CommunityForgeAssets listEntraIDGraphConnector
entraidgraphconnector
Service icon

EntraIDGraphConnector

Stable version 1.0.0 (Compatible with OutSystems 11)
Uploaded
 on 6 May (23 hours ago)
 by 
0.0
 (0 ratings)
entraidgraphconnector

EntraIDGraphConnector

Documentation
1.0.0

Name of the Component: EntraIDGraphConnector 

Purpose: This OutSystems component integrates with the Microsoft Graph API to retrieve users, groups and roles information from Microsoft Entra ID (formerly Azure Active Directory). 

Wrappers (Endpoints) Details: 

We are using Microsoft graph API version 0.1.2, and the API Endpoints that are follows, 

      1. GetUsersList (/users) - Retrieves a list of users in the Azure Entra ID tenant. 

      2. GetGroupsList  (/group)- Fetches all Azure Entra ID groups, including Microsoft 365 groups, security groups, and mail-enabled groups. 

      3. GetDirectoryRolesList (/directoryRoles) - Returns a list of directory roles that are enabled in the tenant (e.g., Global Admin, User Admin). 

    4. GetAccessToken (/oauth2/v2.0/token) - Authenticates and returns an OAuth 2.0 token to be used in Graph API requests. 

Prerequisites: 

      You need an Azure Entra ID with login credentials, and to use these APIs, you must have an OutSystems Development (O11) Environment. 

      Note: Please involve your Azure Cloud Admin to assist with the configuration of Entra ID. 

Entra ID Configuration: 

      Follow these steps in order to configure the Microsoft Entra ID      

 

      1. Register an Application in Entra ID 

                    Go to Azure Portal > Azure Active Directory > App registrations > New registration 

  • Provide a name (e.g., OutSystemsGraphDemo) 

  • Select supported account types (e.g., "Single tenant") 

  • Add a redirect URI (e.g., https://<YourOdcEnvironmentDomain>/Home 

  • Click Register 

 

 

    2. Configure API Permissions 

Under the registered app: 

  • Go to API permissions > Add a permission 

  • Select Microsoft Graph 

  • Add Delegated permissions or Application permissions depending on your use case: 

  • For user data (e.g., /me/messages) → Use Delegated permissions 

  • For app-only access (e.g., /users) → Use Application permissions 

  • Permissions: 

  • User.Read, Mail.Read, Group.Read.All, Directory.Read.All 

Note: In our connector, we’ve used Application Type Permission. 

      3. Generate a Client Secret 

  • Go to Certificates & secrets > New client secret 

  • Copy the value immediately (it won't be shown again) 

  • Store Client ID, Tenant ID, and Client Secret for use in OutSystems 

 

Component implementation insights: 

        The Graph APIs requires the following values,  

I. Client ID 

II. Client Secret 

III. Tenant ID  

      Note: All the three values should be provided by Azure Entra ID admin. 

This component is implemented as a service in OutSystems 11 (O11) and requires configuration values to be assigned to the Site Properties variable through the OutSystems Service Center. The detailed steps for this process are outlined in steps 4 and 5 of this document. 

 

  In the given oml file, you will find the following wrappers 

 

 

  1. List of Graph APIs 

 

The screenshot below, along with the table, provides information on the wrappers and their descriptions. 

Picture 

Table of Content: Wrappers & their details 

S.No 

Wrapper Name 

Description 

GetAccessToken 

  • Authorizes access to Microsoft Graph endpoints like /users, /groups, /directoryRoles, etc. 

  • Ensures secure and scoped access to Microsoft 365 and Azure Entra ID resources. 

 

GetDirectoryRolesList 

  • To list all active directory roles within the tenant.  

  • To retrieve users or entities assigned to specific roles.  

  • To manage role-based access control in enterprise applications and tools. 

 

GetGroupsList 

  • To list all Azure Entra ID groups in a tenant. 

  • To retrieve metadata and properties of specific groups. 

  • To manage group membership, settings, and ownership. 

 

GetUsersList 

  • To list all users in the organization. 

 

  1. This is how the token is obtained 

Picture 

Image: GetAccessToken wrapper 

 

  1. This is how the API is called. 

PictureImage: GetUsersList wrapper

 

 

 

  1. Add the required Site Properties to enable passing configuration values into the REST APIs defined in the service module. 

 

Picture 

  1. Once the site properties are configured, update the values in the OutSystems Service Center. 

Inserting image..., Picture 

  1. The image below illustrates how the response (via structures) would look like from the server actions. 

Picture 

 

Application Demo 

The screenshots below illustrate the data retrieved from the APIs displayed in a table format. 

  1. Users Page: 

The /users endpoint is one of the most commonly used Microsoft Graph API endpoints. It is designed to retrieve, manage, and interact with user profiles in your Azure Entra ID tenant. 

                             Picture 

 

  1. Groups Page: 

The /groups endpoint in Microsoft Graph API is used to retrieve information about Azure Entra ID groups, including Microsoft 365 groups, security groups, and mail-enabled groups. 

            Picture 

 

  1. Directory Roles 

The /directoryRoles endpoint in Microsoft Graph API is used to retrieve activated Azure Entra ID roles and their associated members. This includes built-in roles such as Global Administrator, User Administrator, and other directory-wide roles assigned to users, groups, or service principals. 

            Picture 

 

Conclusion: 

This is the initial implementation of Azure Entra ID integration. We will further enhance the code to improve exception handling and ensure scalability for broader use cases.