Name of the Component: EntraIDGraphConnector
Purpose: This OutSystems component integrates with the Microsoft Graph API to retrieve users, groups and roles information from Microsoft Entra ID (formerly Azure Active Directory).
Wrappers (Endpoints) Details:
We are using Microsoft graph API version 0.1.1, and the API Endpoints that are follows,
1. GetUsersList (/users) - Retrieves a list of users in the Azure Entra ID tenant.
2. GetGroupsList (/group)- Fetches all Azure Entra ID groups, including Microsoft 365 groups, security groups, and mail-enabled groups.
3. GetDirectoryRolesList (/directoryRoles) - Returns a list of directory roles that are enabled in the tenant (e.g., Global Admin, User Admin).
4. GetAccessToken (/oauth2/v2.0/token) - Authenticates and returns an OAuth 2.0 token to be used in Graph API requests.
Prerequisites:
You need an Entra ID with login credentials, and to use these APIs, you must have an OutSystems Development Cloud (ODC) Environment.
Note: Please involve your Azure Cloud Admin to assist with the configuration of Entra ID.
Entra ID Configuration:
Follow this step in order to configure the Microsoft Entra ID
1. Register an Application in Entra ID
Go to Azure Portal > Azure Active Directory > App registrations > New registration
Provide a name (e.g., OutSystemsGraphDemo)
Select supported account types (e.g., "Single tenant")
Add a redirect URI (e.g., https:///Home
Click Register
2. Configure API Permissions
Under the registered app:
Go to API permissions > Add a permission
Select Microsoft Graph
Add Delegated permissions or Application permissions depending on your use case:
For user data (e.g., /me/messages) → Use Delegated permissions
For app-only access (e.g., /users) → Use Application permissions
Permissions:
User.Read, Mail.Read, Group.Read.All, Directory.Read.All
Note: In our connector, we’ve used Application Type Permission.
3. Generate a Client Secret
Go to Certificates & secrets > New client secret
Copy the value immediately (it won't be shown again)
Store Client ID, Tenant ID, and Client Secret for use in ODC
Component implementation insights:
The Graph APIs requires the following values,
I. Client ID
II. Client Secret
III. Tenant ID
Note: All the three values should be provided by Azure Entra ID admin.
This component is built as a library in ODC and requires an application to configure and pass setting values. In the app, create a new setting (Site Property) and assign its value via the ODC Portal as explained in steps 4 and 5 of this document.
In the given oml file, you will find the following wrappers
List of Graph APIs
The screenshot below, along with the table, provides information on the wrappers and their descriptions.
Table of Content: Wrappers & their details
S.No
Wrapper Name
Description
1
GetAccessToken
Authorizes access to Microsoft Graph endpoints like /users, /groups, /directoryRoles, etc.
Ensures secure and scoped access to Microsoft 365 and Azure Active Directory resources.
2
GetDirectoryRolesList
To list all active directory roles within the tenant.
To retrieve users or entities assigned to specific roles.
To manage role-based access control in enterprise applications and tools.
3
GetGroupsList
To list all AAD groups in a tenant.
To retrieve metadata and properties of specific groups.
To manage group membership, settings, and ownership.
4
GetUsersList
To list all users in the organization.
This is how the token is obtained
Image: GetAccessToken wrapper
This is how the API is called.
Image: GetUsersList wrapper
Add the Setting, (aka) Site Properties, in the application to enable passing values into the REST APIs created in the library module.
Once the settings are configured, update the values in the ODC Portal.
The image below illustrates how we are passing values as inputs (via structures) to the server actions.
Application Demo
The screenshots below illustrate the data retrieved from the APIs displayed in a table format.
Users Page:
The /users endpoint is one of the most commonly used Microsoft Graph API endpoints. It is designed to retrieve, manage, and interact with user profiles in your Azure Entra ID tenant.
Groups Page:
The /groups endpoint in Microsoft Graph API is used to retrieve information about Azure Entra ID groups, including Microsoft 365 groups, security groups, and mail-enabled groups.
Directory Roles
The /directoryRoles endpoint in Microsoft Graph API is used to retrieve activated Azure Entra ID roles and their associated members. This includes built-in roles such as Global Administrator, User Administrator, and other directory-wide roles assigned to users, groups, or service principals.
Conclusion:
This is the initial implementation of Azure Entra ID integration. We will further enhance the code to improve exception handling and ensure scalability for broader use cases.