3.PATCH User and Group: You can use the Microsoft Graph API to update a user or group in Azure AD. Here's an example of the API call:

    PATCH https://graph.microsoft.com/v1.0/users/{user-id}
    Content-Type: application/json
    
    {
      "displayName": "New Display Name"
    }
    PATCH https://graph.microsoft.com/v1.0/groups/{group-id}
    Content-Type: application/json
    
    {
      "displayName": "New Display Name"
    }
    
    

    4.Add the User and Group to your App: You can use the Microsoft Graph API to add a user or group to your app in Azure AD. Here's an example of the API call:

    POST https://graph.microsoft.com/v1.0/servicePrincipals/{app-id}/appRoleAssignments
    Content-Type: application/json
    
    {
      "principalId": "{user-or-group-id}",
      "resourceId": "{app-id}",
      "appRoleId": "{app-role-id}"
    
    

    Hope this will help.

    Thanks,

    Shweta


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.