Find identity object IDs for authentication configuration in Azure API for FHIR
Important
Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR® service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.
In this article, learn how to find the identity object IDs needed to configure the Azure API for FHIR service to use an external or secondary Active Directory tenant for data plane.
Find user object ID
If you have a user with user name myuser@contoso.com, you can locate the user's ObjectId by using a Microsoft Graph PowerShell command or the Azure Command-Line Interface (CLI) as follows.
$(Get-MgUser -Filter "UserPrincipalName eq 'myuser@contoso.com'").Id
Find service principal object ID
If you registered a service client app and you want to allow this service client to access the Azure API for FHIR. Find the object ID for the client service principal with a Microsoft Graph PowerShell command or the Azure CLI as follows.
$(Get-MgServicePrincipal -Filter "AppId eq 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'").Id
Where XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX is the service client application ID. Alternatively, you can use the DisplayName of the service client:
$(Get-MgServicePrincipal -Filter "DisplayName eq 'testapp'").Id
Find a security group object ID
If you would like to locate the object ID of a security group, you can use a Microsoft Graph PowerShell command or the Azure CLI as follows.
$(Get-MgGroup -Filter "DisplayName eq 'mygroup'").Id
Where mygroup is the name of the group you're interested in.
Next steps
Note
FHIR® is a registered trademark of HL7 and is used with the permission of HL7.