Working with O365 Groups, DL's and Security Groups in Power Automate
In this #PowerShot, I will show you how to retrieve the members from an Office 365 Group or a Distribution List or a Security Group using the Graph API in Power Automate.
Let's Get Started
In Power Automate, when provided with an internal email address in an organization, it is difficult to identify if it is a user or an office 365 group or a distribution list. The Office 365 users connector can be used to retrieve details if the email address is of a user. The list group members from the Azure AD connector or the Office 365 Groups connector allows you to list the group members if the group ID is available. So let's see how we can extract the group ID with a custom connector and pass through the available ones to get the members from an email address.
Step 1: Register an App in Azure Active Directory and provide the required permissions:
API documentation here.
Step 2: Create a custom connector:
Navigate to Data -> Custom Connectors and click new to open up the page to create a new custom connector. Provide "graph.microsoft.com" for the host and select "https" for scheme as shown in the image below.
Step 3: Provide authentication details:
Select the authentication type as Oauth 2.0 and the identity provider as Azure Active Directory. Provide the client ID and the client secret from the app registration in Azure. Provide the login URL as: https://login.windows.net and the resource URL as https://graph.microsoft.com/. Click Update Connector and copy the Redirect URL generated on this page. Paste the URL in the Authentication tab in the app registration in Azure.
Step 4: Add an action:
Click on add new action and provide the general details as shown in the screenshot below. In the request section, click on Import from Sample and provide the URL after selecting the request type as GET. (https://graph.microsoft.com/v1.0/groups?$filter) $filter gets identified as a query parameter that can be passed to filter the results from the Graph API.
Click on import to create the action and now in the response section, add a default response and provide the body returned while performing a test in the Graph API explorer. Providing the sample response will create the JSON schema for the outputs that can later be selected from the dynamic selector in flow. After adding the response schema, click on update connector.
Step 5: Test the custom connector:
Once the connector is created, click on New Connection to authenticate the connector. Once authenticated, in the Operations section the action can be tested. In this demo, we will filter the groups based on the email id so the filter query passed is: mail eq 'firstname.lastname@example.org'. This returns with a response code 200 (action successful) and the response body that has the id of the group that can further be used to get the members of the group.
In this scenario, we have an MS Forms based form that users can fill out and provide an email address for the contact person/team. We will get the response from the Form and use the email to determine if it is of a specific user or if it belongs to a group and if so, get the members of the group.
Step 1: Trigger- When a new response is submitted- To trigger the flow when a new response is submitted on the Review Request Form.
Step 2: Action- Get Response Details- Get the response details of the submitted form to parse individual question/ answers.
Step 3: Action- Get User Profile (V2)- To get the profile of the user if the email provided for "Reviewer" question is a person.
Step 4: Action- Get Group ID- switch to select the action from the custom connectors in the add action list. The Get Group ID action created in the first part of the blog will appear. Select the action and pass the filter query as:
mail eq 'SelectValueFromDynamicSelector'
Filter query and API documentation here.
Step 5: Control- Apply to each- The Get Group ID action from the custom connector gets a list of group IDs matching the filter query. The filter is being set to the mail parameter so this will return a single value only.
Step 6: Action- List group members- To get the members from the group ID retrieved from the previous action. In the drop down for the Group Id input, select enter custom value and select the "id" option from the dynamic selector from outputs of the Get Group ID action.
Step 7: Action- Terminate- To register the flow as successful run (as the Get User action failed).
Action Settings: Select the settings of the Get Group ID action and set the "configure run after" as shown in the image below.
In this post, we saw how to invoke the Graph API, create a custom connector and pass filter queries to the Graph API resource to get group ID details. Similarly, multiple actions as supported by the API can be added and invoked in Power Automate through this setup.
I hope you found this interesting and it helped you. Thank you for reading!