Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,310 questions
can i automate the userflow like sigin and sigup using graph
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 64%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHK%3C/text%3E%3C/svg%3E)
Haroon Khan
0
Reputation points
can i automate the userflow like sigin and sigup using graph i create the app using az cli
#!/bin/bash
# Set Variables
TENANT_ID="6b74c8"
APP_NAME="Myb2capp1"
REDIRECT_URI="http://localhost:3000/"
# Log into Azure
echo "π Logging into Azure..."
az login --tenant "$TENANT_ID" --allow-no-subscriptions > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "β Azure login failed. Ensure your credentials are correct."
exit 1
fi
# Ensure correct tenant
echo "π Checking Azure Tenant..."
CURRENT_TENANT=$(az account show --query "tenantId" -o tsv)
if [[ "$CURRENT_TENANT" != "$TENANT_ID" ]]; then
echo "β You are not logged into the correct tenant ($TENANT_ID)."
exit 1
fi
# Check if the app already exists
EXISTING_APP_ID=$(az ad app list --display-name "$APP_NAME" --query "[].appId" -o tsv)
if [[ -n "$EXISTING_APP_ID" ]]; then
echo "βΉοΈ App '$APP_NAME' already exists. Using existing App ID: $EXISTING_APP_ID"
APP_ID=$EXISTING_APP_ID
else
# Create the App Registration
echo "π Creating Azure AD B2C app: $APP_NAME..."
APP_ID=$(az ad app create \
--display-name "$APP_NAME" \
--web-redirect-uris "$REDIRECT_URI" \
--query appId -o tsv)
if [[ -z "$APP_ID" ]]; then
echo "β Failed to create the Azure AD B2C app."
exit 1
fi
echo "β
App created successfully with ID: $APP_ID"
fi
# Assign API Permissions
echo "π Assigning API permissions..."
az ad app permission add --id "$APP_ID" --api 00000003-0000-0000-c000-000000000000 \
--api-permissions 311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope \
37f7f235-527c-4136-accd-4a02d197296e=Scope > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "β Failed to assign API permissions."
exit 1
fi
echo "β
Permissions assigned successfully."
# Grant Admin Consent
echo "π Granting admin consent..."
az ad app permission admin-consent --id "$APP_ID" > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "β Failed to grant admin consent."
exit 1
fi
echo "β
Admin consent granted successfully."
# Check if Service Principal Exists
SP_EXIST=$(az ad sp list --filter "appId eq '$APP_ID'" --query "[].id" -o tsv)
if [[ -z "$SP_EXIST" ]]; then
echo "π Creating service principal..."
az ad sp create --id "$APP_ID" > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "β Failed to create service principal."
exit 1
fi
else
echo "βΉοΈ Service Principal already exists. Skipping creation."
fi
# Enable Implicit Grant with Retry
echo "π Enabling implicit grant..."
for i in {1..3}; do
az rest --method PATCH --url "https://graph.microsoft.com/v1.0/applications/$APP_ID" \
--headers "Content-Type=application/json" \
--body '{
"web": {
"implicitGrantSettings": {
"enableAccessTokenIssuance": true,
"enableIdTokenIssuance": true
}
}
}' > /dev/null 2>&1
if [[ $? -eq 0 ]]; then
echo "β
Implicit grant enabled."
break
else
echo "β οΈ Failed to enable implicit grant. Retrying ($i/3)..."
sleep 5
fi
done
# Verify the App Registration
echo "π Verifying the app registration..."
az ad app show --id "$APP_ID" > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "β Failed to verify app registration."
exit 1
fi
echo "β
App registration verified successfully."
# Run PowerShell script for User Flow
echo "π Running PowerShell script to create Sign-Up & Sign-In user flow..."
pwsh -File create_susi.ps1 -TenantId "$TENANT_ID"
if [[ $? -ne 0 ]]; then
echo "β Failed to create B2C SUSI user flow."
exit 1
fi
echo "π Azure AD B2C SUSI User Flow setup completed successfully! β
"
b2c file:
param (
[string]$TenantId
)
# Connect to Microsoft Graph with required permissions
Connect-MgGraph -Scopes "IdentityUserFlow.ReadWrite.All", "Application.ReadWrite.All"
# Define User Flow Name
$UserFlowName = "B2C_1_SignUpSignIn"
# Check if the user flow already exists
$ExistingFlow = Get-MgIdentityUserFlow | Where-Object { $_.Id -eq $UserFlowName }
if ($ExistingFlow) {
Write-Output "βΉοΈ User Flow '$UserFlowName' already exists. Skipping creation."
} else {
# Create a Sign-Up & Sign-In User Flow
$UserFlow = New-MgIdentityUserFlow -Id $UserFlowName -UserFlowType "signUpOrSignIn"
# Use Email as Identifier
Update-MgIdentityUserFlow -IdentityUserFlowId $UserFlow.Id -UserFlowType "signUpOrSignIn" -UserFlowTypeVersion 1 -IdentityProviders @(@{"id"="Email";"identityProviderType"="EmailAddress"})
# Add Claims (Email, Name, etc.)
$Claims = @("email", "displayName", "givenName", "surname")
foreach ($claim in $Claims) {
New-MgIdentityUserFlowAttributeAssignment -IdentityUserFlowId $UserFlow.Id -UserAttribute $claim -IsOptional $false
}
Write-Output "β
B2C User Flow '$UserFlowName' created successfully with Email as Identifier and Claims."
}
# Confirm Creation
Get-MgIdentityUserFlow | Where-Object { $_.Id -eq $UserFlowName }
Sign in to answer