With more organizations moving to the cloud, a common question that we see from Nintex developers is: “I used to use Query LDAP to retrieve my users from Active Directory. Now that my users are in Azure, how do I retrieve them?”
Query LDAP is an out-of-the-box (OOB) action in Nintex Workflow for SharePoint on-premises. With minimal configuration, it allowed developers to grab users from an on-premises Active Directory (AD) group.
The problem a lot of developers face when they start using Nintex Workflow for Office 365 or Nintex Workflow Cloud (NWC), is that there’s no equivalent action to Query LDAP in a cloud environment (as of February 2020).
In this blog post we will learn how to leverage Microsoft Graph API to retrieve the members of an Azure AD group.
We will build our workflow using Nintex Workflow for Office 365. However, you can apply the same concepts you’ll learn today, if you’re building an NWC workflow.
The end result of our workflow will be a collection of users’ principals, that you can use however you prefer. To get there, we’ll follow the steps below:
In this tutorial, we will retrieve the members of an Azure AD group in a JSON object. From the JSON object we will retrieve the userPrincipleName property of each member. Once we have the members JSON object, it’s straightforward to grab any other user properties like display name, email, phone number etc.
Our group name is “sg-Engineering” and it has the following four members:
Once this action runs, we will have retrieved the bearer token in a JSON format and saved it to our variable varTxtBearerTokenJson. This is how the bearer token will look:
From the bearer token, we want to retrieve the access token. The easiest way to do this, is to store the bearer token in a dictionary, then retrieve the value for the key “access_token”
Once this action runs, we will have retrieved the group members in a JSON format and saved the object to our variable varTxtUsersJson. This is how the users’ JSON will look:
Microsoft Graph API allows you to access tremendous amount of data in Microsoft 365. In this tutorial we used the API to retrieve Azure AD group’s members. However, the API can be used for a lot more than that. The tricky part here was to get the access token. Now that you know how to get the token, check out the Graph API and see all the cool things you can do.
Microsoft Graph API – Get access token without a user.
Microsoft Graph API – List members end point.
A version of this article also appears on Wisam’s blog Consultant Diary.