Partilhar via


Azure AD Identity and Access (Preview)

A connector for Azure AD Identity and Access. This connector will contain multiple actions to manage Azure AD Identity and Access. An example of this is for instance inviting guest users. In the future, more actions will be added.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name Microsoft, Daniel Laskewitz
URL https://youtube.com/daniellaskewitz
Email connectorsupport@laskewitz.io
Connector Metadata
Publisher Microsoft, Daniel Laskewitz
Website https://docs.microsoft.com/en-us/graph/api/resources/invitation?view=graph-rest-1.0
Privacy policy https://privacy.microsoft.com/en-us/privacystatement
Categories IT Operations

Microsoft Entra ID Identity and Access

The Graph API is a powerful and very extensive REST API. Using this API, you can create and manage objects (e.g. users, groups etc.) in Microsoft Entra ID, create Microsoft Teams teams, and a lot more.

This connector exposes the Identity and Access resources of the Graph API in the Microsoft Power Platform.

Publisher: Daniel Laskewitz | Sogeti

Pre-requisites

You will need the following to proceed:

  • A Microsoft PowerApps or Microsoft Flow plan with custom connector feature
  • An Azure subscription
  • The Power platform CLI tools

Building the connector

Since the APIs used by the connector are secured by Microsoft Entra ID, we first need to set up a few things in Microsoft Entra ID for connector to securely access them. After this setup, you can create and test the connector.

Set up an Microsoft Entra ID application for your custom connector

Since the connector uses OAuth as authentication type, we first need to register an application in Microsoft Entra ID. This application will be used to get the authorization token required to invoke rest APIs used by the connector on user's behalf. You can read more about this here and follow the steps below:

  1. Create an Microsoft Entra ID application This can be done using [Azure Portal] (https://portal.azure.com), by following the steps here. Once created, note down the value of Application (Client) ID. You will need this later.

  2. Configure (Update) your Microsoft Entra ID application to access the Graph API API This step will ensure that your application can successfully retrieve an access token to invoke Graph API calls on behalf of your users. To do this, follow the steps here. - For redirect URI, use "https://global.consent.azure-apim.net/redirect" - For the credentials, use a client secret (and not certificates). Remember to note the secret down, you will need this later and it is shown only once. - For API permissions, make sure the Graph API "User.Invite.All" permission is added.

At this point, we now have a valid Microsoft Entra ID application that can be used to get permissions from end users and access Microsoft Entra ID. The next step for us is to create a custom connector.

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Create invitation

Create an invitation for an external user.

Create invitation

Create an invitation for an external user.

Parameters

Name Key Required Type Description
Invited User Display Name
invitedUserDisplayName string

The display name of the user being invited.

Invited User Email Address
invitedUserEmailAddress string

The email address of the user being invited.

Email
address string

The email address of the person or entity.

Name
name string

The display name of the person or entity.

Customized Message
customizedMessageBody string

Customized message body you want to send if you don't want the default message.

Message Language
messageLanguage string

The language you want to send the default message in. If the customized message body is specified, this property is ignored, and the message is sent using the customized message body. The language format should be in ISO 639. The default is en-US.

Invited User Type
invitedUserType string

The user type of the user being invited. You can invite as Member if you are a company administrator.

Invite Redirect URL
inviteRedirectUrl string

inviteRedirectUrl

Reset Redemption
resetRedemption boolean

Reset the user's redemption status and reinvite a user while retaining their user identifier, group memberships, and app assignments. This property allows you to enable a user to sign-in using a different email address from the one in the previous invitation.

Send Invitation Message
sendInvitationMessage boolean

Indicates whether an email should be sent to the user being invited.

Returns

Name Path Type Description
Invite Redeem URL
inviteRedeemUrl inviteRedeemUrl

The URL the user can use to redeem their invitation.

Invited User Display Name
invitedUserDisplayName invitedUserDisplayName

The display name of the user being invited.

Invited User Email Address
invitedUserEmailAddress invitedUserEmailAddress

The email address of the user being invited.

Send Invitation Message
sendInvitationMessage sendInvitationMessage

Indicates whether an email should be sent to the user being invited.

invitedUserMessageInfo
invitedUserMessageInfo invitedUserMessageInfo

Additional configuration for the message being sent to the invited user, including customizing message text, language and cc recipient list.

Invite Redirect URL
inviteRedirectUrl inviteRedirectUrl

inviteRedirectUrl

status
status status

The status of the invitation.

Invited User
invitedUser invitedUser

The user created as part of the invitation creation.

Definitions

ccRecipients

Additional recipients the invitation message should be sent to. Currently only 1 additional recipient is supported.

Name Path Type Description
emailAddress
emailAddress emailAddress

The email address object (both display name and email address) of the person or entity.

emailAddress

The email address object (both display name and email address) of the person or entity.

Name Path Type Description
Email
address string

The email address of the person or entity.

Name
name string

The display name of the person or entity.

invitedUser

The user created as part of the invitation creation.

Name Path Type Description
ID
id string

The id of the invited user.

invitedUserDisplayName

The display name of the user being invited.

The display name of the user being invited.

Invited User Display Name
string

invitedUserEmailAddress

The email address of the user being invited.

The email address of the user being invited.

Invited User Email Address
string

invitedUserMessageInfo

Additional configuration for the message being sent to the invited user, including customizing message text, language and cc recipient list.

Name Path Type Description
CC Recipients
ccRecipients ccRecipients

Additional recipients the invitation message should be sent to. Currently only 1 additional recipient is supported.

Customized Message
customizedMessageBody string

Customized message body you want to send if you don't want the default message.

Message Language
messageLanguage string

The language you want to send the default message in. If the customized message body is specified, this property is ignored, and the message is sent using the customized message body. The language format should be in ISO 639. The default is en-US.

inviteRedeemUrl

The URL the user can use to redeem their invitation.

The URL the user can use to redeem their invitation.

Invite Redeem URL
string

inviteRedirectUrl

inviteRedirectUrl

inviteRedirectUrl

Invite Redirect URL
string

sendInvitationMessage

Indicates whether an email should be sent to the user being invited.

Indicates whether an email should be sent to the user being invited.

Send Invitation Message
boolean

status

The status of the invitation.

The status of the invitation.