Microsoft Entra ID

Microsoft Entra ID is an Identity and Access Management cloud solution that extends your on-premises directories to the cloud and provides single sign-on to thousands of cloud (SaaS) apps and access to web apps you run on-premises.

This connector is available in the following products and regions:

Service	Class	Regions
Logic Apps	Standard	All Logic Apps regions
Power Automate	Standard	All Power Automate regions
Power Apps	Standard	All Power Apps regions

Contact
Name	Microsoft
URL	https://support.microsoft.com

Connector Metadata
Publisher	Microsoft
Privacy policy	https://privacy.microsoft.com/privacystatement
Website	https://azure.microsoft.com/services/active-directory
Categories	IT Operations;Security

To use this integration, you will need access to an Microsoft Entra ID account with sufficient privileges. To make a connection, select Sign In. You will be prompted to provide your account information, follow the remainder of the screens to create a connection.

To use the Microsoft Entra ID connector, the account needs to have the following administrator permissions:

• Group.ReadWrite.All
• User.ReadWrite.All
• Directory.ReadWrite.All

More information on Graph permissions and how to configure them can be found here.

You're now ready to start using this integration.

Known issues and limitations

1. The connector does not return custom attributes of Microsoft Entra ID entities.
2. The connector does not support Mail-Enabled Security groups.
3. Microsoft Entra ID group with the attribute "isAssignableToRole" are not supported for now.
4. If you have deployed Azure Conditional Access (Microsoft Entra ID MFA) the connector will not work as expected. To workaround this issue, see this solution.

Creating a connection

The connector supports the following authentication types:

Default	Parameters for creating connection.	All regions	Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Throttling Limits

Name	Calls	Renewal Period
API calls per connection	200	60 seconds

Actions

Add user to group	Add a user to a group in this Microsoft Entra ID tenant.
Assign manager	Assign a manager for a user.
Check group membership (V2)	If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.
Check group membership [DEPRECATED]	This action has been deprecated. Please use Check group membership (V2) instead. If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.
Create group	Create a group in your Microsoft Entra ID tenant.
Create Office 365 group	Create an Office 365 group in your Microsoft Entra ID tenant.
Create security group	Create a security group in your Microsoft Entra ID tenant.
Create user	Create a new user in your Microsoft Entra ID tenant.
Get group	Get details for a group.
Get group members	Get the users who are members of a group. You can query up to 1000 items using the Top parameter. If you need to retrieve more than 1000 values, please turn on the Settings->Pagination feature and provide a Threshold limit.
Get groups of a user (V2)	Get the groups a user is a member of.
Get groups of a user [DEPRECATED]	This action has been deprecated. Please use Get groups of a user (V2) instead. Get the groups a user is a member of.
Get user	Get details for a user.
Refresh tokens	Invalidate all refresh tokens for a user
Remove Member From Group	Remove Member From Group
Update user	Update the info for a user.

Add user to group

Operation ID:

AddUserToGroup

Add a user to a group in this Microsoft Entra ID tenant.

Parameters

Name	Key	Required	Type	Description
Group Id	id	True	string	Unique identifer of a group (Ex. '40639f36-46a6-73a6-91e2-9584b7913429').
User Id	@odata.id	True	string	Unique identifer of a user (Ex. '5e6cf5c7-b511-4842-6aae-3f6b8ae5e95b').

Assign manager

Operation ID:

AssignManager

Assign a manager for a user.

Parameters

Name	Key	Required	Type	Description
User Id or Principal Name	id	True	string	Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').
User Id of the Manager	@odata.id	True	string	Unique identifer of a manager (Ex. '5f6cf5c7-a561-4842-9aae-3e6d8ce5e95b').

Check group membership (V2)

Operation ID:

CheckMemberGroupsV2

If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.

Parameters

Name	Key	Required	Type	Description
User Id or Principal Name	id	True	string	Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').
groupIds	groupIds	True	array of string

Returns

Body

GetMemberGroups_Response_V2

Check group membership [DEPRECATED]

Operation ID:

CheckMemberGroups

This action has been deprecated. Please use Check group membership (V2) instead.

If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.

Parameters

Name	Key	Required	Type	Description
User Id or Principal Name	id	True	string	Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').
groupIds	groupIds	True	array of string

Returns

Items

GetMemberGroups_Response

Create group

Operation ID:

CreateGroup

Create a group in your Microsoft Entra ID tenant.

Parameters

Name	Key	Required	Type	Description
Display Name	displayName	True	string	Display name of the new group.
Description	description	True	string	Description of the new group.
Mail Nickname	mailNickname	True	string	The mail alias of the new group.
groupTypes	groupTypes	True	array of string	Choose 'Unified' for an O365 group. Choose 'None' for a security group.
Security Enabled	securityEnabled	True	boolean	True if the new group is a security group.
Mail Enabled	mailEnabled	True	boolean	True if the new group is a mailing group.

Returns

Body

CreateGroup_Response

Create Office 365 group

Operation ID:

CreateOffice365Group

Create an Office 365 group in your Microsoft Entra ID tenant.

Parameters

Name	Key	Required	Type	Description
Display Name	displayName	True	string	Display name of the new group.
Description	description	True	string	Description of the new group.
Mail Nickname	mailNickname	True	string	The mail alias of the new group.
groupTypes	groupTypes	True	array of string	For Office 365, group type is 'Unified'.
Security Enabled	securityEnabled	True	boolean	True if the new group is a security group.
Mail Enabled	mailEnabled	True	boolean	True if the new group is a mailing group.

Returns

Body

CreateGroup_Response

Create security group

Operation ID:

CreateSecurityGroup

Create a security group in your Microsoft Entra ID tenant.

Parameters

Name	Key	Required	Type	Description
Display Name	displayName	True	string	Display name of the new group.
Description	description	True	string	Description of the new group.
Mail Nickname	mailNickname	True	string	The mail alias of the new group.
Security Enabled	securityEnabled	True	boolean	True if the new group is a security group.
Mail Enabled	mailEnabled	True	boolean	True if the new group is a mailing group.

Returns

Body

CreateGroup_Response

Create user

Operation ID:

CreateUser

Create a new user in your Microsoft Entra ID tenant.

Parameters

Name	Key	Required	Type	Description
Account Enabled	accountEnabled	True	boolean	True if the new account should be enabled when it is created.
Display Name	displayName	True	string	The name displayed in the address book for the user.
Mail Nickname	mailNickname	True	string	The mail alias for the user.
Password	password	True	string	The password for the user. The user will be required to change the password on the next login.
User Principal Name	userPrincipalName	True	string	The user principal name (UPN) of the user.
Given Name	givenName		string	The user's given name (first name).
Surname	surname		string	The user's surname (family name or last name).
businessPhones	businessPhones		array of string
Department	department		string	The name for the department in which the user works.
Job Title	jobTitle		string	The user's job title.
Mobile Phone	mobilePhone		string	The mobile phone number for the user in any format such as '1 (234) 567-8910'.
Office Location	officeLocation		string	The office location in the user's place of business.
Preferred Language	preferredLanguage		string	The preferred language for the user. Should follow ISO 639-1 Code; for example 'en-US'.

Returns

Body

GetUser_Response

Get group

Operation ID:

GetGroup

Get details for a group.

Parameters

Name	Key	Required	Type	Description
Group Id	id	True	string	Unique identifer of a group (Ex. '40639f36-46a6-73a6-91e2-9584b7913429').

Returns

Body

GetGroup_Response

Get group members

Operation ID:

GetGroupMembers

Get the users who are members of a group. You can query up to 1000 items using the Top parameter. If you need to retrieve more than 1000 values, please turn on the Settings->Pagination feature and provide a Threshold limit.

Parameters

Name	Key	Required	Type	Description
Group Id	id	True	string	Unique identifer of a group (Ex. '40639f36-46a6-73a6-91e2-9584b7913429').
Top	$top		integer	Limit on the number of results to return (from 1 to 999, default is 100).

Returns

Body

GetGroupMembers_Response

Get groups of a user (V2)

Operation ID:

GetMemberGroupsV2

Get the groups a user is a member of.

Parameters

Name	Key	Required	Type	Description
User Id or Principal Name	id	True	string	Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').
Security Enabled Only	securityEnabledOnly	True	boolean	Determines if only security enabled groups should be fetched.

Returns

Body

GetMemberGroups_Response_V2

Get groups of a user [DEPRECATED]

Operation ID:

GetMemberGroups

This action has been deprecated. Please use Get groups of a user (V2) instead.

Get the groups a user is a member of.

Parameters

Name	Key	Required	Type	Description
User Id or Principal Name	id	True	string	Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').
Security Enabled Only	securityEnabledOnly	True	boolean	Determines if only security enabled groups should be fetched.

Returns

Items

GetMemberGroups_Response

Get user

Operation ID:

GetUser

Get details for a user.

Parameters

Name	Key	Required	Type	Description
User Id or Principal Name	id	True	string	Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

Returns

Body

GetUser_Response

Refresh tokens

Operation ID:

RefreshTokens

Invalidate all refresh tokens for a user

Parameters

Name	Key	Required	Type	Description
User Id or Principal Name	id	True	string	Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

Remove Member From Group

Operation ID:

RemoveMemberFromGroup

Remove Member From Group

Parameters

Name	Key	Required	Type	Description
Group Id	groupId	True	string	The Id of the group.
Member Id	memberId	True	string	The Id of the member.

Update user

Operation ID:

UpdateUser

Update the info for a user.

Parameters

Name	Key	Required	Type	Description
User Id or Principal Name	id	True	string	Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').
User Principal Name	userPrincipalName		string	The user principal name (UPN) of the user.
Display Name	displayName		string	The name displayed in the address book for the user.
Mail Nickname	mailNickname		string	The mail alias for the user.
Given Name	givenName		string	The given name (first name) of the user.
Surname	surname		string	The user's surname (family name or last name).
Account Enabled	accountEnabled		boolean	True if the new account should be enabled.
Job Title	jobTitle		string	The user's job title.
Department	department		string	The name for the department in which the user works.
Mobile Phone	mobilePhone		string	The mobile phone number for the user in any format such as '1 (234) 567-8910'.
Office Location	officeLocation		string	The office location in the user's place of business.
Preferred Language	preferredLanguage		string	The preferred language for the user. Should follow ISO 639-1 Code; for example 'en-US'.
businessPhones	businessPhones		array of string
Additional Properties	customProperties		object	Free form property name and value for this user.
First customizable extension attribute	extensionAttribute1		string	First customizable extension attribute.
Second customizable extension attribute	extensionAttribute2		string	Second customizable extension attribute.
Third customizable extension attribute	extensionAttribute3		string	Third customizable extension attribute.
Fourth customizable extension attribute	extensionAttribute4		string	Fourth customizable extension attribute.
Fifth customizable extension attribute	extensionAttribute5		string	Fifth customizable extension attribute.
Sixth customizable extension attribute	extensionAttribute6		string	Sixth customizable extension attribute.
Seventh customizable extension attribute	extensionAttribute7		string	Seventh customizable extension attribute.
Eighth customizable extension attribute	extensionAttribute8		string	Eighth customizable extension attribute.
Ninth customizable extension attribute	extensionAttribute9		string	Ninth customizable extension attribute.
Tenth customizable extension attribute	extensionAttribute10		string	Tenth customizable extension attribute.
Eleventh customizable extension attribute	extensionAttribute11		string	Eleventh customizable extension attribute.
Twelfth customizable extension attribute	extensionAttribute12		string	Twelfth customizable extension attribute.
Thirteenth customizable extension attribute	extensionAttribute13		string	Thirteenth customizable extension attribute.
Fourteenth customizable extension attribute	extensionAttribute14		string	Fourteenth customizable extension attribute.
Fifteenth customizable extension attribute	extensionAttribute15		string	Fifteenth customizable extension attribute.

Definitions

CreateGroup_Response

Name	Path	Type	Description
@odata.context	@odata.context	string	@odata.context
id	id	string	id
deletedDateTime	deletedDateTime	string	deletedDateTime
classification	classification	string	classification
createdDateTime	createdDateTime	date-time	createdDateTime
description	description	string	description
displayName	displayName	date-time	displayName
groupTypes	groupTypes	array of string	groupTypes
mail	mail	string	mail
mailEnabled	mailEnabled	boolean	mailEnabled
mailNickname	mailNickname	date-time	mailNickname
onPremisesLastSyncDateTime	onPremisesLastSyncDateTime	string	onPremisesLastSyncDateTime
onPremisesSecurityIdentifier	onPremisesSecurityIdentifier	string	onPremisesSecurityIdentifier
onPremisesSyncEnabled	onPremisesSyncEnabled	boolean	onPremisesSyncEnabled
proxyAddresses	proxyAddresses	array of string	proxyAddresses
renewedDateTime	renewedDateTime	date-time	renewedDateTime
securityEnabled	securityEnabled	boolean	securityEnabled
visibility	visibility	string	visibility

GetGroup_Response

Name	Path	Type	Description
Id	id	string	The unique identifier for the group.
Deleted Date Time	deletedDateTime	date-time	Date-time the group was deleted.
Created Date Time	createdDateTime	date-time	Date-time the group was created.
Description	description	string	An optional description for the group.
Display Name	displayName	string	The display name for the group.
Mail	mail	string	The SMTP address for the group.
Mail Enabled	mailEnabled	boolean	True if the group is mail-enabled.
On Premises Last Sync Date Time	onPremisesLastSyncDateTime	date-time	A date-time indicating the last time at which the group was synced with the on-premises directory.
On Premises Sync Enabled	onPremisesSyncEnabled	boolean	True if this group is synced from an on-premises directory.
Security Enabled	securityEnabled	boolean	True if the group is a security group.
Visibility	visibility	string	Visibility of the group (public or private).

GetUser_Response

Name	Path	Type	Description
Id	id	string	A unique identifer for the user.
Business Phones	businessPhones	array of string
Display Name	displayName	string	The name displayed in the address book for the user.
Given Name	givenName	string	The given name (first name) of the user.
Job Title	jobTitle	string	The user's job title.
Mail	mail	string	The SMTP address for the user.
Mobile Phone	mobilePhone	string	The primary cellular telephone number for the user.
Office Location	officeLocation	string	The office location in the user's place of business.
Preferred Language	preferredLanguage	string	The preferred language for the user. Should follow ISO 639-1 Code; for example 'en-US'.
Surname	surname	string	The user's surname (family name or last name).
User Principal Name	userPrincipalName	string	The user principal name (UPN) of the user.

GetMemberGroups_Response

Name	Path	Type	Description
Member Group Id		string	An id of a group the user is a member of.

GetMemberGroups_Response_V2

Name	Path	Type	Description
value	value	GetMemberGroups_Response

GetGroupMembers_Response

Name	Path	Type	Description
Group Members	value	array of GetUser_Response	Array of users that are members of the group.