Share via


Azure AD App Registrations (Preview)

Azure Active Directory is an Identity and Access Management cloud solution that extends your on-premises directories to the cloud and provides single sign-on to thousands of cloud (SaaS) apps and access to web apps you run on-premises.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name Paul Culmsee and Microsoft
URL https://docs.microsoft.com/en-us/graph/api/resources/application
Email paul.culmsee@rapidcircle.com
Connector Metadata
Publisher Paul Culmsee (Rapid Circle) and Microsoft
Privacy policy https://privacy.microsoft.com/en-us/privacystatement
Website https://azure.microsoft.com/en-us/services/active-directory
Categories IT Operations;Security

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Get Application

Get the properties and relationships of an application object.

Get Application Owners

Get Application Owners

List Applications and Owners

Get the list of applications registered in AAD in this organization

Get Application

Get the properties and relationships of an application object.

Parameters

Name Key Required Type Description
Object ID
id True string

Unique identifier for the application object

Returns

Get Application Owners

Get Application Owners

Parameters

Name Key Required Type Description
Object ID
id True string

Unique identifier for the application object

Returns

List Applications and Owners

Get the list of applications registered in AAD in this organization

Parameters

Name Key Required Type Description
Choose columns
$select string

Choose columns to display (blank for all)

Search criteria (clear owners)
$search string

Advanced Search criteria. Clear Owner column and specify in quotes. (eg "displayName:Web")

Filter criteria
$filter string

Filters results (rows)

Display count
$count string

true or false - Retrieves the total count of matching resources

List related columns (blank for search)
$expand string

Retrieves related resources (including app owners by default. Remove if you use $search)

Total count to return
$top integer

Limits the number of results.

Returns

Definitions

ApplicationOwners_Definition

Name Path Type Description
value
value array of object
@odata.type
value.@odata.type string

Owner object type (eg User or Service Principal)

id
value.id string

The unique identifier for the owner

displayName
value.displayName string

The display name for the service principal

businessPhones
value.businessPhones array of

The telephone numbers for the user (user type only)

givenName
value.givenName string

The given name (first name) of the user (user type only)

mail
value.mail string

The email of the user (user type only)

mobilePhone
value.mobilePhone string

The mobile phone number of the user (user type only)

surname
value.surname string

The user's surname (user type only)

userPrincipalName
value.userPrincipalName string

The user principal name (UPN) of the user (user type only)

Application_Definition

Name Path Type Description
id
id string

The unique identifier for the application

deletedDateTime
deletedDateTime string

The date and time the application was deleted. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time.

appId
appId string

The unique identifier for the application that is assigned to an application by Azure AD

applicationTemplateId
applicationTemplateId string

Unique identifier of the applicationTemplate

disabledByMicrosoftStatus
disabledByMicrosoftStatus string

Specifies whether Microsoft has disabled the registered application

createdDateTime
createdDateTime string

The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time

displayName
displayName string

The display name for the application

description
description string

The description for the application

groupMembershipClaims
groupMembershipClaims string

The groups claim issued in a user or OAuth 2.0 access token that the application expects

identifierUris
identifierUris array of string

The URIs that identify the application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant

isDeviceOnlyAuthSupported
isDeviceOnlyAuthSupported

Specifies whether this application supports device authentication without a user. The default is false

isFallbackPublicClient
isFallbackPublicClient boolean

Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false which means the fallback application type is confidential client such as a web app

notes
notes string

Notes relevant for the management of the application

optionalClaims
optionalClaims

Optional claims in their Azure AD applications to specify the claims that are sent to their application by the Microsoft security token service

publisherDomain
publisherDomain string

The verified publisher domain for the application

signInAudience
signInAudience string

Specifies the Microsoft accounts that are supported for the current application. Supported values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount

tags
tags array of

Custom strings that can be used to categorize and identify the application

tokenEncryptionKeyId
tokenEncryptionKeyId string

Specifies the keyId of a public key from the keyCredentials collection

displayName
verifiedPublisher.displayName string

The verified publisher name from the app publisher's Partner Center account

verifiedPublisherId
verifiedPublisher.verifiedPublisherId string

The ID of the verified publisher from the app publisher's Partner Center account

addedDateTime
verifiedPublisher.addedDateTime string

The timestamp when the verified publisher was first added or most recently updated

defaultRedirectUri
defaultRedirectUri string

The default redirect URI

addIns
addIns array of object

Defines custom behavior that a consuming service can use to call an app in specific contexts

id
addIns.id string

Add-in ID

type
addIns.type string

Add-in type

properties
addIns.properties array of object

Add-in properties

key
addIns.properties.key string

Add-in property key

value
addIns.properties.value string

Add-in property value

acceptMappedClaims
api.acceptMappedClaims boolean

When true, allows an application to use claims mapping without specifying a custom signing key

knownClientApplications
api.knownClientApplications array of

Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app

requestedAccessTokenVersion
api.requestedAccessTokenVersion

Specifies the access token version expected by this resource. This changes the version and format of the JWT produced independent of the endpoint or client used to request the access token

oauth2PermissionScopes
api.oauth2PermissionScopes array of object

The definition of the delegated permissions exposed by the web API represented by this application registration

adminConsentDescription
api.oauth2PermissionScopes.adminConsentDescription string

A description of the delegated permissions, intended to be read by an administrator granting the permission on behalf of all users

adminConsentDisplayName
api.oauth2PermissionScopes.adminConsentDisplayName string

The permission's title, intended to be read by an administrator granting the permission on behalf of all users

id
api.oauth2PermissionScopes.id string

Unique delegated permission identifier inside the collection of delegated permissions defined for a resource application

isEnabled
api.oauth2PermissionScopes.isEnabled boolean

When creating or updating a permission, this property must be set to true (which is the default). To delete a permission, this property must first be set to false

type
api.oauth2PermissionScopes.type string

Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions

userConsentDescription
api.oauth2PermissionScopes.userConsentDescription string

A description of the delegated permissions, intended to be read by a user granting the permission on their own behalf

userConsentDisplayName
api.oauth2PermissionScopes.userConsentDisplayName string

A title for the permission, intended to be read by a user granting the permission on their own behalf

value
api.oauth2PermissionScopes.value string

Specifies the value to include in the scp (scope) claim in access tokens

preAuthorizedApplications
api.preAuthorizedApplications array of

Lists the client applications that are pre-authorized with the specified delegated permissions to access this application's APIs

appRoles
appRoles array of

The collection of roles assigned to the application

logoUrl
info.logoUrl string

CDN URL to the application's logo

marketingUrl
info.marketingUrl string

Link to the application's marketing page

privacyStatementUrl
info.privacyStatementUrl string

Link to the application's privacy statement

supportUrl
info.supportUrl string

Link to the application's support page

termsOfServiceUrl
info.termsOfServiceUrl string

Link to the application's terms of service statement

keyCredentials
keyCredentials array of

The collection of key credentials associated with the application

countriesBlockedForMinors
parentalControlSettings.countriesBlockedForMinors array of

Specifies the two-letter ISO country codes

legalAgeGroupRule
parentalControlSettings.legalAgeGroupRule string

Specifies the legal age group rule that applies to users of the app

passwordCredentials
passwordCredentials array of object

The collection of password credentials associated with the application

displayName
passwordCredentials.displayName string

Friendly name for the password

endDateTime
passwordCredentials.endDateTime string

The date and time at which the password expires represented using ISO 8601 format and is always in UTC time

hint
passwordCredentials.hint string

Contains the first three characters of the password

keyId
passwordCredentials.keyId string

The unique identifier for the password

startDateTime
passwordCredentials.startDateTime string

The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time

redirectUris
publicClient.redirectUris array of

Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent

requiredResourceAccess
requiredResourceAccess array of object

Specifies the resources that the application needs to access. This property also specifies the set of OAuth permission scopes and application roles that it needs for each of those resources

resourceAppId
requiredResourceAccess.resourceAppId string

The unique identifier for the resource that the application requires access to

resourceAccess
requiredResourceAccess.resourceAccess array of object

The list of OAuth2.0 permission scopes and app roles that the application requires from the specified resource

id
requiredResourceAccess.resourceAccess.id string

The unique identifier for one of the oauth2PermissionScopes or appRole instances that the resource application exposes

type
requiredResourceAccess.resourceAccess.type string

Specifies whether the id property references an oauth2PermissionScopes or an appRole

homePageUrl
web.homePageUrl string

Home page or landing page of the application

logoutUrl
web.logoutUrl string

Specifies the URL that will be used by Microsoft's authorization service to logout an user using front-channel, back-channel or SAML logout protocols

redirectUris
web.redirectUris array of string

Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent

enableAccessTokenIssuance
web.implicitGrantSettings.enableAccessTokenIssuance boolean

Specifies whether this web application can request an ID token using the OAuth 2.0 implicit flow

enableIdTokenIssuance
web.implicitGrantSettings.enableIdTokenIssuance boolean

Specifies whether this web application can request an access token using the OAuth 2.0 implicit flow

redirectUris
spa.redirectUris array of

Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent

ApplicationList_Definition

Name Path Type Description
@odata.context
@odata.context string

@odata.context

@odata.nextLink
@odata.nextLink string

@odata.nextLink

value
value array of Application_Definition

Represents an application. Any application that outsources authentication to Azure Active Directory (Azure AD) must be registered in a directory