A core feature of Microsoft’s Power Platform, Power Automate is a cloud-based workflow engine that automates process automation with low code. Microsoft Flow, earlier known as Business Process Management software, allows organizations to monitor their processes via networked data sources, and constructs streamlined applications based on their business rules.

Power Automate automates repetitive tasks such as file synchronization, receiving notifications, collecting data, and creating reports for entrepreneurs and employees to improve operating efficiency.

The demand for organizations to share their Office 365 or custom applications with external users has grown significantly over the last few years. It is now easier to share these apps while keeping your data safe with Azure Active Directory, whether you are a Business – to – business (B2B) or Business – to – consumer (B2C) client.

To add any external user or to share the site with external user, we need to go and share the site with the external users manually. It is good until and unless we need to share it with limited number of users.
But it is not possible to share the site and add the external users on the fly.
This blog will guide you how this can be easily done by using Power Automate in integration with Azure Active directory.

Let’s get started

First we need to create a Power Automate (Flow)

Create-user-workflow-using-power-automate

Add a trigger action item for HTTP request (Post), so that this flow can be triggered from any type of application. I am going to call this Power Automate by using JavaScript/Typescript in a SPFX form on SharePoint Online.

Add triger action

We added this Json Body schema in this post request

{
type“: “object”,
properties“: {
Email“: {
type“: “string”
},
Name“: {
type“: “string”
},
Redirect URL“: {
type“: “string”
},
Message“: {
type“: “string”
},
Group“: {
type“: “string”
}
}
}

Email:  User email
Name:   User name
Redirect URL:   URL to navigate the User to the site, and adds the user in to SharePoint group of this site
Message:   custom message to be send in the invitation email
Group:   SharePoint group name (in which we want to add the external user)

Then add the action item “Set Variable” to add

  • Client Id
  • Client Secret
  • Tenant Id

Values for these above three, you can get from the Azure App. Once we do the App Registration in Azure portal it will give these values.

VAdded another action item to generate the random password

See in below image

add action to generate random password

Add HTTP action trigger post method to generate the access token

generate access token

URL :  https://login.microsoftonline.com/Tenant variable/oauth2/token
Header:
 Key:  content-type    value: application/x-www-form-urlencoded

Body:

grant_type=client_credentials &client_id=Client Id variable&client_secret=ClientSecret variable&resource= https%3A%2F%2Fgraph.microsoft.com

Now add the Action item to parse the Json output of above action

add action item to parse json

Schema sample:


{
type“: “object”,
properties“: {
token_type“: {
type“: “string”
},
expires_in“: {
type“: “string”
},
ext_expires_in“: {
type“: “string”
},
expires_on“: {
type“: “string”
},
not_before“: {
type“: “string”
},
resource“: {
type“: “string”
},
access_token“: {
type“: “string”
}
}
}

Once we get this Access token, we can add the external user in the active directory.

To invite the external user on Active directory we are using Microsoft graph api of invitation

Microsoft graph api of invitation

URL:  https://graph.microsoft.com/v1.0/invitations

Header:  Key :  Authorization    Value:  Bearer AccessToken (token value from Above json Parse)

Body:   {
“invitedUserEmailAddress”: “Email”,
“inviteRedirectUrl”: “Redirect URL”,
“invitedUserDisplayName”: “Name”,
“sendInvitationMessage”: true,
“invitedUserMessageInfo”: {
“customizedMessageBody”: “Message”
}
}

From this the External user will get the email for invitation. Something similar as shown in below image

Azure Active directory

This process can be automated easily using Power Automate.