Add External users to Azure AD Using Power Automate

To add any external user or to share the site with external user, we need to go and share the site with the external users manually. It is good until and unless we need to share it with limited number of users.
But it is not possible to share the site and add the external users on the fly.
This blog will guide you how this can be easily done by using Power Automate in integration with Azure Active directory.

Let’s get started

First we need to create a Power Automate (Flow)

Create user workflow using power automate

Add a trigger action item for HTTP request (Post), so that this flow can be triggered from any type of application. I am going to call this Power Automate by using JavaScript/Typescript in a SPFX form on SharePoint Online.

Add-triger-action

We added this Json Body schema in this post request

{
type“: “object”,
properties“: {
Email“: {
type“: “string”
},
Name“: {
type“: “string”
},
Redirect URL“: {
type“: “string”
},
Message“: {
type“: “string”
},
Group“: {
type“: “string”
}
}
}

Email:  User email
Name:   User name
Redirect URL:   URL to navigate the User to the site, and adds the user in to SharePoint group of this site
Message:   custom message to be send in the invitation email
Group:   SharePoint group name (in which we want to add the external user)

Then add the action item “Set Variable” to add

  • Client Id
  • Client Secret
  • Tenant Id

Values for these above three, you can get from the Azure App. Once we do the App Registration in Azure portal it will give these values.

VAdded another action item to generate the random password

See in below image

add-action-to-generate random password

Add HTTP action trigger post method to generate the access token

generate access token

URL :  https://login.microsoftonline.com/Tenant variable/oauth2/token
Header:
 Key:  content-type    value: application/x-www-form-urlencoded

Body:

grant_type=client_credentials &client_id=Client Id variable&client_secret=ClientSecret variable&resource= https%3A%2F%2Fgraph.microsoft.com

Now add the Action item to parse the Json output of above action

add action item to parse json

Schema sample:


{
type“: “object”,
properties“: {
token_type“: {
type“: “string”
},
expires_in“: {
type“: “string”
},
ext_expires_in“: {
type“: “string”
},
expires_on“: {
type“: “string”
},
not_before“: {
type“: “string”
},
resource“: {
type“: “string”
},
access_token“: {
type“: “string”
}
}
}

Once we get this Access token, we can add the external user in the active directory.

To invite the external user on Active directory we are using Microsoft graph api of invitation

Microsoft graph api of invitation

URL:  https://graph.microsoft.com/v1.0/invitations

HeaderKey :  Authorization    Value:  Bearer AccessToken (token value from Above json Parse)

Body:   {
“invitedUserEmailAddress”: “Email”,
“inviteRedirectUrl”: “Redirect URL”,
“invitedUserDisplayName”: “Name”,
“sendInvitationMessage”: true,
“invitedUserMessageInfo”: {
“customizedMessageBody”: “Message”
}
}

From this the External user will get the email for invitation. Something similar as shown in below image

Azure Active directory

This process can be automated easily using Power Automate.

Related Posts