3.4 KiB
Azure Active Directory Connector
Azure Active Directory provides a powerful and very extensive REST API. Using this API, you can create and manage objects (e.g. users, groups etc.) in Azure Active Directory. This connector exposes a subset of these APIs as operations in Microsoft Flow and PowerApps.
Pre-requisites
You will need the following to proceed:
- A Microsoft PowerApps or Microsoft Flow plan with custom connector feature
- An Azure subscription
- The Power platform CLI tools
Building the connector
Since the APIs used by the connector are secured by Azure Active Directory (AD), we first need to set up a few thing in Azure AD for connector to securely access them. After this setup, you can create and test the connector.
Set up an Azure AD application for your custom connector
Since the connector uses OAuth as authentication type, we first need to register an application in Azure AD. This application will be used to get the authorization token required to invoke rest APIs used by the connector on user's behalf. You can read more about this here and follow the steps below:
-
Create an Azure AD application This can be done using [Azure Portal] (https://portal.azure.com), by following the steps here. Once created, note down the value of Application (Client) ID. You will need this later.
-
Configure (Update) your Azure AD application to access the Azure Active Directory API This step will ensure that your application can successfully retrieve an access token to invoke Azure Active Directory rest APIs on behalf of your users. To do this, follow the steps here.
- For redirect URI, use "https://global.consent.azure-apim.net/redirect"
- For the credentials, use a client secret (and not certificates). Remember to note the secret down, you will need this later and it is shown only once.
- For API permissions, make sure "Azure Active Directory" and "user_impersonation" are added.
At this point, we now have a valid Azure AD application that can be used to get permissions from end users and access Azure Active Directory. The next step for us is to create a custom connector.
Deploying the sample
Run the following commands and follow the prompts:
paconn create --api-def apiDefinition.swagger.json --api-prop apiProperties.json --secret <client_secret>
Supported Operations
The connector supports the following operations:
Create Office 365 group
: Create an Office 365 group in your AAD tenantCreate Security group
: Create a security group in your AAD tenantGet group
: Get details for a groupGet user
: Get details for a userGet groups of a user
: Get the groups a user is a member ofCreate user
: Create a new user in your AAD tenantGet group members
: Get the users who are members of a groupRemove Member From Group
: Remove Member From GroupAdd user to group
: Add a user to a group in this AAD tenantCheck group membership
: If the user is a member of the given group, the result will contain the given id. Otherwise the result will be emptyAssign manager
: Assign a manager for a userUpdate user
: Update the info for a user