Azure AD App Registrations (Preview)

Azure Active Directory is an Identity and Access Management cloud solution that extends your on-premises directories to the cloud and provides single sign-on to thousands of cloud (SaaS) apps and access to web apps you run on-premises.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name Paul Culmsee and Microsoft
URL https://docs.microsoft.com/en-us/graph/api/resources/application
Email paul.culmsee@sevensigma.com.au
Connector Metadata
Publisher Paul Culmsee and Microsoft
Privacy policy https://privacy.microsoft.com/en-us/privacystatement
Website https://azure.microsoft.com/en-us/services/active-directory
Categories IT Operations;Security

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Throttling Limits

Name Calls Renewal Period
API calls per connection10060 seconds

Actions

List Applications and Owners

Get the list of applications registered in AAD in this organization

List Applications and Owners

Get the list of applications registered in AAD in this organization

Parameters

Name Key Required Type Description
Choose columns to display (blank for all)
$select string

Filters properties (columns)

Search criteria
$search string

Search displayName/description. Clear related columns and specify in quotes. (eg "displayName:Web")

Display count
$count string

true or false - Retrieves the total count of matching resources

List related columns
$expand string

Retrieves related resources (including owner details by default. Remove if you enter search criteria)

Total count to return
$top integer

Limits the number of results.

Returns

Definitions

ListApplications_Request

Name Path Type Description
@odata.context
@odata.context string

@odata.context

value
value array of object

Represents an application. Any application that outsources authentication to Azure Active Directory (Azure AD) must be registered in a directory

id
value.id string

The unique identifier for the application

deletedDateTime
value.deletedDateTime string

The date and time the application was deleted. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time.

appId
value.appId string

The unique identifier for the application that is assigned to an application by Azure AD

applicationTemplateId
value.applicationTemplateId string

Unique identifier of the applicationTemplate

disabledByMicrosoftStatus
value.disabledByMicrosoftStatus string

Specifies whether Microsoft has disabled the registered application

createdDateTime
value.createdDateTime string

The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time

displayName
value.displayName string

The display name for the application

description
value.description string

The description for the application

groupMembershipClaims
value.groupMembershipClaims string

The groups claim issued in a user or OAuth 2.0 access token that the application expects

identifierUris
value.identifierUris array of string

The URIs that identify the application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant

isDeviceOnlyAuthSupported
value.isDeviceOnlyAuthSupported string

Specifies whether this application supports device authentication without a user. The default is false

isFallbackPublicClient
value.isFallbackPublicClient boolean

Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false which means the fallback application type is confidential client such as a web app

notes
value.notes string

Notes relevant for the management of the application

optionalClaims
value.optionalClaims string

Optional claims in their Azure AD applications to specify the claims that are sent to their application by the Microsoft security token service

publisherDomain
value.publisherDomain string

The verified publisher domain for the application

signInAudience
value.signInAudience string

Specifies the Microsoft accounts that are supported for the current application. Supported values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount

tags
value.tags array of

Custom strings that can be used to categorize and identify the application

tokenEncryptionKeyId
value.tokenEncryptionKeyId string

Specifies the keyId of a public key from the keyCredentials collection

displayName
value.verifiedPublisher.displayName string

The verified publisher name from the app publisher's Partner Center account

verifiedPublisherId
value.verifiedPublisher.verifiedPublisherId string

The ID of the verified publisher from the app publisher's Partner Center account

addedDateTime
value.verifiedPublisher.addedDateTime string

The timestamp when the verified publisher was first added or most recently updated

defaultRedirectUri
value.defaultRedirectUri string

The default redirect URI

addIns
value.addIns array of object

Defines custom behavior that a consuming service can use to call an app in specific contexts

id
value.addIns.id string

id

type
value.addIns.type string

type

properties
value.addIns.properties array of object

properties

key
value.addIns.properties.key string

key

value
value.addIns.properties.value string

value

acceptMappedClaims
value.api.acceptMappedClaims string

When true, allows an application to use claims mapping without specifying a custom signing key

knownClientApplications
value.api.knownClientApplications array of

Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app

requestedAccessTokenVersion
value.api.requestedAccessTokenVersion string

Specifies the access token version expected by this resource. This changes the version and format of the JWT produced independent of the endpoint or client used to request the access token

oauth2PermissionScopes
value.api.oauth2PermissionScopes array of object

The definition of the delegated permissions exposed by the web API represented by this application registration

adminConsentDescription
value.api.oauth2PermissionScopes.adminConsentDescription string

A description of the delegated permissions, intended to be read by an administrator granting the permission on behalf of all users

adminConsentDisplayName
value.api.oauth2PermissionScopes.adminConsentDisplayName string

The permission's title, intended to be read by an administrator granting the permission on behalf of all users

id
value.api.oauth2PermissionScopes.id string

Unique delegated permission identifier inside the collection of delegated permissions defined for a resource application

isEnabled
value.api.oauth2PermissionScopes.isEnabled boolean

When creating or updating a permission, this property must be set to true (which is the default). To delete a permission, this property must first be set to false

type
value.api.oauth2PermissionScopes.type string

Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions

userConsentDescription
value.api.oauth2PermissionScopes.userConsentDescription string

A description of the delegated permissions, intended to be read by a user granting the permission on their own behalf

userConsentDisplayName
value.api.oauth2PermissionScopes.userConsentDisplayName string

A title for the permission, intended to be read by a user granting the permission on their own behalf

value
value.api.oauth2PermissionScopes.value string

Specifies the value to include in the scp (scope) claim in access tokens

preAuthorizedApplications
value.api.preAuthorizedApplications array of

Lists the client applications that are pre-authorized with the specified delegated permissions to access this application's APIs

appRoles
value.appRoles array of

The collection of roles assigned to the application

logoUrl
value.info.logoUrl string

CDN URL to the application's logo

marketingUrl
value.info.marketingUrl string

Link to the application's marketing page

privacyStatementUrl
value.info.privacyStatementUrl string

Link to the application's privacy statement

supportUrl
value.info.supportUrl string

Link to the application's support page

termsOfServiceUrl
value.info.termsOfServiceUrl string

Link to the application's terms of service statement

keyCredentials
value.keyCredentials array of

The collection of key credentials associated with the application

countriesBlockedForMinors
value.parentalControlSettings.countriesBlockedForMinors array of

Specifies the two-letter ISO country codes

legalAgeGroupRule
value.parentalControlSettings.legalAgeGroupRule string

Specifies the legal age group rule that applies to users of the app

passwordCredentials
value.passwordCredentials array of object

The collection of password credentials associated with the application

displayName
value.passwordCredentials.displayName string

Friendly name for the password

endDateTime
value.passwordCredentials.endDateTime string

The date and time at which the password expires represented using ISO 8601 format and is always in UTC time

hint
value.passwordCredentials.hint string

Contains the first three characters of the password

keyId
value.passwordCredentials.keyId string

The unique identifier for the password

startDateTime
value.passwordCredentials.startDateTime string

The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time

redirectUris
value.publicClient.redirectUris array of

Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent

requiredResourceAccess
value.requiredResourceAccess array of object

Specifies the resources that the application needs to access. This property also specifies the set of OAuth permission scopes and application roles that it needs for each of those resources

resourceAppId
value.requiredResourceAccess.resourceAppId string

The unique identifier for the resource that the application requires access to

resourceAccess
value.requiredResourceAccess.resourceAccess array of object

The list of OAuth2.0 permission scopes and app roles that the application requires from the specified resource

id
value.requiredResourceAccess.resourceAccess.id string

The unique identifier for one of the oauth2PermissionScopes or appRole instances that the resource application exposes

type
value.requiredResourceAccess.resourceAccess.type string

Specifies whether the id property references an oauth2PermissionScopes or an appRole

homePageUrl
value.web.homePageUrl string

Home page or landing page of the application

logoutUrl
value.web.logoutUrl string

Specifies the URL that will be used by Microsoft's authorization service to logout an user using front-channel, back-channel or SAML logout protocols

redirectUris
value.web.redirectUris array of string

Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent

enableAccessTokenIssuance
value.web.implicitGrantSettings.enableAccessTokenIssuance boolean

Specifies whether this web application can request an ID token using the OAuth 2.0 implicit flow

enableIdTokenIssuance
value.web.implicitGrantSettings.enableIdTokenIssuance boolean

Specifies whether this web application can request an access token using the OAuth 2.0 implicit flow

redirectUris
value.spa.redirectUris array of

Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent