Overview

Microsoft Graph API offers a single endpoint to connect to data from various services. Power Automate (earlier MS Flow) enables to design powerful workflows. Calling the Graph API from Power Automate Flow opens a wide range of possibilities. One scenario could be to get the things done with application permissions, which otherwise cannot work under user delegated permissions.
In the article, we will explore a scenario of calling Graph API from Power Automate Flow.

Business Scenario

We will explore below business scenario during this article.
  • An O365 tenant contains many O365 Groups.
  • Get all O365 groups in the tenant by using MS Graph
  • Get the owners for a specific group

Prerequisites

Before we proceed, make sure you have below permissions:
  • Administrative access to Azure AD of Office 365 tenant
  • Permissions to create flow in Power Automate (prior MS Flow)

Create an application in Azure AD

We will start by registering an application in Azure AD. Follow the below steps to create an application in Azure AD:
  1. Login to Microsoft 365 Portal (https://portal.office.com)
  2. Open Microsoft 365 admin center (https://admin.microsoft.com
  3. From the left menu, under “Admin centers”, click “Azure Active Directory”.


4. From the left menu, click “Azure Active Directory”.
5. Click “App registrations”.



6. Click “New registration”.
7. Provide the application name, supported account type and leave the Redirect URI blank.



8. Click Register.
9. Note down Application and Directory IDs to use later in the flow.




10. From the left menu, click “API permissions” to grant some permissions to the application.
11. Click “+ Add a permission”.



12. Select “Microsoft Graph”.



13. Select Application permissions.
14. Grant the needed permissions (Please refer table below for example).
15. Click “Add permissions”.


Below are examples of the needed application permissions to perform the operations.

Action

Application permissions

List owners

Group.Read.All, User.Read.All, Group.Read.All, and User.ReadWrite.All

Add member

GroupMember.ReadWrite.All, Group.ReadWrite.All, and Directory.ReadWrite.All


↑ Back to top

Grant required permissions to the application

After creating the permissions, we need to grant consent to the application to allow the application to access Graph API without a consent screen.
  1. Click “Grant admin consent for …


2. From the left menu, click “Certificates & secrets”.
3. Under “Client secrets”, click “+ New client secret”.



4. Provide a description and select an expiry time for the secret.


5. Click “Add”.
6. Make a note of the secret value.




Get all O365 Groups in a tenant

We will utilize the MS Graph Explorer to retrieve all O365 groups in a tenant. Follow below steps to get all O365 groups in a tenant:
  1. Open MS Graph Explorer in a browser.
  2. Sign in to your tenant.
  3. Under Sample Queries, select Groups
  4. Select the query "all groups in my organization".
  5. Observe the Response Preview to get the group id.



Build Power Automate Flow

We will start by building flow.
  1. Navigate to Power Automate in Office 365.
  2. From the left menu, click Create.
  3. Select “Instant flow”.



4. In the modal dialog, specify the flow name (e.g. Get Group Owners).
5. Select the trigger as “When an HTTP request is received”.


6. Click Create.
7. The flow should get created as below.



8. Expand the activity “When a HTTP request is received”.
9. Click “Generate from sample”.
10. In the popup, add the below request body JSON schema.

{
    "groupId":"07c00c4d-6a21-4c51-9545-f2921b4109b0"
}

11. Click Done.
12. The request body json schema will be generated as below.



13. Initialize the variables client id, directory (tenant) id and secret generated from the previous step.



These variables then can be used to make an MS Graph API call.

14. Add the “HTTP” activity.



↑ Back to top

Test Flow with Soap UI

Download and install the SoapUI from https://www.soapui.org/. You may also use Postman here.
  • Open the Soap UI.
  • Select Method as Post.
  • Specify the endpoint as HTTP POST URL.
  • Specify the header as Content-type with value application/json.
  • In the Body, specify the JSON input.


5. Click Send
6. Observe the run history of the flow.


Conclusion

Calling the Graph API from Power Automate Flow opens a wide range of possibilities. One scenario could be to get the things done with application permissions, which otherwise cannot work under user delegated permissions. Power automate flow then can be called from an SharePoint Framework solution to build more advanced scenarios. 
Please refer to my previous article - Execute Power Automate Workflow from SPFx for more details.

Download

The Power Automate Flow designed during this article can be downloaded from GitHub.

References

See Also


↑ Back to top