Find identity object IDs for authentication configuration in Azure API for FHIR

Important

Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.

In this article, learn how to find the identity object IDs needed to configure the Azure API for FHIR service to use an external or secondary Active Directory tenant for data plane.

Find user object ID

If you have a user with user name myuser@contoso.com, you can locate the user's ObjectId by using a Microsoft Graph PowerShell command or the Azure Command-Line Interface (CLI).

$(Get-MgUser -Filter "UserPrincipalName eq 'myuser@contoso.com'").Id

Find service principal object ID

Suppose you registered a service client app and you want to allow this service client to access the Azure API for FHIR. Find the object ID for the client service principal with a Microsoft Graph PowerShell command or the Azure CLI.

$(Get-MgServicePrincipal -Filter "AppId eq 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'").Id

Where XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX is the service client application ID. Alternatively, you can use the DisplayName of the service client:

$(Get-MgServicePrincipal -Filter "DisplayName eq 'testapp'").Id

Find a security group object ID

If you would like to locate the object ID of a security group, you can use a Microsoft Graph PowerShell command or the Azure CLI.

$(Get-MgGroup -Filter "DisplayName eq 'mygroup'").Id

Where mygroup is the name of the group you're interested in.

Next steps

Configure local RBAC settings

Note

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.