Using Graph API In Power Automate

Introduction

Power Automate have recently released certain actions where interacting with Graph API is much simpler. Previously it is required to have the following steps

• Creating Azure AD App
• Defining the scopes for the APP
• Generating client ID and client secret or certificates for authentication
• Using premium connection ‘Send http request’ and decorating the request body with valid parameters for proper authentication and response content.

Now using the standard action provided by MSFT in Power Automate, the interaction with Graph API became much simpler. Let’s see this in action.

Use Case

The use case here is that we will design a power automate to list the group members in Office 365 group or Azure AD group and then get the count of members.

Before designing the flow, we need to know what Graph API requests are available to us to interact with Office 365 groups/Azure AD groups.

Getting request using Graph Explorer

Step 1: Login to graph explorer with your organization account.

https://developer.microsoft.com/en-us/graph/graph-explorer

Step 2: Click on the sign-in

Step 3: Validate if you are getting proper responses by clicking on ‘Getting Started’ and choosing available sample queries. In this case I am clicking on ‘my profile’.

You can see the similar response below on successful authentication.

Step 4: Under ‘Groups’ category under sample requests, we have Get direct members of group. Select the request.

Step 5: If you noticed, it generates a sample request and also gives you a heads-up to update the group-id. You can obtain group id from the azure portal.

In this case, I am modifying the request by updating group id in the request and it looks like below.

Step 6: Now on successful authentication I was getting the following response.

Note: Please note that you need to have certain scopes added to permissions and those permissions needed to be consented by admin in some cases. Which means the permissions required to get the successful response are more than those permissible. In such cases a global admin needs to consent to those permissions and only after that you will get successful responses. If the scopes are not properly defined, you would get 403 forbidden responses. You can also check the api permissions under ‘Modify permissions.

To get the members of the group we need API permission scope ‘GroupMember.Read.All’ and this permission needs Admin consent.

Copy the request URL from the Graph explorer, you need to use this in Power Automate.

Designing Flow

Now we will go to Power Automate and design our flow.

Step 1: Login to Power Automate https://make.powerautomate.com/ using the organization account and select My Flows à Instant cloud flow.

Step 2: For this use case I am selecting Manual trigger and then giving a name and then click on create.

Step 3: Now chose ‘Add Action’ and select Invoke HTTP request. Observe that this is ‘Premium’ connection. There could be some scenarios where the graph explorer does not have sample request queries, how ever you can construct the api request as per MSFT documentation.

Note: Though, there is list group members available, but to show case how we can use Graph API by http action I want to chose this premium connector for this article.

Step 4: For the first time, you would be getting the following screen that asks for the Base resource URL and Azure AD resource URL. In both fields enter https://graph.microsoft.com and select ‘sign in’.

When asked for sign-in select the account that has permission to Azure AD.

Step 5: After that you will be getting following fields to enter the values.

• Method
• URL of the request
• Headers
• Body of the request

Step 6: Select the Method as ‘Get’ and the URl of the request from the section ‘Getting request using Graph Explorer’ last step.

Step 7: Now save and test the flow. On success you would get the following response

Step 8: As per article, I am interested in getting the emails of members and total count of group. on examining the raw outputs from the test run, I have the mail for members

Step 9: on examining the raw outputs the required fields values are present in body à Value à mail.

Step 10: Lets filter the value from the body using compose. Here I have used expression and then selected the outputs of invoke http request and then appended “? [‘value’]”. The final expression should be similar to this

outputs('Invoke_an_HTTP_request')?['body']?['value']

Step 11: now add ‘Select’ operator and then chose the ‘Outputs’ from the ‘Compose-Filter the values’ and enter the key as ‘Email’ and value as item()?['mail']

Step 12: Finally get count of emails using compose action and then use ‘Length’ function and select the outputs from select – Get user emails’.

Step 13: Now save and test the flow. On success, you could see the emails and the length of the final collection in outputs.

Below is the screen capture of the flow. You can also refer to attached flow.

Conclusion

Thus, in this article we have seen how to interact with Graph API using graph explorer and how to integrate Graph API request with Power Automate and get the required outputs.

References

• https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent
• https://www.youtube.com/watch?v=yGYmgY3OgXk