Lifecycle Workflow built-in tasks
Lifecycle Workflows come with many pre-configured tasks that are designed to automate common lifecycle management scenarios. These built-in tasks can be utilized to make customized workflows to suit your organization's needs. These tasks can be configured within seconds to create new workflows. These tasks also have categories based on the Joiner-Mover-Leaver model so that they can be easily placed into workflows based on need. In this article, you get the complete list of tasks, information on common parameters each task has, and a list of unique parameters needed for each specific task.
Lifecycle Workflow's built-in tasks each include an identifier, known as taskDefinitionID, and can be used to create either new workflows from scratch, or inserted into workflow templates so that they fit the needs of your organization. For more information on templates available for use with Lifecycle Workflows, see: Lifecycle Workflow Templates.
Note
Lifecycle Workflows enhances Microsoft Entra ID Governance's HR-driven provisioning by automating routine processes. While HR provisioning manages the creation and attribute updates of user accounts, Lifecycle Workflows provide additional automation of tasks.
Lifecycle Workflows currently support the following tasks:
Task | taskdefinitionID | Category | Active Directory Compatibility |
---|---|---|---|
Send welcome email to new hire | 70b29d51-b59a-4773-9280-8841dfd3f2ea | Joiner | |
Send onboarding reminder email | 3C860712-2D37-42A4-928F-5C93935D26A1 | Joiner | |
Generate Temporary Access Pass and send via email to user's manager | 1b555e50-7f65-41d5-b514-5894a026d10d | Joiner | |
Send email to notify manager of user move | aab41899-9972-422a-9d97-f626014578b7 | Mover | |
Request user access package assignment | c1ec1e76-f374-4375-aaa6-0bb6bd4c60be | Joiner, Mover | |
Assign licenses to user | 683c87a4-2ad4-420b-97d4-220d90afcd24 | Joiner, Mover | |
Add user to groups | 22085229-5809-45e8-97fd-270d28d66910 | Joiner, Leaver, Mover | |
Add user to teams | e440ed8d-25a1-4618-84ce-091ed5be5594 | Joiner, Leaver, Mover | |
Enable user account | 6fc52c9d-398b-4305-9763-15f42c1676fc | Joiner, Leaver | |
Run a custom task extension | 4262b724-8dba-4fad-afc3-43fcbb497a0e | Joiner, Leaver, Mover | |
Disable user account | 1dfdfcc7-52fa-4c2e-bf3a-e3919cc12950 | Leaver | |
Remove user from selected groups | 1953a66c-751c-45e5-8bfe-01462c70da3c | Joiner, Leaver, Mover | |
Remove users from all groups | b3a31406-2a15-4c9a-b25b-a658fa5f07fc | Leaver | |
Remove user from teams | 06aa7acb-01af-4824-8899-b14e5ed788d6 | Leaver | |
Remove user from all teams | 81f7b200-2816-4b3b-8c5d-dc556f07b024 | Leaver | |
Remove access package assignment for user | 4a0b64f2-c7ec-46ba-b117-18f262946c50 | Leaver, Mover | |
Remove all access package assignments for user | 42ae2956-193d-4f39-be06-691b8ac4fa1d | Leaver | |
Cancel all pending access package assignment requests for user | 498770d9-bab7-4e4c-b73d-5ded82a1d0b3 | Leaver | |
Remove selected license assignments from user | 5fc402a8-daaf-4b7b-9203-da868b05fc5f | Leaver, Mover | |
Remove all license assignments from user | 8fa97d28-3e52-4985-b3a9-a1126f9b8b4e | Leaver | |
Delete user | 8d18588d-9ad3-4c0f-99d0-ec215f0e3dff | Leaver | |
Send email to manager before user's last day | 52853a3e-f4e5-4eb8-bb24-1ac09a1da935 | Leaver | |
Send email on user's last day | 9c0a1eaf-5bda-4392-9d9e-6e155bb57411 | Leaver | |
Send email to user's manager after their last day | 6f22ddd4-b3a5-47a4-a846-0d7c201a49ce | Leaver |
Common task parameters are the non-unique parameters contained in every task. When adding tasks to a new workflow, or a workflow template, you can customize and configure these parameters so that they match your requirements.
Parameter | Definition |
---|---|
category | A read-only string that identifies the category or categories of the task. Automatically determined when the taskDefinitionID is chosen. |
taskDefinitionId | A string referencing a taskDefinition that determines which task to run. |
isEnabled | A boolean value that denotes whether the task is set to run or not. If set to “true" then the task runs. Defaults to true. |
displayName | A unique string that identifies the task. |
description | A string that describes the purpose of the task for administrative use. (Optional) |
executionSequence | A read-only integer that states in what order the task runs in a workflow. |
continueOnError | A boolean value that determines if the failure of this task stops the subsequent workflows from running. |
arguments | Contains unique parameters relevant for the given task. |
Emails, sent from tasks, are able to be customized. If you choose to customize the email, you're able to set the following arguments:
- Subject: Customizes the subject of emails.
- Message body: Customizes the body of the emails being sent out.
- Email language translation: Overrides the email recipient's language settings. Custom text isn't customized, and it's recommended to set this language to the same language as the custom text.
For a step by step guide on this process, see: Customize emails sent out by workflow tasks.
With customized emails, you're able to include dynamic attributes within the subject and body to personalize these emails. The list of dynamic attributes that can be included are as follows:
Attribute | Definition |
---|---|
userDisplayName | The user’s display name. |
userEmployeeHireDate | The user’s employee hire date. |
userEmployeeLeaveDateTime | The user’s employee leave date time. |
managerDisplayName | The display name of the user’s manager. |
temporaryAccessPass | The generated Temporary Access Pass. Only available with the Generate TAP And Send Email task. |
userPrincipalName | The user’s userPrincipalName. |
managerEmail | The manager’s email. |
userSurname | User’s family name. |
userGivenName | User’s first name. |
Note
When adding these attributes to a customized email, or subject, they must be properly embedded. For a step by step guide on doing this, see: Format attributes within customized emails.
In this section is each specific task, and detailed information such as parameters and prerequisites, required for them to run successfully. The parameters are noted as they appear both in the Microsoft Entra admin center, and within Microsoft Graph. For information about editing Lifecycle Workflow tasks in general, see: Manage workflow Versions.
Lifecycle Workflows allow you to automate the sending of welcome emails to new hires in your organization. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
The Microsoft Entra prerequisite to run the Send welcome email to new hire task is:
- A populated mail attribute for the user.
For Microsoft Graph, the parameters for the Send welcome email to new hire task are as follows:
Parameter | Definition |
---|---|
category | joiner |
displayName | Send Welcome Email (Customizable by user) |
description | Send welcome email to new hire (Customizable by user) |
taskDefinitionId | 70b29d51-b59a-4773-9280-8841dfd3f2ea |
arguments | The optional common email task parameters can be specified; if they aren't included, the default behavior takes effect. |
Example of usage within the workflow:
{
"category": "joiner",
"continueOnError": false,
"description": "Send welcome email to new hire",
"displayName": "Send Welcome Email",
"isEnabled": true,
"taskDefinitionId": "70b29d51-b59a-4773-9280-8841dfd3f2ea",
"arguments": [
{
"name": "cc",
"value": "e94ad2cd-d590-4b39-8e46-bb4f8e293f85,ac17d108-60cd-4eb2-a4b4-084cacda33f2"
},
{
"name": "customSubject",
"value": "Welcome to the organization {{userDisplayName}}!"
},
{
"name": "customBody",
"value": "Welcome to our organization {{userGivenName}} {{userSurname}}.\n\nFor more information, reach out to your manager {{managerDisplayName}} at {{managerEmail}}."
},
{
"name": "locale",
"value": "en-us"
}
]
}
Lifecycle Workflows allow you to automate the sending of onboarding reminder emails to managers of new hires in your organization. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
The Microsoft Entra prerequisites to run the Send onboarding reminder email task are:
- A populated manager attribute for the user.
- A populated manager's mail attribute for the user.
For Microsoft Graph, the parameters for the Send onboarding reminder email task are as follows:
Parameter | Definition |
---|---|
category | joiner |
displayName | Send onboarding reminder email (Customizable by user) |
description | Send onboarding reminder email to user’s manager (Customizable by user) |
taskDefinitionId | 3C860712-2D37-42A4-928F-5C93935D26A1 |
arguments | The optional common email task parameters can be specified; if they aren't included, the default behavior takes effect. |
Example of usage within the workflow:
{
"category": "joiner",
"continueOnError": false,
"description": "Send onboarding reminder email to user\u2019s manager",
"displayName": "Send onboarding reminder email",
"isEnabled": true,
"taskDefinitionId": "3C860712-2D37-42A4-928F-5C93935D26A1",
"arguments": [
{
"name": "cc",
"value": "e94ad2cd-d590-4b39-8e46-bb4f8e293f85,068fa0c1-fa00-4f4f-8411-e968d921c3e7"
},
{
"name": "customSubject",
"value": "Reminder: {{userDisplayName}} is starting soon"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nthis is a reminder that {{userDisplayName}} is starting soon.\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}
Microsoft Entra allows you to use a Temporary Access Pass (TAP) to set up password-less credentials for users. You can also use Microsoft Entra self-service password reset to set a regular password. With this task, Lifecycle workflows allow you to automatically generate a Temporary Access Pass (TAP), and have it sent to the new user's manager. You're also able to customize the email that is sent to the user's manager.
Note
The user's employee hire date is used as the start time for the Temporary Access Pass. Please make sure that the TAP lifetime task setting and the time portion of your user's hire date are set appropriately so that the TAP is still valid when the user starts their first day. If the hire date at the time of workflow execution is already in the past, the current time is used as the start time.
With this task in the Microsoft Entra admin center, you're able to give the task a name and description. You must also set:
- Activation duration- How long the passcode is active.
- One time use- If the passcode can only be used once.
The Microsoft Entra prerequisites to run the Generate Temporary Access Pass and send via email to user's manager task are:
- A populated manager attribute for the user.
- A populated manager's mail attribute for the user.
- The TAP tenant policy must be enabled and the selected values for activation duration and one time use must be within the allowed range of the policy. For more information, see Enable the Temporary Access Pass policy
Important
A user having this task run for them in a workflow must also not have any other authentication methods, sign-ins, or Microsoft Entra role assignments for this task to work for them.
For Microsoft Graph, the parameters for the Generate Temporary Access Pass and send via email to user's manager task are as follows:
Parameter | Definition |
---|---|
category | joiner |
displayName | GenerateTAPAndSendEmail (Customizable by user) |
description | Generate Temporary Access Pass and send via email to user's manager (Customizable by user) |
taskDefinitionId | 1b555e50-7f65-41d5-b514-5894a026d10d |
arguments | Argument contains the name parameter "tapLifetimeInMinutes", which is the lifetime of the temporaryAccessPass in minutes starting at startDateTime. Minimum 10, Maximum 43200 (equivalent to 30 days). The argument also contains the tapIsUsableOnce parameter, which determines whether the passcode is limited to a one time use. If true, the pass can be used once; if false, the pass can be used multiple times within the temporaryAccessPass lifetime. Additionally, the optional common email task parameters can be specified; if they aren't included, the default behavior takes effect. |
Example of usage within the workflow:
{
"category": "joiner",
"continueOnError": false,
"description": "Generate Temporary Access Pass and send via email to user's manager",
"displayName": "Generate TAP and Send Email",
"isEnabled": true,
"taskDefinitionId": "1b555e50-7f65-41d5-b514-5894a026d10d",
"arguments": [
{
"name": "tapLifetimeMinutes",
"value": "480"
},
{
"name": "tapIsUsableOnce",
"value": "false"
},
{
"name": "cc",
"value": "068fa0c1-fa00-4f4f-8411-e968d921c3e7,9d208c40-7eb6-46ff-bebd-f30148c39b47"
},
{
"name": "customSubject",
"value": "Temporary access pass for your new employee {{userDisplayName}}"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nPlease find the temporary access pass for your new employee {{userDisplayName}} below:\n\n{{temporaryAccessPass}}\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}
When a user moves within your organization Lifecycle Workflows allow you to send an email to the user's manager notifying them of the move. You're also able to customize the email that is sent to the user's manager.
The Microsoft Entra prerequisites to run the Send email to notify manager of user move task are:
- A populated manager attribute for the user.
- A populated manager's mail attribute for the user.
For Microsoft Graph the parameters for the Send email to notify manager of user move task are as follows:
Parameter | Definition |
---|---|
category | Mover |
displayName | Send email to notify manager of user move (Customizable by user) |
description | Send email to notify user’s manager of user move (Customizable by user) |
taskDefinitionId | aab41899-9972-422a-9d97-f626014578b7 |
arguments | The optional common email task parameters can be specified; if they are not included, the default behavior takes effect. |
Example of usage within the workflow:
{
"category": "mover",
"continueOnError": false,
"description": "Send email to notify user\u2019s manager of user move",
"displayName": "Send email to notify manager of user move",
"isEnabled": true,
"taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
"arguments": [
{
"name": "cc",
"value": "ac17d108-60cd-4eb2-a4b4-084cacda33f2,7d3ee937-edcc-46b0-9e2c-f832e01231ea"
},
{
"name": "customSubject",
"value": "{{userDisplayName}} has moved"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nwe are reaching out to let you know {{userDisplayName}} has moved in the organization.\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}
Allows you to request an access package assignment for users. If an approval process is configured for the access package and should take place, you must opt-into the Enforce policy approval setting for admin direct assignments
Entitlement Management setting. For more information on access packages, see What are access packages and what resources can I manage with them?.
You're able to customize the task name and task description for this task. You must also select the access package and policy that is being requested for the user.
For Microsoft Graph, the parameters for the Request user access package assignment task are as follows:
Parameter | Definition |
---|---|
category | joiner, mover |
displayName | Request user access package assignment (Customizable by user) |
description | Request user assignment to selected access package (Customizable by user) |
taskDefinitionId | c1ec1e76-f374-4375-aaa6-0bb6bd4c60be |
arguments | Argument contains two name parameter that is the "assignmentPolicyId", and "accessPackageId". |
Example of usage within the workflow:
{
"category": "joiner,mover",
"continueOnError": false,
"description": "Request user assignment to selected access package",
"displayName": "Request user access package assignment",
"isEnabled": true,
"taskDefinitionId": "c1ec1e76-f374-4375-aaa6-0bb6bd4c60be",
"arguments": [
{
"name": "assignmentPolicyId",
"value": "00d6fd25-6695-4f4a-8186-e4c6f901d2c1"
},
{
"name": "accessPackageId",
"value": "2ae5d6e5-6cbe-4710-82f2-09ef6ffff0d0"
}
]
}
Allows Licenses to be assigned to users. For a license to be assigned to the user, they must have a "usageLocation" attribute set.
Parameter | Definition |
---|---|
category | joiner, mover |
displayName | Assign licenses to user (Customizable by user) |
description | Assign selected licenses to the user (Customizable by user) |
taskDefinitionId | 683c87a4-2ad4-420b-97d4-220d90afcd24 |
arguments | Argument contains one parameter that has the name "licenses" that accepts a "Sku ID" value. For a full list of these values, see: Product names and service plan identifiers for licensing. |
Example of usage within the workflow:
{
"category": "joiner,mover",
"continueOnError": false,
"description": "Assign selected licenses to the user",
"displayName": "Assign licenses to user",
"isEnabled": true,
"taskDefinitionId": "683c87a4-2ad4-420b-97d4-220d90afcd24",
"arguments": [
{
"name": "licenses",
"value": "a403ebcc-fae0-4ca2-8c8c-7a907fd6c235"
}
]
}
Allows users to be added to Microsoft 365 and cloud-only security groups. Mail-enabled, distribution, dynamic and role-assignable groups aren't supported. To control access to on-premises AD group-based applications and resources, you need to enable group writeback. For more information, see Microsoft Entra Cloud Sync group writeback and using group writeback with entitlement management.
You're able to customize the task name and description for this task.
For Microsoft Graph, the parameters for the Add user to groups task are as follows:
Parameter | Definition |
---|---|
category | joiner, leaver |
displayName | AddUserToGroup (Customizable by user) |
description | Add user to groups (Customizable by user) |
taskDefinitionId | 22085229-5809-45e8-97fd-270d28d66910 |
arguments | Argument contains a name parameter that is the "groupID", and a value parameter that is the group ID of the group you're adding the user to. |
{
"category": "joiner,leaver",
"description": "Add user to groups",
"displayName": "AddUserToGroup",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "22085229-5809-45e8-97fd-270d28d66910",
"arguments": [
{
"name": "groupID",
"value": "0732f92d-6eb5-4560-80a4-4bf242a7d501"
}
]
}
You're able to add a user to an existing static team. You're able to customize the task name and description for this task.
For Microsoft Graph, the parameters for the Add user to teams task are as follows:
Parameter | Definition |
---|---|
category | joiner, leaver |
displayName | AddUserToTeam (Customizable by user) |
description | Add user to teams (Customizable by user) |
taskDefinitionId | e440ed8d-25a1-4618-84ce-091ed5be5594 |
argument | Argument contains a name parameter that is the "teamID", and a value parameter that is the team ID of the existing team you're adding a user to. |
{
"category": "joiner,leaver",
"description": "Add user to team",
"displayName": "AddUserToTeam",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "e440ed8d-25a1-4618-84ce-091ed5be5594",
"arguments": [
{
"name": "teamID",
"value": "e3cc382a-c4b6-4a8c-b26d-a9a3855421bd"
}
]
}
Allows user accounts to be enabled. For prerequisites on running this task for synced on-premises users, see: User account tasks. Users with Microsoft Entra role assignments aren't supported, nor are users with membership or ownership of role-assignable groups. You can also utilize Microsoft Entra ID's HR driven provisioning to on-premises Active Directory to disable and enable synchronized accounts with an attribute mapping to accountDisabled
based on data from your HR source. For more information, see: Workday Configure attribute mappings and SuccessFactors Configure attribute mappings. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Enable user account task are as follows:
Parameter | Definition |
---|---|
category | joiner, leaver |
displayName | EnableUserAccount (Customizable by user) |
description | Enable user account (Customizable by user) |
taskDefinitionId | 6fc52c9d-398b-4305-9763-15f42c1676fc |
arguments | Can contain the optional enableOnPremisesAccount argument. The value is a boolean value of either true, if you want the task to run for synced on-premises users, or false, if you don't want it to run for synced on-premises users. |
{
"category": "joiner,leaver",
"description": "Enable user account",
"displayName": "EnableUserAccount",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "6fc52c9d-398b-4305-9763-15f42c1676fc",
"arguments": [
{
"name": "enableOnPremisesAccount",
"value": "true"
}
]
}
Workflows can be configured to launch a custom task extension. You're able to customize the task name and description for this task using the Microsoft Entra admin center.
The Microsoft Entra prerequisite to run the Run a Custom Task Extension task is:
- A Logic App that is compatible with the custom task extension. For more information, see: Lifecycle workflow extensibility.
For Microsoft Graph, the parameters for the Run a Custom Task Extension task are as follows:
Parameter | Definition |
---|---|
category | joiner, leaver |
displayName | Run a Custom Task Extension (Customizable by user) |
description | Run a Custom Task Extension to call-out to an external system. (Customizable by user) |
taskDefinitionId | d79d1fcc-16be-490c-a865-f4533b1639ee |
argument | Argument contains a name parameter that is the "customTaskExtensionID", and a value parameter that is the ID of the previously created extension that contains information about the Logic App. |
{
"category": "joiner,leaver",
"description": "Run a Custom Task Extension to call-out to an external system.",
"displayName": "Run a Custom Task Extension",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "d79d1fcc-16be-490c-a865-f4533b1639ee",
"arguments": [
{
"name": "customTaskExtensionID",
"value": "<ID of your Custom Task Extension>"
}
]
}
For more information on setting up a Logic app to run with Lifecycle Workflows, see:Trigger Logic Apps with custom Lifecycle Workflow tasks.
Allows user accounts to be disabled. For prerequisites on running this task for synced on-premises users, see: User account tasks. Users with Microsoft Entra role assignments aren't supported, nor are users with membership or ownership of role-assignable groups. You can utilize Microsoft Entra ID's HR driven provisioning to on-premises Active Directory to disable and enable synchronized accounts with an attribute mapping to accountDisabled
based on data from your HR source. For more information, see: Workday Configure attribute mappings and SuccessFactors Configure attribute mappings. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Disable user account task are as follows:
Parameter | Definition |
---|---|
category | joiner, leaver |
displayName | DisableUserAccount (Customizable by user) |
description | Disable user account (Customizable by user) |
taskDefinitionId | 1dfdfcc7-52fa-4c2e-bf3a-e3919cc12950 |
arguments | Can contain the optional disableOnPremisesAccount argument. The value is a boolean value of either true, if you want the task to run for synced on-premises users, or false, if you don't want it to run for synced on-premises users. |
{
"category": "joiner,leaver",
"description": "Disable user account",
"displayName": "DisableUserAccount",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "1dfdfcc7-52fa-4c2e-bf3a-e3919cc12950",
"arguments": [
{
"name": "disableOnPremisesAccount",
"value": "true"
}
]
}
Allows users to be removed from Microsoft 365 and cloud-only security groups. Mail-enabled, distribution, dynamic and role-assignable groups aren't supported. To control access to on-premises AD group-based applications and resources, you need to enable group writeback. For more information, see Microsoft Entra Cloud Sync group writeback and using group writeback with entitlement management.
You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Remove user from selected groups task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Remove user from selected groups (Customizable by user) |
description | Remove user from membership of selected Microsoft Entra groups (Customizable by user) |
taskDefinitionId | 1953a66c-751c-45e5-8bfe-01462c70da3c |
argument | Argument contains a name parameter that is the "groupID", and a value parameter that is the group Id(s) of the group or groups you're removing the user from. |
{
"category": "leaver",
"displayName": "Remove user from selected groups",
"description": "Remove user from membership of selected Azure AD groups",
"isEnabled": true,
"continueOnError": true,
"taskDefinitionId": "1953a66c-751c-45e5-8bfe-01462c70da3c",
"arguments": [
{
"name": "groupID",
"value": "GroupId1, GroupId2, GroupId3, ..."
}
]
}
Allows users to be removed from every Microsoft 365 and cloud-only security group they're a member of. Mail-enabled, distribution, dynamic and role-assignable groups aren't supported. To control access to on-premises AD-group-based applications and resources, you need to enable group writeback. For more information, see Microsoft Entra Cloud Sync group writeback.
You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Remove users from all groups task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Remove user from all groups (Customizable by user) |
description | Remove user from all Microsoft Entra groups memberships (Customizable by user) |
taskDefinitionId | b3a31406-2a15-4c9a-b25b-a658fa5f07fc |
{
"category": "leaver",
"continueOnError": true,
"displayName": "Remove user from all groups",
"description": "Remove user from all Azure AD groups memberships",
"isEnabled": true,
"taskDefinitionId": "b3a31406-2a15-4c9a-b25b-a658fa5f07fc",
"arguments": []
}
Allows a user to be removed from one or multiple static teams. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Remove User from Teams task are as follows:
Parameter | Definition |
---|---|
category | joiner, leaver |
displayName | Remove user from selected Teams (Customizable by user) |
description | Remove user from membership of selected Teams (Customizable by user) |
taskDefinitionId | 06aa7acb-01af-4824-8899-b14e5ed788d6 |
arguments | Argument contains a name parameter that is the "teamID", and a value parameter that is the Teams ID of the Teams you're removing the user from. |
{
"category": "joiner,leaver",
"continueOnError": true,
"displayName": "Remove user from selected Teams",
"description": "Remove user from membership of selected Teams",
"isEnabled": true,
"taskDefinitionId": "06aa7acb-01af-4824-8899-b14e5ed788d6",
"arguments": [
{
"name": "teamID",
"value": "TeamId1, TeamId2, TeamId3, ..."
}
]
}
Allows users to be removed from every static team they're a member of. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Remove users from all teams task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Remove user from all Teams memberships (Customizable by user) |
description | Remove user from all Teams (Customizable by user) |
taskDefinitionId | 81f7b200-2816-4b3b-8c5d-dc556f07b024 |
{
"category": "leaver",
"continueOnError": true,
"description": "Remove user from all Teams",
"displayName": "Remove user from all Teams memberships",
"isEnabled": true,
"taskDefinitionId": "81f7b200-2816-4b3b-8c5d-dc556f07b024",
"arguments": []
}
Allows you to remove an access package assignment for users. For more information on access packages, see What are access packages and what resources can I manage with them?.
You're able to customize the task name and description for this task in the Microsoft Entra admin center. You also need to select the access package for which you want to remove the assignment.
For Microsoft Graph, the parameters for the Remove access package assignment for user task are as follows:
Parameter | Definition |
---|---|
category | leaver, mover |
displayName | Remove access package assignment for user (Customizable by user) |
description | Remove user assignment of selected access package (Customizable by user) |
taskDefinitionId | 4a0b64f2-c7ec-46ba-b117-18f262946c50 |
arguments | Argument contains a name parameter that is the "accessPackageId". |
{
"category": "leaver,mover",
"continueOnError": false,
"description": "Remove user assignment of selected access package",
"displayName": "Remove access package assignment for user",
"isEnabled": true,
"taskDefinitionId": "4a0b64f2-c7ec-46ba-b117-18f262946c50",
"arguments": [
{
"name": "accessPackageId",
"value": "2ae5d6e5-6cbe-4710-82f2-09ef6ffff0d0"
}
]
}
Allows you to remove all access package assignments for users. For more information on access packages, see What are access packages and what resources can I manage with them?.
You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Remove all access package assignments for user task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Remove all access package assignments for user (Customizable by user) |
description | Remove all access packages assigned to the user (Customizable by user) |
taskDefinitionId | 42ae2956-193d-4f39-be06-691b8ac4fa1d |
Example of usage within the workflow:
{
"category": "leaver",
"continueOnError": false,
"description": "Remove all access packages assigned to the user",
"displayName": "Remove all access package assignments for user",
"isEnabled": true,
"taskDefinitionId": "42ae2956-193d-4f39-be06-691b8ac4fa1d",
"arguments": []
}
Allows you to cancel all pending access package assignment requests for user. For more information on access packages, see What are access packages and what resources can I manage with them?.
You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Cancel all pending access package assignment requests for user task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Cancel pending access package assignment requests for user (Customizable by user) |
description | Cancel all pending access packages assignment requests for the user (Customizable by user) |
taskDefinitionId | 498770d9-bab7-4e4c-b73d-5ded82a1d0b3 |
Example of usage within the workflow:
{
"category": "leaver",
"continueOnError": false,
"description": "Cancel all access package assignment requests pending for the user",
"displayName": "Cancel all pending access package assignment requests for user",
"isEnabled": true,
"taskDefinitionId": "498770d9-bab7-4e4c-b73d-5ded82a1d0b3",
"arguments": []
}
Remove selected license assignments from a user.
You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Remove selected license assignments from user task are as follows:
Parameter | Definition |
---|---|
category | leaver, mover |
displayName | Remove licenses from user (Customizable by user) |
description | Remove selected licenses assigned to the user (Customizable by user) |
taskDefinitionId | 5fc402a8-daaf-4b7b-9203-da868b05fc5f |
arguments | Argument contains one parameter that has the name "licenses" that accepts a "Sku ID" value. For a full list of these values, see: Product names and service plan identifiers for licensing. |
Example of usage within the workflow:
{
"category": "leaver,mover",
"description": "Remove selected licenses assigned to the user",
"displayName": "Remove licenses from user",
"id": "5fc402a8-daaf-4b7b-9203-da868b05fc5f",
"version": 1,
"parameters": [
{
"name": "licenses",
"values": [],
"valueType": "string"
}
]
}
Allows all direct license assignments to be removed from a user. For group-based license assignments, you would run a task to remove the user from the group the license assignment is part of.
You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Remove all license assignment from user task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Remove all licenses for user (Customizable by user) |
description | Remove all licenses assigned to the user (Customizable by user) |
taskDefinitionId | 8fa97d28-3e52-4985-b3a9-a1126f9b8b4e |
{
"category": "leaver",
"continueOnError": true,
"displayName": "Remove all licenses for user",
"description": "Remove all licenses assigned to the user",
"isEnabled": true,
"taskDefinitionId": "8fa97d28-3e52-4985-b3a9-a1126f9b8b4e",
"arguments": []
}
Allows user accounts to be deleted. For prerequisites on running this task for synced on-premises users, see: User account tasks. Users with Microsoft Entra role assignments aren't supported, nor are users with membership or ownership of role-assignable groups. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
For Microsoft Graph, the parameters for the Delete User task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Delete user account (Customizable by user) |
description | Delete user account in Microsoft Entra ID (Customizable by user) |
taskDefinitionId | 8d18588d-9ad3-4c0f-99d0-ec215f0e3dff |
arguments | Can contain the optional deleteOnPremisesAccount argument. The value is a boolean value of either true, if you want the task to run for synced on-premises users, or false, if you don't want it to run for an on-premises user. |
{
"category": "leaver",
"continueOnError": true,
"displayName": "Delete user account",
"description": "Delete user account in Azure AD",
"isEnabled": true,
"taskDefinitionId": "8d18588d-9ad3-4c0f-99d0-ec215f0e3dff",
"arguments": [
{
"name": "deleteOnPremisesAccount",
"value": "true"
}
]
}
Allows an email to be sent to a user's manager before their last day. You're able to customize the task name and the description for this task in the Microsoft Entra admin center.
The Microsoft Entra prerequisites to run the Send email before user's last day task are:
- A populated manager attribute for the user.
- A populated manager's mail attribute for the user.
For Microsoft Graph the parameters for the Send email before user's last day task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Send email before user’s last day (Customizable by user) |
description | Send offboarding email to user’s manager before the last day of work (Customizable by user) |
taskDefinitionId | 52853a3e-f4e5-4eb8-bb24-1ac09a1da935 |
arguments | The optional common email task parameters can be specified; if they aren't included, the default behavior takes effect. |
Example of usage within the workflow:
{
"category": "leaver",
"continueOnError": false,
"description": "Send offboarding email to user’s manager before the last day of work",
"displayName": "Send email before user’s last day",
"isEnabled": true,
"taskDefinitionId": "52853a3e-f4e5-4eb8-bb24-1ac09a1da935",
"arguments": [
{
"name": "cc",
"value": "068fa0c1-fa00-4f4f-8411-e968d921c3e7,e94ad2cd-d590-4b39-8e46-bb4f8e293f85"
},
{
"name": "customSubject",
"value": "Reminder that {{userDisplayName}}'s last day is coming up"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nthis is a reminder that {{userDisplayName}}'s last day is coming up.\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}
Allows an email to be sent to a user's manager on their last day. You're able to customize the task name and the description for this task in the Microsoft Entra admin center.
The Microsoft Entra prerequisites to run the Send email on user last day task are:
- A populated manager attribute for the user.
- A populated manager's mail attribute for the user.
For Microsoft Graph, the parameters for the Send email on user last day task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Send email on user’s last day (Customizable by user) |
description | Send offboarding email to user’s manager on the last day of work (Customizable by user) |
taskDefinitionId | 9c0a1eaf-5bda-4392-9d9e-6e155bb57411 |
arguments | The optional common email task parameters can be specified; if they aren't included, the default behavior takes effect. |
Example of usage within the workflow:
{
"category": "leaver",
"continueOnError": false,
"description": "Send offboarding email to user’s manager on the last day of work",
"displayName": "Send email on user’s last day",
"isEnabled": true,
"taskDefinitionId": "9c0a1eaf-5bda-4392-9d9e-6e155bb57411",
"arguments": [
{
"name": "cc",
"value": "068fa0c1-fa00-4f4f-8411-e968d921c3e7,e94ad2cd-d590-4b39-8e46-bb4f8e293f85"
},
{
"name": "customSubject",
"value": "{{userDisplayName}}'s last day"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nthis is a reminder that {{userDisplayName}}'s last day is today and their access will be revoked.\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}
Allows an email containing off-boarding information to be sent to the user's manager after their last day. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
The Microsoft Entra prerequisites to run the Send email to user's manager after their last day task are:
- A populated manager attribute for the user.
- A populated manager's mail attribute for the user.
For Microsoft Graph, the parameters for the Send email to user's manager after their last day task are as follows:
Parameter | Definition |
---|---|
category | leaver |
displayName | Send email to user's manager after their last day |
description | Send offboarding email to user’s manager after the last day of work (Customizable by user) |
taskDefinitionId | 6f22ddd4-b3a5-47a4-a846-0d7c201a49ce |
arguments | The optional common email task parameters can be specified; if they aren't included, the default behavior takes effect. |
Example of usage within the workflow:
{
"category": "leaver",
"continueOnError": false,
"description": "Send offboarding email to user’s manager after the last day of work",
"displayName": "Send email after user’s last day",
"isEnabled": true,
"taskDefinitionId": "6f22ddd4-b3a5-47a4-a846-0d7c201a49ce",
"arguments": [
{
"name": "cc",
"value": "ac17d108-60cd-4eb2-a4b4-084cacda33f2,7d3ee937-edcc-46b0-9e2c-f832e01231ea"
},
{
"name": "customSubject",
"value": "{{userDisplayName}}'s accounts will be deleted today"
},
{
"name": "customBody",
"value": "Hello {{managerDisplayName}}\n\nthis is a reminder that {{userDisplayName}} left the organization a while ago and today their disabled accounts will be deleted.\n\nRegards\nYour IT department"
},
{
"name": "locale",
"value": "en-us"
}
]
}