Azure AD - Connectors (2023)

Table of Contents
In this article Known issues and limitations Creating a connection Default Throttling Limits Actions Add user to group Assign manager Check group membership (V2) Check group membership [DEPRECATED] Create group Create Office 365 group Create security group Create user Get group Get group members Get groups of a user (V2) Get groups of a user [DEPRECATED] Get user Refresh tokens Remove Member From Group Update user Definitions CreateGroup_Response GetGroup_Response GetUser_Response GetMemberGroups_Response GetMemberGroups_Response_V2 GetGroupMembers_Response Videos
  • Reference

Azure AD - Connectors (1)

Azure Active Directory is an Identity and Access Management cloud solution that extends your on-premises directories to the cloud and provides single sign-on to thousands of cloud (SaaS) apps and access to web apps you run on-premises.

This connector is available in the following products and regions:

ServiceClassRegions
Logic AppsStandardAll Logic Apps regions
Power AutomateStandardAll Power Automate regions
Power AppsStandardAll Power Apps regions
Contact
NameMicrosoft
URLhttps://support.microsoft.com
Connector Metadata
PublisherMicrosoft
Privacy policyhttps://privacy.microsoft.com/privacystatement
Websitehttps://azure.microsoft.com/services/active-directory
CategoriesIT Operations;Security

To use this integration, you will need access to an Azure Active Directory account with sufficient privileges. To make a connection, select Sign In. You will be prompted to provide your account information, follow the remainder of the screens to create a connection.

To use the Azure AD connector, the account needs to have the following administrator permissions:

  • Group.ReadWrite.All
  • User.ReadWrite.All
  • Directory.ReadWrite.All

More information on Graph permissions and how to configure them can be found here.

You're now ready to start using this integration.

Known issues and limitations

  1. The connector does not return custom attributes of Azure AD entities.
  2. The connector does not support Mail-Enabled Security groups.
  3. AAD group with the attribute "isAssignableToRole" are not supported for now.
  4. If you have deployed Azure Conditional Access (Azure AD MFA) the connector will not work as expected. To workaround this issue, see this solution.

Creating a connection

The connector supports the following authentication types:

DefaultParameters for creating connection.All regionsNot shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Throttling Limits

NameCallsRenewal Period
API calls per connection20060 seconds

Actions

Add user to group

Add a user to a group in this AAD tenant.

Assign manager

Assign a manager for a user.

Check group membership (V2)

If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.

Check group membership [DEPRECATED]

This action has been deprecated. Please use Check group membership (V2) instead.

If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.

Create group

Create a group in your AAD tenant.

Create Office 365 group

Create an Office 365 group in your AAD tenant.

Create security group

Create a security group in your AAD tenant.

Create user

Create a new user in your AAD tenant.

Get group

Get details for a group.

Get group members

Get the users who are members of a group. You can query up to 1000 items using the Top parameter. If you need to retrieve more than 1000 values, please turn on the Settings->Pagination feature and provide a Threshold limit.

Get groups of a user (V2)

Get the groups a user is a member of.

Get groups of a user [DEPRECATED]

This action has been deprecated. Please use Get groups of a user (V2) instead.

Get the groups a user is a member of.

Get user

Get details for a user.

Refresh tokens

Invalidate all refresh tokens for a user

Remove Member From Group

Remove Member From Group

Update user

Update the info for a user.

Add user to group

Operation ID:
AddUserToGroup

Add a user to a group in this AAD tenant.

(Video) How To Install and Configure Azure AD Connect

Parameters

NameKeyRequiredTypeDescription

Group Id

idTruestring

Unique identifer of a group (Ex. '40639f36-46a6-73a6-91e2-9584b7913429').

User Id

@odata.idTruestring

Unique identifer of a user (Ex. '5e6cf5c7-b511-4842-6aae-3f6b8ae5e95b').

Assign manager

Operation ID:
AssignManager

Assign a manager for a user.

Parameters

NameKeyRequiredTypeDescription

User Id or Principal Name

idTruestring

Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

User Id of the Manager

@odata.idTruestring

Unique identifer of a manager (Ex. '5f6cf5c7-a561-4842-9aae-3e6d8ce5e95b').

Check group membership (V2)

If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.

Parameters

NameKeyRequiredTypeDescription

User Id or Principal Name

idTruestring

Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

Group Id

groupIdsstring

Unique identifier for the group (Ex. '40649f36-46b6-46a6-95e1-9454b7433219').

Returns

Body
GetMemberGroups_Response_V2

Check group membership [DEPRECATED]

Operation ID:
CheckMemberGroups

This action has been deprecated. Please use Check group membership (V2) instead.

If the user is a member of the given group, the result will contain the given id. Otherwise the result will be empty.

Parameters

NameKeyRequiredTypeDescription

User Id or Principal Name

idTruestring

Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

Group Id

groupIdsstring

Unique identifier for the group (Ex. '40649f36-46b6-46a6-95e1-9454b7433219').

Returns

Items
GetMemberGroups_Response

Create group

Operation ID:
CreateGroup

Create a group in your AAD tenant.

Parameters

NameKeyRequiredTypeDescription

Display Name

displayNameTruestring

Display name of the new group.

Description

descriptionTruestring

Description of the new group.

Mail Nickname

mailNicknameTruestring

The mail alias of the new group.

groupTypes

groupTypesstring

Choose 'Unified' for an O365 group. Choose 'None' for a security group.

Security Enabled

securityEnabledTrueboolean

True if the new group is a security group.

Mail Enabled

mailEnabledTrueboolean

True if the new group is a mailing group.

Returns

Body
CreateGroup_Response
(Video) What is Azure AD Connect | Benefits of Azure AD Connect | What is Hybrid Identity model

Create Office 365 group

Operation ID:
CreateOffice365Group

Create an Office 365 group in your AAD tenant.

Parameters

NameKeyRequiredTypeDescription

Display Name

displayNameTruestring

Display name of the new group.

Description

descriptionTruestring

Description of the new group.

Mail Nickname

mailNicknameTruestring

The mail alias of the new group.

groupTypes

groupTypesstring

For Office 365, group type is 'Unified'.

Security Enabled

securityEnabledTrueboolean

True if the new group is a security group.

Mail Enabled

mailEnabledTrueboolean

True if the new group is a mailing group.

Returns

Body
CreateGroup_Response

Create security group

Operation ID:
CreateSecurityGroup

Create a security group in your AAD tenant.

Parameters

NameKeyRequiredTypeDescription

Display Name

displayNameTruestring

Display name of the new group.

Description

descriptionTruestring

Description of the new group.

Mail Nickname

mailNicknameTruestring

The mail alias of the new group.

Security Enabled

securityEnabledTrueboolean

True if the new group is a security group.

Mail Enabled

mailEnabledTrueboolean

True if the new group is a mailing group.

Returns

Body
CreateGroup_Response

Create user

Operation ID:
CreateUser

Create a new user in your AAD tenant.

Parameters

NameKeyRequiredTypeDescription

Account Enabled

accountEnabledTrueboolean

True if the new account should be enabled when it is created.

Display Name

displayNameTruestring

The name displayed in the address book for the user.

Mail Nickname

mailNicknameTruestring

The mail alias for the user.

Password

passwordTruestring

The password for the user. The user will be required to change the password on the next login.

User Principal Name

userPrincipalNameTruestring

The user principal name (UPN) of the user.

Given Name

givenNamestring

The user's given name (first name).

Surname

surnamestring

The user's surname (family name or last name).

Business Phone

businessPhonesstring

Business phone number for the new user in any format such as '1 (234) 567-8910'.

Department

departmentstring

The name for the department in which the user works.

Job Title

jobTitlestring

The user's job title.

Mobile Phone

mobilePhonestring

The mobile phone number for the user in any format such as '1 (234) 567-8910'.

Office Location

officeLocationstring

The office location in the user's place of business.

Preferred Language

preferredLanguagestring

The preferred language for the user. Should follow ISO 639-1 Code; for example 'en-US'.

Returns

Body
GetUser_Response

Get group

Operation ID:
GetGroup

Get details for a group.

Parameters

NameKeyRequiredTypeDescription

Group Id

idTruestring

Unique identifer of a group (Ex. '40639f36-46a6-73a6-91e2-9584b7913429').

Returns

Body
GetGroup_Response
(Video) PowerApps (Azure AD Connector) Manage App Permissions

Get group members

Operation ID:
GetGroupMembers

Get the users who are members of a group. You can query up to 1000 items using the Top parameter. If you need to retrieve more than 1000 values, please turn on the Settings->Pagination feature and provide a Threshold limit.

Parameters

NameKeyRequiredTypeDescription

Group Id

idTruestring

Unique identifer of a group (Ex. '40639f36-46a6-73a6-91e2-9584b7913429').

Top

$topinteger

Limit on the number of results to return (from 1 to 999, default is 100).

Returns

Body
GetGroupMembers_Response

Get groups of a user (V2)

Operation ID:
GetMemberGroupsV2

Get the groups a user is a member of.

Parameters

NameKeyRequiredTypeDescription

User Id or Principal Name

idTruestring

Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

Security Enabled Only

securityEnabledOnlyTrueboolean

Determines if only security enabled groups should be fetched.

Returns

Body
GetMemberGroups_Response_V2

Get groups of a user [DEPRECATED]

Operation ID:
GetMemberGroups

This action has been deprecated. Please use Get groups of a user (V2) instead.

Get the groups a user is a member of.

Parameters

NameKeyRequiredTypeDescription

User Id or Principal Name

idTruestring

Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

Security Enabled Only

securityEnabledOnlyTrueboolean

Determines if only security enabled groups should be fetched.

Returns

Items
GetMemberGroups_Response

Get user

Operation ID:
GetUser

Get details for a user.

(Video) Power Apps Azure Active Directory (AD) Connector Integration Example

Parameters

NameKeyRequiredTypeDescription

User Id or Principal Name

idTruestring

Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

Returns

Body
GetUser_Response

Refresh tokens

Operation ID:
RefreshTokens

Invalidate all refresh tokens for a user

Parameters

NameKeyRequiredTypeDescription

User Id or Principal Name

idTruestring

Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

Remove Member From Group

Operation ID:
RemoveMemberFromGroup

Remove Member From Group

Parameters

NameKeyRequiredTypeDescription

Group Id

groupIdTruestring

The Id of the group.

Member Id

memberIdTruestring

The Id of the member.

Update user

Operation ID:
UpdateUser

Update the info for a user.

Parameters

NameKeyRequiredTypeDescription

User Id or Principal Name

idTruestring

Unique identifier of a user (Ex. 'user@tennant.onmicrosoft.com' or '5f6ce5c7-b521-4842-9bbe-3f6d5aa5e35b').

User Principal Name

userPrincipalNamestring

The user principal name (UPN) of the user.

Display Name

displayNamestring

The name displayed in the address book for the user.

Mail Nickname

mailNicknamestring

The mail alias for the user.

Given Name

givenNamestring

The given name (first name) of the user.

Surname

surnamestring

The user's surname (family name or last name).

Account Enabled

accountEnabledboolean

True if the new account should be enabled.

Job Title

jobTitlestring

The user's job title.

Department

departmentstring

The name for the department in which the user works.

Mobile Phone

mobilePhonestring

The mobile phone number for the user in any format such as '1 (234) 567-8910'.

Office Location

officeLocationstring

The office location in the user's place of business.

Preferred Language

preferredLanguagestring

The preferred language for the user. Should follow ISO 639-1 Code; for example 'en-US'.

Business Phone

businessPhonesstring

Business phone number for the new user in any format such as '1 (234) 567-8910'.

First customizable extension attribute

extensionAttribute1string

First customizable extension attribute.

Second customizable extension attribute

extensionAttribute2string

Second customizable extension attribute.

Third customizable extension attribute

extensionAttribute3string

Third customizable extension attribute.

Fourth customizable extension attribute

extensionAttribute4string

Fourth customizable extension attribute.

Fifth customizable extension attribute

extensionAttribute5string

Fifth customizable extension attribute.

Sixth customizable extension attribute

extensionAttribute6string

Sixth customizable extension attribute.

Seventh customizable extension attribute

extensionAttribute7string

Seventh customizable extension attribute.

Eighth customizable extension attribute

extensionAttribute8string

Eighth customizable extension attribute.

Ninth customizable extension attribute

extensionAttribute9string

Ninth customizable extension attribute.

Tenth customizable extension attribute

extensionAttribute10string

Tenth customizable extension attribute.

Eleventh customizable extension attribute

extensionAttribute11string

Eleventh customizable extension attribute.

Twelfth customizable extension attribute

extensionAttribute12string

Twelfth customizable extension attribute.

Thirteenth customizable extension attribute

extensionAttribute13string

Thirteenth customizable extension attribute.

Fourteenth customizable extension attribute

extensionAttribute14string

Fourteenth customizable extension attribute.

Fifteenth customizable extension attribute

extensionAttribute15string

Fifteenth customizable extension attribute.

Definitions

CreateGroup_Response

NamePathTypeDescription

@odata.context

@odata.contextstring

@odata.context

id

idstring

id

deletedDateTime

deletedDateTimestring

deletedDateTime

classification

classificationstring

classification

createdDateTime

createdDateTimedate-time

createdDateTime

description

descriptionstring

description

displayName

displayNamedate-time

displayName

groupTypes

groupTypesarray of string

groupTypes

mail

mailstring

mail

mailEnabled

mailEnabledboolean

mailEnabled

mailNickname

mailNicknamedate-time

mailNickname

onPremisesLastSyncDateTime

onPremisesLastSyncDateTimestring

onPremisesLastSyncDateTime

onPremisesSecurityIdentifier

onPremisesSecurityIdentifierstring

onPremisesSecurityIdentifier

onPremisesSyncEnabled

onPremisesSyncEnabledboolean

onPremisesSyncEnabled

proxyAddresses

proxyAddressesarray of string

proxyAddresses

renewedDateTime

renewedDateTimedate-time

renewedDateTime

securityEnabled

securityEnabledboolean

securityEnabled

visibility

visibilitystring

visibility

GetGroup_Response

NamePathTypeDescription

Id

idstring

The unique identifier for the group.

Deleted Date Time

deletedDateTimedate-time

Date-time the group was deleted.

Created Date Time

createdDateTimedate-time

Date-time the group was created.

Description

descriptionstring

An optional description for the group.

Display Name

displayNamestring

The display name for the group.

Mail

mailstring

The SMTP address for the group.

Mail Enabled

mailEnabledboolean

True if the group is mail-enabled.

On Premises Last Sync Date Time

onPremisesLastSyncDateTimedate-time

A date-time indicating the last time at which the group was synced with the on-premises directory.

On Premises Sync Enabled

onPremisesSyncEnabledboolean

True if this group is synced from an on-premises directory.

Security Enabled

securityEnabledboolean

True if the group is a security group.

Visibility

visibilitystring

Visibility of the group (public or private).

GetUser_Response

NamePathTypeDescription

Id

idstring

A unique identifer for the user.

Business Phones

businessPhonesarray of string

Display Name

displayNamestring

The name displayed in the address book for the user.

Given Name

givenNamestring

The given name (first name) of the user.

Job Title

jobTitlestring

The user's job title.

Mail

mailstring

The SMTP address for the user.

Mobile Phone

mobilePhonestring

The primary cellular telephone number for the user.

Office Location

officeLocationstring

The office location in the user's place of business.

Preferred Language

preferredLanguagestring

The preferred language for the user. Should follow ISO 639-1 Code; for example 'en-US'.

Surname

surnamestring

The user's surname (family name or last name).

User Principal Name

userPrincipalNamestring

The user principal name (UPN) of the user.

GetMemberGroups_Response

NamePathTypeDescription

Member Group Id

string

An id of a group the user is a member of.

GetMemberGroups_Response_V2

NamePathTypeDescription

value

valueGetMemberGroups_Response

GetGroupMembers_Response

NamePathTypeDescription

Group Members

valuearray of GetUser_Response

Array of users that are members of the group.

(Video) Azure AD Connect Cloud Sync overview

Videos

1. Fetch azure groups in PowerApps using PowerApps Azure AD Connectors
(SharePoint Guru -Rajkiran Swain)
2. Power Apps: Add a User using Azure AD Connector
(Daniel Christian)
3. Azure AD Connect Architecture | What is Sync Engine | What is Connector Space and Metaverse
(Office 365 Concepts)
4. Identity Architecture: Azure AD Connect | Azure Active Directory
(Microsoft Azure)
5. Getting Started with Azure AD App Proxy
(Travis Roberts)
6. E23 - Azure Logic Apps - Azure Active Directory Connector
(BizTalk360)
Top Articles
Latest Posts
Article information

Author: Jonah Leffler

Last Updated: 02/09/2023

Views: 6830

Rating: 4.4 / 5 (65 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Jonah Leffler

Birthday: 1997-10-27

Address: 8987 Kieth Ports, Luettgenland, CT 54657-9808

Phone: +2611128251586

Job: Mining Supervisor

Hobby: Worldbuilding, Electronics, Amateur radio, Skiing, Cycling, Jogging, Taxidermy

Introduction: My name is Jonah Leffler, I am a determined, faithful, outstanding, inexpensive, cheerful, determined, smiling person who loves writing and wants to share my knowledge and understanding with you.