Azure AD Identity and Access (Preview)
A connector for Azure AD Identity and Access. This connector will contain multiple actions to manage Azure AD Identity and Access. An example of this is for instance inviting guest users. In the future, more actions will be added.
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
| Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | Microsoft, Daniel Laskewitz |
| URL | https://youtube.com/daniellaskewitz |
| connectorsupport@laskewitz.io |
| Connector Metadata | |
|---|---|
| Publisher | Microsoft, Daniel Laskewitz |
| Website | https://docs.microsoft.com/en-us/graph/api/resources/invitation?view=graph-rest-1.0 |
| Privacy policy | https://privacy.microsoft.com/en-us/privacystatement |
| Categories | IT Operations |
Azure AD Identity and Access
The Graph API is a powerful and very extensive REST API. Using this API, you can create and manage objects (e.g. users, groups etc.) in Azure Active Directory, create Microsoft Teams teams, and a lot more.
This connector exposes the Identity and Access resources of the Graph API in the Microsoft Power Platform.
Publisher: Daniel Laskewitz | Sogeti
Pre-requisites
You will need the following to proceed:
- A Microsoft PowerApps or Microsoft Flow plan with custom connector feature
- An Azure subscription
- The Power platform CLI tools
Building the connector
Since the APIs used by the connector are secured by Azure Active Directory (AD), we first need to set up a few things in Azure AD for connector to securely access them. After this setup, you can create and test the connector.
Set up an Azure AD application for your custom connector
Since the connector uses OAuth as authentication type, we first need to register an application in Azure AD. This application will be used to get the authorization token required to invoke rest APIs used by the connector on user's behalf. You can read more about this here and follow the steps below:
Create an Azure AD application This can be done using [Azure Portal] (https://portal.azure.com), by following the steps here. Once created, note down the value of Application (Client) ID. You will need this later.
Configure (Update) your Azure AD application to access the Graph API API This step will ensure that your application can successfully retrieve an access token to invoke Graph API calls on behalf of your users. To do this, follow the steps here. - For redirect URI, use "https://global.consent.azure-apim.net/redirect" - For the credentials, use a client secret (and not certificates). Remember to note the secret down, you will need this later and it is shown only once. - For API permissions, make sure the Graph API "User.Invite.All" permission is added.
At this point, we now have a valid Azure AD application that can be used to get permissions from end users and access Azure Active Directory. The next step for us is to create a custom connector.
Creating a connection
The connector supports the following authentication types:
| Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Throttling Limits
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
Actions
| Create invitation |
Create an invitation for an external user. |
Create invitation
Create an invitation for an external user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
SendInvitationMessage
|
SendInvitationMessage | boolean |
Indicates whether an email should be sent to the user being invited or not. |
|
|
invitedUserEmailAddress
|
invitedUserEmailAddress | string |
The email address of the user being invited. |
|
|
inviteRedirectUrl
|
inviteRedirectUrl | string |
The URL the user should be redirected to once the invitation is redeemed. |
|
|
address
|
address | string |
The email address of the person or entity. |
|
|
name
|
name | string |
The display name of the person or entity. |
|
|
customizedMessageBody
|
customizedMessageBody | string |
Customized message body you want to send if you don't want the default message. |
|
|
messageLanguage
|
messageLanguage | string |
The language you want to send the default message in. If the customizedMessageBody is specified, this property is ignored, and the message is sent using the customizedMessageBody. The language format should be in ISO 639. The default is en-US. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
inviteRedeemUrl
|
inviteRedeemUrl | string |
The URL the user can use to redeem their invitation. |
|
invitedUserDisplayName
|
invitedUserDisplayName | string |
The display name of the user being invited. |
|
invitedUserEmailAddress
|
invitedUserEmailAddress | string |
The email address of the user being invited. |
|
sendInvitationMessage
|
sendInvitationMessage | boolean |
Indicates whether an email should be sent to the user being invited or not. |
|
messageLanguage
|
invitedUserMessageInfo.messageLanguage | string |
The language you want to send the default message in. If the customizedMessageBody is specified, this property is ignored, and the message is sent using the customizedMessageBody. The language format should be in ISO 639. The default is en-US. |
|
ccRecipients
|
invitedUserMessageInfo.ccRecipients | array of object |
Additional recipients the invitation message should be sent to. Currently only 1 additional recipient is supported. |
|
emailAddress
|
invitedUserMessageInfo.ccRecipients.emailAddress | emailAddress | |
|
customizedMessageBody
|
invitedUserMessageInfo.customizedMessageBody | string |
Customized message body you want to send if you don't want the default message. |
|
inviteRedirectUrl
|
inviteRedirectUrl | string |
The URL the user should be redirected to once the invitation is redeemed. |
|
status
|
status | string |
The status of the invitation. |
|
id
|
invitedUser.id | string |
The id of the invited user. |
Definitions
emailAddress
| Name | Path | Type | Description |
|---|---|---|---|
|
address
|
address | string |
The email address of the person or entity. |
|
name
|
name | string |
The display name of the person or entity. |