Automating Azure AD B2B Invites with Approval Workflow

Ok – Now back to the Flow!

So far, all we’ve done in the Flow is add the Form trigger and choose our Form. Now we need to add all of our actions. The first thing we need to do is create three variables to store our Tenant ID, Application ID and Application Secret. These were all provided when we created our Registered App in Azure AD.

Add a new step and find the Initialize a Variable action. Now do that two more times. Fill in the values like shown below.

NOTE: To make your Flow easy to read, you should click on the elipsis (…) on each item and rename it to something useful. Doing this after you’ve already created your Flow will break things so do it as you add items.

Now we want to get the response details from the submitted form. Add a Get response details action and choose the form and details to grab.

The next thing we’re going to do is authenticate to the Microsoft Graph API and get an access token. The access token will be used every time we make a call to the Microsoft Graph API

Add an action directly after the Get response details and choose HTTP

Make it look like the image above. We’re crafting an API call to the Microsoft Graph API to get an access token. I’ll include the body text below, just modify the variable names if you used something different.

[email protected]{variables('AppID')}[email protected]{variables('AppSecret')}&grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default

Now, we need to parse the JSON response that the Microsoft Graph API returns so we can use the values later. Add another action and choose the Parse JSON action. For the Content, choose the Body from the Get Access Token action. I’ve included the full Schema below as well.

{
    "properties": {
        "access_token": {
            "type": "string"
        },
        "expires_in": {
            "type": "integer"
        },
        "ext_expires_in": {
            "type": "integer"
        },
        "token_type": {
            "type": "string"
        }
    },
    "type": "object"
}

Now that we have our access token, we’re going to check to see if the user being requested already exists in the Azure AD tenant. If so, there is no need to proceed with requesting approvals. We’ll just notify the requester that the users already exists.

Add another HTTP action, this time we’re calling the Microsoft Graph API to check if an account with the same email address already exists. Make your HTTP action look like the one below.

Now we need to parse the response that is returned. Add another Parse JSON action and use the Body of the Check if User Exists action as the content. I included the schema below.

{
    "type": "object",
    "properties": {
        "@@odata.context": {
            "type": "string"
        },
        "value": {
            "type": "array",
            "items": {
                "type": "object",
                "properties": {
                    "businessPhones": {
                        "type": "array"
                    },
                    "displayName": {
                        "type": "string"
                    },
                    "givenName": {},
                    "jobTitle": {},
                    "mail": {
                        "type": "string"
                    },
                    "mobilePhone": {},
                    "officeLocation": {},
                    "preferredLanguage": {},
                    "surname": {},
                    "userPrincipalName": {
                        "type": "string"
                    },
                    "id": {
                        "type": "string"
                    }
                },
                "required": [
                    "businessPhones",
                    "displayName",
                    "givenName",
                    "jobTitle",
                    "mail",
                    "mobilePhone",
                    "officeLocation",
                    "preferredLanguage",
                    "surname",
                    "userPrincipalName",
                    "id"
                ]
            }
        }
    }
}

Hop on over to page 3 for more…