cancel
Showing results for 
Search instead for 
Did you mean: 

Extend Microsoft Flow with the Microsoft Graph ...and 0 code !

3 weeks ago I was involved in a project combining Office 365, SharePoint Online and Microsoft Flow. One of the problem I had to solve was that I needed to store the list of Office 365 groups in a SharePoint list.

 

If you check Microsoft Flow there is no action for doing this, the Office 365 groups action sare the following:

 

nolistofgroups

 

One solution was to create a custom connector, like an Azure function as I illustrated before, but I wanted something lighter.

So what I did was to use the Microsoft Graph, which will become the standard way of interacting with Microsoft cloud products.

And retrieving the list of group with the Microsoft Graph is something very easy:

 

https://graph.microsoft.com/v1.0/groups?$orderby=displayName

 

That's it. You will get a JSON response that looks like this:

 

{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#groups","value":[

{"id":"3d017548-4545-4050-a659-661126236618","deletedDateTime":null,"classification":null,"createdDateTime":"2016-10-24T18:10:32Z","description":"AOS Bxl 2016 Flow","displayName":"AOS Bxl 2016 Flow","groupTypes":["Unified"],"mail":"aosbxl2016flow@contoso.com","mailEnabled":true,"mailNickname":"aosbxl2016flow","onPremisesLastSyncDateTime":null,"onPremisesProvisioningErrors":[],"onPremisesSecurityIdentifier":null,"onPremisesSyncEnabled":null,"proxyAddresses":["smtp:aosbxl2016flow@ShareQL.onmicrosoft.com","SMTP:aosbxl2016flow@ShareQL.com"],"renewedDateTime":"2016-10-24T18:10:32Z","securityEnabled":false,"visibility":"Public"},

{"id":"b8aa1cc1-97a1-478e-97a5-51ab2dba857e","deletedDateTime":null,"classification":null,"createdDateTime":"2017-04-04T13:36:40Z","description":"Azure Data Factory","displayName":"Azure Data Factory","groupTypes":["Unified"],"mail":"AzureDataFactory@contoso.com","mailEnabled":true,"mailNickname":"AzureDataFactory","onPremisesLastSyncDateTime":null,"onPremisesProvisioningErrors":[],"onPremisesSecurityIdentifier":null,"onPremisesSyncEnabled":null,"proxyAddresses":["smtp:AzureDataFactory@ShareQL.onmicrosoft.com","SMTP:AzureDataFactory@ShareQL.com"],"renewedDateTime":"2017-04-04T13:36:40Z","securityEnabled":false,"visibility":"Private"}

]}

 

OAuth 2.0 is an authorization protocol. It defines how your app can get access tokens by authenticating directly with Azure AD.

In order to use the Microsoft Graph, we need to define an Azure App that will be authorized via OAuth 2.0 by  (first) authenticating directly with Azure AD.

So we will need a clientid and a secretid.

Some permissions are of course required for the Microsoft graph in the App definition.

 

  • graphpermissions

 

Don't forget to define your secretid.

When this has been set up, we can create our Flow (I will just present a simplified version of my flow that we can start by pressing a button :-)

Now any call to the Microsoft Graph requires an access token; to get it you need to provide your application client, secret id and tenant id.

 

Define 3 variables in your Flow (see picture below)

 

Client Id, Secret Id, Tenant Id and store the corresponding values. Here is how you can  find your tenant id.

 

tenantid

 

To generate the access token, we can use the out of the box Http action and pass the required parameters to the https://login.microsoftinline.com/<tenantid>/oauth2/token url :

 

generate access token

 

When we run the workflow we clearly see the access token in the output of the Generate Access Token action :

generate the schema

 

We need to be able to parse this value in order to pass it to our Microsoft graph calls.

To achieve this we can use a JSON parser variable, but first we need to understand the schema. Let's copy the body information above and past it in a Parser JSON variable as an example to generate the schema :

generate the schema2

 

...and voilà, a schema will be generated :

generate the schema3

 

The Content of the action must be set to the Body of  the action Generate Access Token.

 

Next we are ready to call the Microsoft graph with an Http action ("GetTenantGroups") :

callGraph

 

The next step is to parse the Microsoft Graph response and to  store the information in a SharePoint list.

 

Here again we need to use the JSON parse action, but for this we need to define a schema by generating an example from the Graph explorer :

graphexplorer

 

If you copy & paste these value in the JSON Parser action schema generator, you will get some errors at runtime : I've used the online JSon validator to validate the schema generated by the Flow JSON Parser action. Some values like description and a few others were null; so I've updated their settings as any in the schema.

Here is my schema :

{
"type": "object",
"properties": {
"@@odata.context": {
"type": "string"
},
"value": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"deletedDateTime": {
"type": "any"
},
"classification": {
"type": "any"
},
"createdDateTime": {
"type": "string"
},
"description": {
"type": "any"
},
"displayName": {
"type": "string"
},
"groupTypes": {
"type": "array",
"items": {
"type": "string"
}
},
"mail": {
"type": "string"
},
"mailEnabled": {
"type": "boolean"
},
"mailNickname": {
"type": "string"
},
"onPremisesLastSyncDateTime": {
"type": "any"
},
"onPremisesProvisioningErrors": {
"type": "array"
},
"onPremisesSecurityIdentifier": {
"type": "any"
},
"onPremisesSyncEnabled": {
"type": "any"
},
"proxyAddresses": {
"type": "array",
"items": {
"type": "string"
}
},
"renewedDateTime": {
"type": "string"
},
"securityEnabled": {
"type": "boolean"
},
"visibility": {
"type": "any"
}
},
"required": [
"id"
]
}
}
}
}

 

We are now ready to store the group info into a SharePoint list by using the Apply to each action :

 

storegroupsinsplist

 

 

The whole Flow looks like this :

 

wholegroupflow

 

Comments

This was incredibly helpful!!! Thank you so much for posting this Smiley Happy 

I have problems getting the Token. What is the entire body of Generate Access Token?

 

When i read the documentation at https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-... it says that the code parameter si required and should be obtaint in a seperate call . How did you get the token without the code parameter?

Brilliant job Serge. Glad I found this.
Meet Our Blog Authors
  • Co-founder of https://plumsail.com, Office 365 and SharePoint expert. Passionate about design and development of easy to use, convenient and flexible products.
  • Microsoft Business Apps MVP. Owner of ThriveFast, an Office 365 consulting company.
  • 7x Microsoft Business Solutions MVP (CRM)
  • Solution Architect with Slalom, and organizer of the Boston Office 365 User Group, and long term SharePoint/Office 365 veteren. Find more at http://www.davidlozzi.com. Follow @DavidLozzi
  • I'm keen in MS technologies, SharePoint, Office 365 and development for them
  • Michelle is an Office 365 solution architect in Twin Cities, MN. She has been delivering business collaboration solutions for years with her focus on SharePoint and Office 365. Michelle is a recent board member of the Minnesota Office 365 User Group and has been a member of the SharePoint community since 2009. She is a frequent speaker at MNSPUG and SharePoint Saturday and co-chaired the Legal SharePoint User Group for 4 years. Her most frequent projects have involved rolling out a large deployment of Office 365, SharePoint Online intranet, build of a "CHAMPS" Office 365 user adoption program and most recently, SharePoint On-Premise to Online Migration. Michelle is very excited about cloud technology as it is shifting her IT Pro focus to collaboration strategy and technical adoption.
  • I'm a Microsoft Office Servers and Services MVP with a special interest in SharePoint, Office 365, Microsoft Flow, Microsoft Teams and PowerApps. I work at Triad Group Plc ( https://triad.co.uk)
>