Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
LifecycleWorkflows.ReadWrite.CustomTaskExtensions
LifecycleWorkflows.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
LifecycleWorkflows.ReadWrite.CustomTaskExtensions
LifecycleWorkflows.ReadWrite.All
Important
The calling user also requires one of the following Azure Resource Manager roles for the specified Azure Logic App: Logic App contributor, Contributor, or Owner.
Important
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. Lifecycle Workflows Administrator is the least privileged role supported for this operation.
HTTP request
POST /identityGovernance/lifecycleWorkflows/customTaskExtensions
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models.IdentityGovernance;
using Microsoft.Graph.Models;
var requestBody = new CustomTaskExtension
{
DisplayName = "Grant manager access to mailbox and OneDrive",
Description = "Grant manager access to mailbox and OneDrive",
EndpointConfiguration = new LogicAppTriggerEndpointConfiguration
{
OdataType = "#microsoft.graph.logicAppTriggerEndpointConfiguration",
SubscriptionId = "c500b67c-e9b7-4ad2-a90d-77d41385ae55",
ResourceGroupName = "RG-LCM",
LogicAppWorkflowName = "ManagerAccess",
},
AuthenticationConfiguration = new AzureAdTokenAuthentication
{
OdataType = "#microsoft.graph.azureAdTokenAuthentication",
ResourceId = "542dc01a-0b5d-4edc-b3f9-5cfe6393f557",
},
ClientConfiguration = new CustomExtensionClientConfiguration
{
OdataType = "#microsoft.graph.customExtensionClientConfiguration",
MaximumRetries = 1,
TimeoutInMilliseconds = 1000,
},
CallbackConfiguration = new CustomTaskExtensionCallbackConfiguration
{
OdataType = "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration",
TimeoutDuration = TimeSpan.Parse("PT5M"),
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.CustomTaskExtensions.PostAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.models.identitygovernance.CustomTaskExtension customTaskExtension = new com.microsoft.graph.models.identitygovernance.CustomTaskExtension();
customTaskExtension.setDisplayName("Grant manager access to mailbox and OneDrive");
customTaskExtension.setDescription("Grant manager access to mailbox and OneDrive");
LogicAppTriggerEndpointConfiguration endpointConfiguration = new LogicAppTriggerEndpointConfiguration();
endpointConfiguration.setOdataType("#microsoft.graph.logicAppTriggerEndpointConfiguration");
endpointConfiguration.setSubscriptionId("c500b67c-e9b7-4ad2-a90d-77d41385ae55");
endpointConfiguration.setResourceGroupName("RG-LCM");
endpointConfiguration.setLogicAppWorkflowName("ManagerAccess");
customTaskExtension.setEndpointConfiguration(endpointConfiguration);
AzureAdTokenAuthentication authenticationConfiguration = new AzureAdTokenAuthentication();
authenticationConfiguration.setOdataType("#microsoft.graph.azureAdTokenAuthentication");
authenticationConfiguration.setResourceId("542dc01a-0b5d-4edc-b3f9-5cfe6393f557");
customTaskExtension.setAuthenticationConfiguration(authenticationConfiguration);
CustomExtensionClientConfiguration clientConfiguration = new CustomExtensionClientConfiguration();
clientConfiguration.setOdataType("#microsoft.graph.customExtensionClientConfiguration");
clientConfiguration.setMaximumRetries(1);
clientConfiguration.setTimeoutInMilliseconds(1000);
customTaskExtension.setClientConfiguration(clientConfiguration);
com.microsoft.graph.models.identitygovernance.CustomTaskExtensionCallbackConfiguration callbackConfiguration = new com.microsoft.graph.models.identitygovernance.CustomTaskExtensionCallbackConfiguration();
callbackConfiguration.setOdataType("#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration");
PeriodAndDuration timeoutDuration = PeriodAndDuration.ofDuration(Duration.parse("PT5M"));
callbackConfiguration.setTimeoutDuration(timeoutDuration);
customTaskExtension.setCallbackConfiguration(callbackConfiguration);
com.microsoft.graph.models.identitygovernance.CustomTaskExtension result = graphClient.identityGovernance().lifecycleWorkflows().customTaskExtensions().post(customTaskExtension);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\IdentityGovernance\CustomTaskExtension;
use Microsoft\Graph\Generated\Models\LogicAppTriggerEndpointConfiguration;
use Microsoft\Graph\Generated\Models\AzureAdTokenAuthentication;
use Microsoft\Graph\Generated\Models\CustomExtensionClientConfiguration;
use Microsoft\Graph\Generated\Models\IdentityGovernance\CustomTaskExtensionCallbackConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new CustomTaskExtension();
$requestBody->setDisplayName('Grant manager access to mailbox and OneDrive');
$requestBody->setDescription('Grant manager access to mailbox and OneDrive');
$endpointConfiguration = new LogicAppTriggerEndpointConfiguration();
$endpointConfiguration->setOdataType('#microsoft.graph.logicAppTriggerEndpointConfiguration');
$endpointConfiguration->setSubscriptionId('c500b67c-e9b7-4ad2-a90d-77d41385ae55');
$endpointConfiguration->setResourceGroupName('RG-LCM');
$endpointConfiguration->setLogicAppWorkflowName('ManagerAccess');
$requestBody->setEndpointConfiguration($endpointConfiguration);
$authenticationConfiguration = new AzureAdTokenAuthentication();
$authenticationConfiguration->setOdataType('#microsoft.graph.azureAdTokenAuthentication');
$authenticationConfiguration->setResourceId('542dc01a-0b5d-4edc-b3f9-5cfe6393f557');
$requestBody->setAuthenticationConfiguration($authenticationConfiguration);
$clientConfiguration = new CustomExtensionClientConfiguration();
$clientConfiguration->setOdataType('#microsoft.graph.customExtensionClientConfiguration');
$clientConfiguration->setMaximumRetries(1);
$clientConfiguration->setTimeoutInMilliseconds(1000);
$requestBody->setClientConfiguration($clientConfiguration);
$callbackConfiguration = new CustomTaskExtensionCallbackConfiguration();
$callbackConfiguration->setOdataType('#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration');
$callbackConfiguration->setTimeoutDuration(new \DateInterval('PT5M'));
$requestBody->setCallbackConfiguration($callbackConfiguration);
$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->customTaskExtensions()->post($requestBody)->wait();