Azure AD App Registrations (Preview)
Azure Active Directory is an Identity and Access Management cloud solution that extends your on-premises directories to the cloud and provides single sign-on to thousands of cloud (SaaS) apps and access to web apps you run on-premises.
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
| Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | Paul Culmsee and Microsoft |
| URL | https://docs.microsoft.com/en-us/graph/api/resources/application |
| paul.culmsee@rapidcircle.com |
| Connector Metadata | |
|---|---|
| Publisher | Paul Culmsee (Rapid Circle) and Microsoft |
| Privacy policy | https://privacy.microsoft.com/en-us/privacystatement |
| Website | https://azure.microsoft.com/en-us/services/active-directory |
| Categories | IT Operations;Security |
Creating a connection
The connector supports the following authentication types:
| Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Throttling Limits
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
Actions
| Get Application |
Get the properties and relationships of an application object. |
| Get Application Owners |
Get Application Owners |
| List Applications and Owners |
Get the list of applications registered in AAD in this organization |
Get Application
Get the properties and relationships of an application object.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Object ID
|
id | True | string |
Unique identifier for the application object |
Returns
Get Application Owners
Get Application Owners
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Object ID
|
id | True | string |
Unique identifier for the application object |
Returns
List Applications and Owners
Get the list of applications registered in AAD in this organization
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Choose columns
|
$select | string |
Choose columns to display (blank for all) |
|
|
Search criteria (clear owners)
|
$search | string |
Advanced Search criteria. Clear Owner column and specify in quotes. (eg "displayName:Web") |
|
|
Filter criteria
|
$filter | string |
Filters results (rows) |
|
|
Display count
|
$count | string |
true or false - Retrieves the total count of matching resources |
|
|
List related columns (blank for search)
|
$expand | string |
Retrieves related resources (including app owners by default. Remove if you use $search) |
|
|
Total count to return
|
$top | integer |
Limits the number of results. |
Returns
Definitions
ApplicationOwners_Definition
| Name | Path | Type | Description |
|---|---|---|---|
|
value
|
value | array of object | |
|
@odata.type
|
value.@odata.type | string |
Owner object type (eg User or Service Principal) |
|
id
|
value.id | string |
The unique identifier for the owner |
|
displayName
|
value.displayName | string |
The display name for the service principal |
|
businessPhones
|
value.businessPhones | array of |
The telephone numbers for the user (user type only) |
|
givenName
|
value.givenName | string |
The given name (first name) of the user (user type only) |
|
mail
|
value.mail | string |
The email of the user (user type only) |
|
mobilePhone
|
value.mobilePhone | string |
The mobile phone number of the user (user type only) |
|
surname
|
value.surname | string |
The user's surname (user type only) |
|
userPrincipalName
|
value.userPrincipalName | string |
The user principal name (UPN) of the user (user type only) |
Application_Definition
| Name | Path | Type | Description |
|---|---|---|---|
|
id
|
id | string |
The unique identifier for the application |
|
deletedDateTime
|
deletedDateTime | string |
The date and time the application was deleted. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. |
|
appId
|
appId | string |
The unique identifier for the application that is assigned to an application by Azure AD |
|
applicationTemplateId
|
applicationTemplateId | string |
Unique identifier of the applicationTemplate |
|
disabledByMicrosoftStatus
|
disabledByMicrosoftStatus | string |
Specifies whether Microsoft has disabled the registered application |
|
createdDateTime
|
createdDateTime | string |
The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time |
|
displayName
|
displayName | string |
The display name for the application |
|
description
|
description | string |
The description for the application |
|
groupMembershipClaims
|
groupMembershipClaims | string |
The groups claim issued in a user or OAuth 2.0 access token that the application expects |
|
identifierUris
|
identifierUris | array of string |
The URIs that identify the application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant |
|
isDeviceOnlyAuthSupported
|
isDeviceOnlyAuthSupported |
Specifies whether this application supports device authentication without a user. The default is false |
|
|
isFallbackPublicClient
|
isFallbackPublicClient | boolean |
Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false which means the fallback application type is confidential client such as a web app |
|
notes
|
notes | string |
Notes relevant for the management of the application |
|
optionalClaims
|
optionalClaims |
Optional claims in their Azure AD applications to specify the claims that are sent to their application by the Microsoft security token service |
|
|
publisherDomain
|
publisherDomain | string |
The verified publisher domain for the application |
|
signInAudience
|
signInAudience | string |
Specifies the Microsoft accounts that are supported for the current application. Supported values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount |
|
tags
|
tags | array of |
Custom strings that can be used to categorize and identify the application |
|
tokenEncryptionKeyId
|
tokenEncryptionKeyId | string |
Specifies the keyId of a public key from the keyCredentials collection |
|
displayName
|
verifiedPublisher.displayName | string |
The verified publisher name from the app publisher's Partner Center account |
|
verifiedPublisherId
|
verifiedPublisher.verifiedPublisherId | string |
The ID of the verified publisher from the app publisher's Partner Center account |
|
addedDateTime
|
verifiedPublisher.addedDateTime | string |
The timestamp when the verified publisher was first added or most recently updated |
|
defaultRedirectUri
|
defaultRedirectUri | string |
The default redirect URI |
|
addIns
|
addIns | array of object |
Defines custom behavior that a consuming service can use to call an app in specific contexts |
|
id
|
addIns.id | string |
Add-in ID |
|
type
|
addIns.type | string |
Add-in type |
|
properties
|
addIns.properties | array of object |
Add-in properties |
|
key
|
addIns.properties.key | string |
Add-in property key |
|
value
|
addIns.properties.value | string |
Add-in property value |
|
acceptMappedClaims
|
api.acceptMappedClaims | boolean |
When true, allows an application to use claims mapping without specifying a custom signing key |
|
knownClientApplications
|
api.knownClientApplications | array of |
Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app |
|
requestedAccessTokenVersion
|
api.requestedAccessTokenVersion |
Specifies the access token version expected by this resource. This changes the version and format of the JWT produced independent of the endpoint or client used to request the access token |
|
|
oauth2PermissionScopes
|
api.oauth2PermissionScopes | array of object |
The definition of the delegated permissions exposed by the web API represented by this application registration |
|
adminConsentDescription
|
api.oauth2PermissionScopes.adminConsentDescription | string |
A description of the delegated permissions, intended to be read by an administrator granting the permission on behalf of all users |
|
adminConsentDisplayName
|
api.oauth2PermissionScopes.adminConsentDisplayName | string |
The permission's title, intended to be read by an administrator granting the permission on behalf of all users |
|
id
|
api.oauth2PermissionScopes.id | string |
Unique delegated permission identifier inside the collection of delegated permissions defined for a resource application |
|
isEnabled
|
api.oauth2PermissionScopes.isEnabled | boolean |
When creating or updating a permission, this property must be set to true (which is the default). To delete a permission, this property must first be set to false |
|
type
|
api.oauth2PermissionScopes.type | string |
Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions |
|
userConsentDescription
|
api.oauth2PermissionScopes.userConsentDescription | string |
A description of the delegated permissions, intended to be read by a user granting the permission on their own behalf |
|
userConsentDisplayName
|
api.oauth2PermissionScopes.userConsentDisplayName | string |
A title for the permission, intended to be read by a user granting the permission on their own behalf |
|
value
|
api.oauth2PermissionScopes.value | string |
Specifies the value to include in the scp (scope) claim in access tokens |
|
preAuthorizedApplications
|
api.preAuthorizedApplications | array of |
Lists the client applications that are pre-authorized with the specified delegated permissions to access this application's APIs |
|
appRoles
|
appRoles | array of |
The collection of roles assigned to the application |
|
logoUrl
|
info.logoUrl | string |
CDN URL to the application's logo |
|
marketingUrl
|
info.marketingUrl | string |
Link to the application's marketing page |
|
privacyStatementUrl
|
info.privacyStatementUrl | string |
Link to the application's privacy statement |
|
supportUrl
|
info.supportUrl | string |
Link to the application's support page |
|
termsOfServiceUrl
|
info.termsOfServiceUrl | string |
Link to the application's terms of service statement |
|
keyCredentials
|
keyCredentials | array of |
The collection of key credentials associated with the application |
|
countriesBlockedForMinors
|
parentalControlSettings.countriesBlockedForMinors | array of |
Specifies the two-letter ISO country codes |
|
legalAgeGroupRule
|
parentalControlSettings.legalAgeGroupRule | string |
Specifies the legal age group rule that applies to users of the app |
|
passwordCredentials
|
passwordCredentials | array of object |
The collection of password credentials associated with the application |
|
displayName
|
passwordCredentials.displayName | string |
Friendly name for the password |
|
endDateTime
|
passwordCredentials.endDateTime | string |
The date and time at which the password expires represented using ISO 8601 format and is always in UTC time |
|
hint
|
passwordCredentials.hint | string |
Contains the first three characters of the password |
|
keyId
|
passwordCredentials.keyId | string |
The unique identifier for the password |
|
startDateTime
|
passwordCredentials.startDateTime | string |
The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time |
|
redirectUris
|
publicClient.redirectUris | array of |
Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent |
|
requiredResourceAccess
|
requiredResourceAccess | array of object |
Specifies the resources that the application needs to access. This property also specifies the set of OAuth permission scopes and application roles that it needs for each of those resources |
|
resourceAppId
|
requiredResourceAccess.resourceAppId | string |
The unique identifier for the resource that the application requires access to |
|
resourceAccess
|
requiredResourceAccess.resourceAccess | array of object |
The list of OAuth2.0 permission scopes and app roles that the application requires from the specified resource |
|
id
|
requiredResourceAccess.resourceAccess.id | string |
The unique identifier for one of the oauth2PermissionScopes or appRole instances that the resource application exposes |
|
type
|
requiredResourceAccess.resourceAccess.type | string |
Specifies whether the id property references an oauth2PermissionScopes or an appRole |
|
homePageUrl
|
web.homePageUrl | string |
Home page or landing page of the application |
|
logoutUrl
|
web.logoutUrl | string |
Specifies the URL that will be used by Microsoft's authorization service to logout an user using front-channel, back-channel or SAML logout protocols |
|
redirectUris
|
web.redirectUris | array of string |
Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent |
|
enableAccessTokenIssuance
|
web.implicitGrantSettings.enableAccessTokenIssuance | boolean |
Specifies whether this web application can request an ID token using the OAuth 2.0 implicit flow |
|
enableIdTokenIssuance
|
web.implicitGrantSettings.enableIdTokenIssuance | boolean |
Specifies whether this web application can request an access token using the OAuth 2.0 implicit flow |
|
redirectUris
|
spa.redirectUris | array of |
Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent |
ApplicationList_Definition
| Name | Path | Type | Description |
|---|---|---|---|
|
@odata.context
|
@odata.context | string |
@odata.context |
|
@odata.nextLink
|
@odata.nextLink | string |
@odata.nextLink |
|
value
|
value | array of Application_Definition |
Represents an application. Any application that outsources authentication to Azure Active Directory (Azure AD) must be registered in a directory |