Close

Azure AD via Logic App and Microsoft Graph

I’ve been playing around a bit with Azure AD. I wanted to able to add a user to Azure AD via a Logic App. I logged in to the Azure Portal with my MSDN account. In the top right corner you can see which directory you’re connected to, which in my case was phvbaars.onmicrosoft.com.

I created a logic app, added a request and then the Azure AD connector. I had to pick an action, so I chose Create User. Next I was asked to sign in. I tried to sign in with my MSDN account phv.baars@planet.nl, but then I received an error stating that I didn’t have the right permissions.

Looking at my Azure Active Directory tenant, I saw the MSDN account was Global Administrator, but this security role was grayed out:

Next I decided to create a new user arjan@phvbaars.onmicrosoft.com and also made this user Global Administrator. This time I could add the Azure AD connector and sign in with account arjan. The only thing you have to do next is fill out the input parameters of the Azure AD Connector. The only parameter that has to be unique is User Principle Name or UPN. UPN’s have a fixed format. It’s basically like an email address with the tenant, i.e. dennis@phvbaars.onmicrosoft.com.

Another interesting piece of technology is Microsoft Graph. With Microsoft Graph you can for instance access a user’s calendar (with the right permissions) and other Office365 applications. But you can also access Azure Active Directory. Microsoft Graph replaces Azure Active Directory Graph. For more information: Microsoft Graph. The official definition: Microsoft Graph is search-based technology underlying Office 365 applications, with an API that developers can tap.

A very interesting feature of Graph is the Graph Explorer, which can be accessed at Graph Explorer. First I had to sign in with account arjan@phvbaars.onmicrosoft.com. Then you can perform all kinds of queries, for example:
https://graph.microsoft.com/v1.0/users/dennis@phvbaars.onmicrosoft.com/?$select=displayName,skills

You can also create a user via Graph. Note that you need the right permissions to do so:

Below is the default user that gets created:
POST https://graph.microsoft.com/v1.0/users (CreateUser)

{
“accountEnabled”: true,
“city”: “Seattle”,
“country”: “United States”,
“department”: “Sales & Marketing”,
“displayName”: “Melissa Darrow”,
“givenName”: “Melissa”,
“jobTitle”: “Marketing Director”,
“mailNickname”: “MelissaD”,
“passwordPolicies”: “DisablePasswordExpiration”,
“passwordProfile”: {
“password”: “Test1234”,
“forceChangePasswordNextSignIn”: false
},
“officeLocation”: “131/1105”,
“postalCode”: “98052”,
“preferredLanguage”: “en-US”,
“state”: “WA”,
“streetAddress”: “9256 Towne Center Dr., Suite 400”,
“surname”: “Darrow”,
“mobilePhone”: “+1 206 555 0110”,
“usageLocation”: “US”,
“userPrincipalName”: “MelissaD@motion10.com”
}

A final word. You can also access the Azure AD Admin Center at AAD Admin Center
Link: active-directory-users-assign-role-azure-portal

Leave a Reply

Your email address will not be published. Required fields are marked *