Verified AI summary ◀▼
Integrate Microsoft Entra ID with action flows to automate workflows and enhance collaboration. Connect using a service account for security, and manage user and group details with actions like Lookup user, Lookup group, Add user to group, and Remove member from group. Follow best practices for secure credential management to protect your identity and access management system.
Connecting Microsoft Entra ID to action builder
Before you can include external actions in your action flows, you must connect the action builder to the external system.
- All external actions performed by an action flow are attributed to the user who connected the external system. Therefore, it's a best practice to use a dedicated service account rather than personal credentials when connecting to each external system.
- All integrations request access to necessary scopes. However, it's important that you review and validate the scopes before authorizing the connection to the external system.
- When managing credentials for API key-based tools, such as OpenAI, it's best to store keys in a secure vault or credential manager.
- In Admin Center, click
Apps and integrations in the sidebar, then select Actions > Action
flows. - Create or edit an action flow.
- Open the step sidebar.
- Under External actions, click Microsoft Entra.
- Click Connect.
- Use Microsoft to authenticate the account.
The following Microsoft Graph API scopes and permissions must be authorized during the OAuth connection process:
User.Read.All,Group.Read.All,GroupMember.Read.All,GroupMember.ReadWrite.All.Note: All external actions performed by an action flow are attributed to the user who connected the external system. Therefore, it is a best practice to use a dedicated service account rather than personal credentials when connecting to each external system.
After you've connected to the system, you'll see an indicator that it's connected and details about the instance you're connected to, as well as the actions available for Microsoft Entra ID.
Using Microsoft Entra ID actions in action flows
Microsoft Entra ID action steps can be used to search users, look up user and group details, manage group memberships, and perform identity management tasks.
Looking up a user
Use the Lookup user action to look up a user.
This action has the following inputs and outputs:
| Variables | |
|---|---|
| Inputs | Required: User IDOptional:
|
| Output | User details such as id,
displayName,
givenName, surname,
mail,
userPrincipalName,
jobTitle
|
Looking up a group
Use the Lookup group action to look up a group.
This action has the following inputs and outputs:
| Variables | |
|---|---|
| Inputs | Required: Group ID
|
| Output |
User details such as |
Adding a user to a group
Use the Add user to group action to add a user to a group.
This action has the following inputs and outputs:
| Variables | |
|---|---|
| Inputs | Required: User ID, Group
ID
|
| Output | Success or failure |
Removing a member from a group
Use the Remove member from group action to remove a member from a group.
This action has the following inputs and outputs:
| Variables | |
|---|---|
| Inputs | Required: User ID, Group
ID
|
| Output | Success or failure |