When you manage user accounts within Power Automate, you can user the Office 365 Users connector, but sometimes the Graph API can give you more possibilities.
Office 365 Users Connector
The Office 365 Users connector gives some help with user management with the following actions:
- Get relevant people
- Get trending documents
- Get user photo
- Get user photo metadata
- Get user profile
- Search for user
- Update my profile
- Update my profile photo
And then the most important of all actions Send an HTTP request (preview)
Send an HTTP request (preview)
As mentioned in yesterday’s introduction to the Graph API within the Power Platform post, some connectors offer the option to use the Graph API without the need for a premium licence. However the permissions available to this action are a bit limited.
When we use the graph API endpoints https://graph.microsoft.com/v1.0/me or https://graph.microsoft.com/v1.0/users the flows will fail with
URI path is not a valid Graph endpoint, path is neither absolute nor relative or resource/object is not supported for this connector. Resources: me,users Objects: messages,mailFolders,events,calendar,calendars,outlook,inferenceClassification. Uri: https://graph.microsoft.com/v1.0/me
However when you use https://graph.microsoft.com/v1.0/me/calendars the expected result is given.
Create, Read, Update and Delete users using the Graph API
First I’m going through the basic CRUD options of user accounts. If you need any help setting up the app registration then please have a read through my Graph API introduction post first.
Looking at the List users documentation the we can view a list of all users using the /users endpoint.
This will return a list of user account details for each user within the tenant.
Ok, that is easy. But what if you want to filter or only want to get some of the information back.
You can use $select as a Query filter and $filter to select items that you want. The syntax here is the same as we have seen for example in get items filter queries.
To create a new user we will have to use the POST method. So far I’ve used the Get Method to retrieve information. The POST method is often used to update or create new data using the Graph API ( or any other API).
Then we can use the same URI/URL as we used before.
And then the details of the user account that we want to create is supplied in the body of the request.
Be careful though, when you run the above action you might see some failures. For example when an account already exists you will get the following error:
Another object with the same value for property userPrincipalName already exists.
So some error handling might be wise. Please use the Try Catch pattern for that.
The next step is to update users.
To Update a user account, we will need to have the user id of the account. You can get this ID from Azure AD, but it is also given when you list users. So quite often you would first query users before updating the user.
Now to delete the user, the Method needs to be changed to DELETE and when my flow runs the user account is deleted.
One other nice feature in the Graph API is the Delta endpoint. The Delta endpoint gives us an overview of all changes to user accounts since the last time we checked the delta endpoint.
In the example below, we are first looking at the https://graph.microsoft.com/v1.0/users/delta endpoint and then using the next link from that called is used to call the delta endpoint again. The second HTTP request will report only the changes.
/me vs users/…
I would like to conclude this post with a small warning. As we use the app registration’s permissions to access the data it is not possible to access /me. if you want to get the data from /me/… you might have to use /users/userid/.. instead.
If you do use /me however you will find the following error message being thrown:
/me request is only valid with delegated authentication flow.