Groups - Create

Create a new Azure DevOps group or materialize an existing AAD group.

The body of the request must be a derived type of GraphGroupCreationContext:

  • GraphGroupVstsCreationContext - Create a new Azure DevOps group that is not backed by an external provider.
  • GraphGroupMailAddressCreationContext - Create a new group using the mail address as a reference to an existing group from an external AD or AAD backed provider.
  • GraphGroupOriginIdCreationContext - Create a new group using the OriginID as a reference to a group from an external AD or AAD backed provider.

Optionally, you can add the newly created group as a member of an existing Azure DevOps group and/or specify a custom storage key for the group.

POST https://vssps.dev.azure.com/{organization}/_apis/graph/groups?api-version=5.1-preview.1
POST https://vssps.dev.azure.com/{organization}/_apis/graph/groups?scopeDescriptor={scopeDescriptor}&groupDescriptors={groupDescriptors}&api-version=5.1-preview.1

URI Parameters

Name In Required Type Description
organization
path True
  • string

The name of the Azure DevOps organization.

api-version
query True
  • string

Version of the API to use. This should be set to '5.1-preview.1' to use this version of the api.

groupDescriptors
query
  • string
array (string)

A comma separated list of descriptors referencing groups you want the graph group to join

scopeDescriptor
query
  • string

A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization. Valid only for VSTS groups.

Request Body

Name Type Description
storageKey
  • string

Optional: If provided, we will use this identifier for the storage key of the created group

Responses

Name Type Description
200 OK

successful operation

Security

oauth2

Type: oauth2
Flow: accessCode
Authorization URL: https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion
Token URL: https://app.vssps.visualstudio.com/oauth2/token?client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer

Scopes

Name Description
vso.graph_manage Grants the ability to read user, group, scope and group membership information, and to add users, groups and manage group memberships

Examples

Add an AAD Group as member of a group
Add an AAD Group by OID
Add an AAD Group with a custom storage key
Create a Group at the account level
Create a Group at the project level

Add an AAD Group as member of a group

Sample Request

POST https://vssps.dev.azure.com/{organization}/_apis/graph/groups?groupDescriptors=vssgp.Uy0xLTktMTU1MTM3NDI0NS0yMTc2MDU2ODQ4LTMyODAwNzczODUtMjM4NDQzMDA4Mi0yNTc3Njk3NTA4LTEtNzM0NDQ1NzM2LTQwNzkyNzIyNjgtMzA0NzY5MjIyMy0yMjg2NTY0ODM0&api-version=5.1-preview.1
{
  "originId": "7dee3381-2ec2-41c2-869a-7afe9b574095"
}

Sample Response

location: https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU
{
  "subjectKind": "group",
  "description": "Test engineers",
  "isCrossProject": true,
  "domain": "vstfs:///Framework/IdentityDomain/9b4f7336-c130-40bd-87f3-4201361ddbd1",
  "principalName": "[TEAM FOUNDATION]\\Testers",
  "mailAddress": null,
  "origin": "aad",
  "originId": "7dee3381-2ec2-41c2-869a-7afe9b574095",
  "displayName": "Testers",
  "_links": {
    "self": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU"
    },
    "memberships": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Memberships/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU"
    },
    "membershipState": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/MembershipStates/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU"
    },
    "storageKey": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/StorageKeys/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU"
    }
  },
  "url": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU",
  "descriptor": "aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU"
}

Add an AAD Group by OID

Sample Request

POST https://vssps.dev.azure.com/{organization}/_apis/graph/groups?api-version=5.1-preview.1
{
  "originId": "77ed2186-aaf6-4299-ac9e-37ba282c2b95"
}

Sample Response

location: https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIyNTAzNzA0MjMtNDEzODM3NTQ5MC0yODk2MDUwMTA2LTY3Mzk4MzM4MQ
{
  "subjectKind": "group",
  "description": "Full time employees working on Fabrikam",
  "isCrossProject": true,
  "domain": "vstfs:///Framework/IdentityDomain/9b4f7336-c130-40bd-87f3-4201361ddbd1",
  "principalName": "[TEAM FOUNDATION]\\Full Time Engineers",
  "mailAddress": null,
  "origin": "aad",
  "originId": "77ed2186-aaf6-4299-ac9e-37ba282c2b95",
  "displayName": "Full Time Engineers",
  "_links": {
    "self": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIyNTAzNzA0MjMtNDEzODM3NTQ5MC0yODk2MDUwMTA2LTY3Mzk4MzM4MQ"
    },
    "memberships": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Memberships/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIyNTAzNzA0MjMtNDEzODM3NTQ5MC0yODk2MDUwMTA2LTY3Mzk4MzM4MQ"
    },
    "membershipState": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/MembershipStates/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIyNTAzNzA0MjMtNDEzODM3NTQ5MC0yODk2MDUwMTA2LTY3Mzk4MzM4MQ"
    },
    "storageKey": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/StorageKeys/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIyNTAzNzA0MjMtNDEzODM3NTQ5MC0yODk2MDUwMTA2LTY3Mzk4MzM4MQ"
    }
  },
  "url": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIyNTAzNzA0MjMtNDEzODM3NTQ5MC0yODk2MDUwMTA2LTY3Mzk4MzM4MQ",
  "descriptor": "aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIyNTAzNzA0MjMtNDEzODM3NTQ5MC0yODk2MDUwMTA2LTY3Mzk4MzM4MQ"
}

Add an AAD Group with a custom storage key

Sample Request

POST https://vssps.dev.azure.com/{organization}/_apis/graph/groups?api-version=5.1-preview.1
{
  "originId": "f0d20172-7b96-42f6-9436-941433654b48",
  "storageKey": "84d7349a-e9db-4d62-b099-68b2f59c0b00"
}

Sample Response

location: https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTE5MTI3MjIxNjAtMjUyNDcwNjM3MC0yNDg2NjA0ODIwLTg2MjI3NjQyNA
{
  "subjectKind": "group",
  "description": "Part time engineers",
  "isCrossProject": true,
  "domain": "vstfs:///Framework/IdentityDomain/9b4f7336-c130-40bd-87f3-4201361ddbd1",
  "principalName": "[TEAM FOUNDATION]\\Part Time Engineers",
  "mailAddress": null,
  "origin": "aad",
  "originId": "f0d20172-7b96-42f6-9436-941433654b48",
  "displayName": "Part Time Engineers",
  "_links": {
    "self": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTE5MTI3MjIxNjAtMjUyNDcwNjM3MC0yNDg2NjA0ODIwLTg2MjI3NjQyNA"
    },
    "memberships": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Memberships/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTE5MTI3MjIxNjAtMjUyNDcwNjM3MC0yNDg2NjA0ODIwLTg2MjI3NjQyNA"
    },
    "membershipState": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/MembershipStates/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTE5MTI3MjIxNjAtMjUyNDcwNjM3MC0yNDg2NjA0ODIwLTg2MjI3NjQyNA"
    },
    "storageKey": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/StorageKeys/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTE5MTI3MjIxNjAtMjUyNDcwNjM3MC0yNDg2NjA0ODIwLTg2MjI3NjQyNA"
    }
  },
  "url": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTE5MTI3MjIxNjAtMjUyNDcwNjM3MC0yNDg2NjA0ODIwLTg2MjI3NjQyNA",
  "descriptor": "aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTE5MTI3MjIxNjAtMjUyNDcwNjM3MC0yNDg2NjA0ODIwLTg2MjI3NjQyNA"
}

Create a Group at the account level

Sample Request

POST https://vssps.dev.azure.com/{organization}/_apis/graph/groups?api-version=5.1-preview.1
{
  "displayName": "Developers-ba8cfcdb-b7fd-45d5-86ab-9888d0222f84",
  "description": "Group created via client library"
}

Sample Response

location: https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/vssgp.Uy0xLTktMTU1MTM3NDI0NS0yMTc2MDU2ODQ4LTMyODAwNzczODUtMjM4NDQzMDA4Mi0yNTc3Njk3NTA4LTEtMTgxNTc4MDU1Ny0xNjQxNDEyMTYyLTI2Mzk4Nzg1NzctMjA4NDYyNTczMg
{
  "subjectKind": "group",
  "description": "Group created via client library",
  "domain": "vstfs:///Framework/IdentityDomain/10feb381-82c3-4902-8e1f-840299a48ae4",
  "principalName": "[Fabrikam]\\Developers-ba8cfcdb-b7fd-45d5-86ab-9888d0222f84",
  "mailAddress": null,
  "origin": "vsts",
  "originId": "9efb8978-a26f-4b52-aebb-e0eef6be6a31",
  "displayName": "Developers-ba8cfcdb-b7fd-45d5-86ab-9888d0222f84",
  "_links": {
    "self": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/vssgp.Uy0xLTktMTU1MTM3NDI0NS0yMTc2MDU2ODQ4LTMyODAwNzczODUtMjM4NDQzMDA4Mi0yNTc3Njk3NTA4LTEtMTgxNTc4MDU1Ny0xNjQxNDEyMTYyLTI2Mzk4Nzg1NzctMjA4NDYyNTczMg"
    },
    "memberships": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Memberships/vssgp.Uy0xLTktMTU1MTM3NDI0NS0yMTc2MDU2ODQ4LTMyODAwNzczODUtMjM4NDQzMDA4Mi0yNTc3Njk3NTA4LTEtMTgxNTc4MDU1Ny0xNjQxNDEyMTYyLTI2Mzk4Nzg1NzctMjA4NDYyNTczMg"
    },
    "membershipState": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/MembershipStates/vssgp.Uy0xLTktMTU1MTM3NDI0NS0yMTc2MDU2ODQ4LTMyODAwNzczODUtMjM4NDQzMDA4Mi0yNTc3Njk3NTA4LTEtMTgxNTc4MDU1Ny0xNjQxNDEyMTYyLTI2Mzk4Nzg1NzctMjA4NDYyNTczMg"
    },
    "storageKey": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/StorageKeys/vssgp.Uy0xLTktMTU1MTM3NDI0NS0yMTc2MDU2ODQ4LTMyODAwNzczODUtMjM4NDQzMDA4Mi0yNTc3Njk3NTA4LTEtMTgxNTc4MDU1Ny0xNjQxNDEyMTYyLTI2Mzk4Nzg1NzctMjA4NDYyNTczMg"
    }
  },
  "url": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/vssgp.Uy0xLTktMTU1MTM3NDI0NS0yMTc2MDU2ODQ4LTMyODAwNzczODUtMjM4NDQzMDA4Mi0yNTc3Njk3NTA4LTEtMTgxNTc4MDU1Ny0xNjQxNDEyMTYyLTI2Mzk4Nzg1NzctMjA4NDYyNTczMg",
  "descriptor": "vssgp.Uy0xLTktMTU1MTM3NDI0NS0yMTc2MDU2ODQ4LTMyODAwNzczODUtMjM4NDQzMDA4Mi0yNTc3Njk3NTA4LTEtMTgxNTc4MDU1Ny0xNjQxNDEyMTYyLTI2Mzk4Nzg1NzctMjA4NDYyNTczMg"
}

Create a Group at the project level

Sample Request

POST https://vssps.dev.azure.com/{organization}/_apis/graph/groups?scopeDescriptor=scp.NTc0N2FkNjQtMTE3Ni00MzM4LWE1OGMtOTIyZGJiOGVlOTRk&api-version=5.1-preview.1
{
  "displayName": "Project Developers-c3d5f33a-3ec0-4df9-baa3-19929a683f16",
  "description": "Group at project level created via client library"
}

Sample Response

location: https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/vssgp.Uy0xLTktMTU1MTM3NDI0NS0xNjg5MDc3NTkxLTE5ODA4NDAwMDMtMjc3NzQ1MzEwMS0zMTQ2NzA1MjI5LTEtOTI3Nzc2MzIxLTE5NTYwNzkxNzMtMzAwNTM1MDY0OC0zNjM0NTAzMTcz
{
  "subjectKind": "group",
  "description": "Group at project level created via client library",
  "domain": "vstfs:///Classification/TeamProject/ca97818a-3c86-4f95-b591-a4263b656b9e",
  "principalName": "[MyFirstProject]\\Project Developers-c3d5f33a-3ec0-4df9-baa3-19929a683f16",
  "mailAddress": null,
  "origin": "vsts",
  "originId": "ee85dd6f-5cd6-4025-93ca-f7b0893e67bf",
  "displayName": "Project Developers-c3d5f33a-3ec0-4df9-baa3-19929a683f16",
  "_links": {
    "self": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/vssgp.Uy0xLTktMTU1MTM3NDI0NS0xNjg5MDc3NTkxLTE5ODA4NDAwMDMtMjc3NzQ1MzEwMS0zMTQ2NzA1MjI5LTEtOTI3Nzc2MzIxLTE5NTYwNzkxNzMtMzAwNTM1MDY0OC0zNjM0NTAzMTcz"
    },
    "memberships": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Memberships/vssgp.Uy0xLTktMTU1MTM3NDI0NS0xNjg5MDc3NTkxLTE5ODA4NDAwMDMtMjc3NzQ1MzEwMS0zMTQ2NzA1MjI5LTEtOTI3Nzc2MzIxLTE5NTYwNzkxNzMtMzAwNTM1MDY0OC0zNjM0NTAzMTcz"
    },
    "membershipState": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/MembershipStates/vssgp.Uy0xLTktMTU1MTM3NDI0NS0xNjg5MDc3NTkxLTE5ODA4NDAwMDMtMjc3NzQ1MzEwMS0zMTQ2NzA1MjI5LTEtOTI3Nzc2MzIxLTE5NTYwNzkxNzMtMzAwNTM1MDY0OC0zNjM0NTAzMTcz"
    },
    "storageKey": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/StorageKeys/vssgp.Uy0xLTktMTU1MTM3NDI0NS0xNjg5MDc3NTkxLTE5ODA4NDAwMDMtMjc3NzQ1MzEwMS0zMTQ2NzA1MjI5LTEtOTI3Nzc2MzIxLTE5NTYwNzkxNzMtMzAwNTM1MDY0OC0zNjM0NTAzMTcz"
    }
  },
  "url": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Groups/vssgp.Uy0xLTktMTU1MTM3NDI0NS0xNjg5MDc3NTkxLTE5ODA4NDAwMDMtMjc3NzQ1MzEwMS0zMTQ2NzA1MjI5LTEtOTI3Nzc2MzIxLTE5NTYwNzkxNzMtMzAwNTM1MDY0OC0zNjM0NTAzMTcz",
  "descriptor": "vssgp.Uy0xLTktMTU1MTM3NDI0NS0xNjg5MDc3NTkxLTE5ODA4NDAwMDMtMjc3NzQ1MzEwMS0zMTQ2NzA1MjI5LTEtOTI3Nzc2MzIxLTE5NTYwNzkxNzMtMzAwNTM1MDY0OC0zNjM0NTAzMTcz"
}

Definitions

GraphGroup

Graph group entity

GraphGroupCreationContext

Do not attempt to use this type to create a new group. This type does not contain sufficient fields to create a new group.

ReferenceLinks

The class to represent a collection of REST reference links.

GraphGroup

Graph group entity

Name Type Description
_links

This field contains zero or more interesting links about the graph subject. These links may be invoked to obtain additional relationships or more detailed information about this graph subject.

description
  • string

A short phrase to help human readers disambiguate groups with similar names

descriptor
  • string

The descriptor is the primary way to reference the graph subject while the system is running. This field will uniquely identify the same graph subject across both Accounts and Organizations.

displayName
  • string

This is the non-unique display name of the graph subject. To change this field, you must alter its value in the source provider.

domain
  • string

This represents the name of the container of origin for a graph member. (For MSA this is "Windows Live ID", for AD the name of the domain, for AAD the tenantID of the directory, for VSTS groups the ScopeId, etc)

legacyDescriptor
  • string

[Internal Use Only] The legacy descriptor is here in case you need to access old version IMS using identity descriptor.

mailAddress
  • string

The email address of record for a given graph member. This may be different than the principal name.

origin
  • string

The type of source provider for the origin identifier (ex:AD, AAD, MSA)

originId
  • string

The unique identifier from the system of origin. Typically a sid, object id or Guid. Linking and unlinking operations can cause this value to change for a user because the user is not backed by a different provider and has a different unique id in the new provider.

principalName
  • string

This is the PrincipalName of this graph member from the source provider. The source provider may change this field over time and it is not guaranteed to be immutable for the life of the graph member by VSTS.

subjectKind
  • string

This field identifies the type of the graph subject (ex: Group, Scope, User).

url
  • string

This url is the full route to the source resource of this graph subject.

GraphGroupCreationContext

Do not attempt to use this type to create a new group. This type does not contain sufficient fields to create a new group.

Name Type Description
storageKey
  • string

Optional: If provided, we will use this identifier for the storage key of the created group

The class to represent a collection of REST reference links.

Name Type Description
links
  • object

The readonly view of the links. Because Reference links are readonly, we only want to expose them as read only.