Azure Active Directory

Integration version: 15.0

This integration uses one or more open source components. You can download a copy of the full source code of this integration from the Cloud Storage bucket.

Use cases

List all the users in Microsoft Entra ID.
Disable refresh tokens when a company device is stolen to prevent signing in.

Prerequisites

Before configuring the integration in the Google Security Operations SOAR platform, make sure to complete the following prerequisite steps:

Configure network access.
Create the Microsoft Entra app.
Configure the API permissions for your app.
Create a client secret.

Configure network access

Make sure to allow traffic over the 389 port to enable API access from Google Security Operations SOAR to Microsoft Entra ID.

Create Microsoft Entra app

Sign in to the Azure portal as a user administrator or a password administrator.
Select Microsoft Entra ID.
Go to App registrations > New registration.
Enter the name of the app.
Click Register.
Save the Application (client) ID and Directory (tenant) ID values to use them later when configuring the integration parameters.

Configure API permissions

Go to API Permissions > Add a permission.
Select Microsoft Graph > Application permissions.
In the Select Permissions section, select the following permissions:
- Directory.Read.All
- Directory.ReadWrite.All
- Group.ReadWrite.All
- User.ReadWrite.All
Note: The listed permissions are not sufficient to execute the password-related actions. To run the Force Password Update and Reset User Password actions, assign the Password Administrator role to your application using the Roles and administrators search in Microsoft Entra ID.
Click Add permissions.
Click Grant admin consent for YOUR_ORGANIZATION_NAME.

When the Grant admin consent confirmation dialog appears, click Yes.

Create client secret

Navigate to Certificates and secrets > New client secret.
Provide a description for a client secret and set its expiration deadline.
Click Add.
Save the value of the client secret (not the secret ID) to use it as the Client Secret parameter value when configuring the integration. The client secret value is only displayed once.

Integrate Azure Active Directory with Google SecOps

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Instance Name	String	N/A	No	Name of the Instance you intend to configure integration for.
Description	String	N/A	No	Description of the Instance.
Client ID	String	N/A	Yes	Specifies the Microsoft Entra ID client ID of the calling web service.
Client Secret	String	N/A	Yes	Enter a key registered for the calling web service or daemon application in Microsoft Entra ID.
Directory ID	String	N/A	Yes	Unique identifier of your directory.
Verify SSL	Checkbox	Checked	No	Use this checkbox, if your Microsoft Entra ID connection requires an SSL verification (unchecked by default).
Run Remotely	Checkbox	Unchecked	No	Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent).

Actions

List Users

List Microsoft Entra ID users based on the specified search criteria. This action is not working on entities. Additionally, advanced filtering is working on the Username (userPrincipalName) field.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Filter	List	All Fields	No	Specify the fields to be included in the results. By default, all the fields are returned.
Order By Field	List	displayName	No	Specify the field based on which the results are ordered.
Order By	List	desc	No	Specify the result order.
Advanced Filter Logic	DDL	Equal Possible values: Equal Contains	No	Specify the filter logic that should be applied. Note: Advanced filtering is working on the Username (userPrincipalName) field.
Advanced Filter Value	String	N/A	No	Specify the value that is used in the filter. If "Equal" is selected, the action tries to find the exact match among results. If "Contains" is selected, the action tries to find results that contain provided substring. If nothing is provided in this parameter, the filter is not applied. Note: Advanced filtering is working on the Username (userPrincipalName) field.

Use cases

Confirm user information: The user wants credentials on user without knowing their username. The user lists all users and identifies them through their name on the list.

Run On

GENERAL

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

[
    {
        "Group Type": "managed",
        "Id": "1212-12312-123",
        "Name": "Group Name",
        "Description": "This group is ...",
        "Created Time":"2019-10-24T19:10:18Z"
    }
]

Entity Enrichment

Enrichment Field Name	Logic - When to apply
Username	Returns if it exists in JSON result
Surname	Returns if it exists in JSON result
Name	Returns if it exists in JSON result
Job Title	Returns if it exists in JSON result
Mail	Returns if it exists in JSON result

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "List of users was fetched successfully." If errors are reported: "Some errors occurred. Please check log." If no users are returned based on provided action filter parameters: "No users were returned based on provided filter criteria." If unsuccessful: "Users list fetch was not successful."	General
Table	Users {Name, Username, id, given Name, Preferred Language, Mail, Mobile Phone, Surname, Job Title}	Entity

Result Type

Value / Description

Type

Output message*

If successful: "List of users was fetched successfully."

If errors are reported: "Some errors occurred. Please check log."

If no users are returned based on provided action filter parameters: "No users were returned based on provided filter criteria."

If unsuccessful: "Users list fetch was not successful."

General

Table

Users {Name, Username, id, given Name, Preferred Language, Mail, Mobile Phone, Surname, Job Title}

Entity

Get Manager Contact Details

Get manager contact details for the user. This action expects the User entity in the username@domain format.

Parameters

N/A

Use cases

Get manager contact details.

Run On

This action runs on the User entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

[
    {
        "EntityResult":
        {
            "displayName": "manager@example.com",
            "mobilePhone": "1212-12312-123",
            "@odata.context": "graph.microsoft.com"
        },
        "Entity": "user@example.com"
    }
]

Entity Enrichment

Manager contact details are returned if JSON is returned.

Enrichment Field Name	Logic - When to apply
Display Name	Returns if it exists in JSON result
Mobile Phone	Returns if it exists in JSON result
@odata.context	Returns if it exists in JSON result

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "User manager details were fetched successfully." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "Could not fetch user manager's details successfully."	General
Table	Manager Contact {Name, Mobile Phone}	Entity

Result Type

Value / Description

Type

Output message*

If successful: "User manager details were fetched successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Could not fetch user manager's details successfully."

General

Table

Manager Contact {Name, Mobile Phone}

Entity

Enable Account

Enable account in Microsoft Entra ID. This action expects the User entity in the username@domain format.

Parameters

N/A

Use cases

Enable a user account whose account was suspended:

List users. Confirm their ID/username.
Using the ID/username, activate user.

Run On

This action runs on the User entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

N/A

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "User account Enabled successfully." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "Enable user account was not successful."	General

Result Type

Value / Description

Type

Output message*

If successful: "User account Enabled successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Enable user account was not successful."

General

Disable Account

Disable account in Microsoft Entra ID. This action expects the User entity in the username@domain format.

Permissions required

The action requires an Microsoft Entra ID account with administrative privileges to execute.

Parameters

N/A

Use cases

Suspend an account under investigation:

List users. Find the username/ID.
Disable user account.

Run On

This action runs on the user entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

N/A

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "User account disabled successfully." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "Disable user account was not successful."	General

Result Type

Value / Description

Type

Output message*

If successful: "User account disabled successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Disable user account was not successful."

General

Force Password Update

Force password update for user so the user will have to change their password on the next login. This action expects the User entity in the username@domain format.

Prerequisites

Make sure you have assigned the Password Administrator role to your application:

Sign in to the Azure portal using your Microsoft account.
In Microsoft Entra ID, search for Roles and administrators.
Select or search for Password Administrator from the list.
Click Add Assignment.
Select member and click Next.
Enter justification and click Assign.

Parameters

N/A

Use cases

Force password Update:

A policy triggers the expiry of a user set password lifetime.
Force user password.

Run On

This action runs on the User entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

Result: HTTP 204:No content

N/A

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "Force password Update on user was successfully." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "Attempt to Force user password update was not successful."	General

Result Type

Value / Description

Type

Output message*

If successful: "Force password Update on user was successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Attempt to Force user password update was not successful."

General

Reset User Password

Change user password to the password specified in the action. The user will have to change their password on the next login. This action expects the user entity in the username@domain format.

Prerequisites

Make sure you have assigned the Password Administrator role to your application:

Sign in to the Azure portal using your Microsoft account.
In Microsoft Entra ID, search for Roles and administrators.
Select or search for Password Administrator from the list.
Click Add Assignment.
Select member and click Next.
Enter justification and click Assign.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Password	Password	N/A	Yes	User Authentication password.

Use cases

Reset password:

Get user details.
Change their password.

Run On

This action runs on the User entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

N/A

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "User password was reset successfully." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "User password reset was not successful."	General

Result Type

Value / Description

Type

Output message*

If successful: "User password was reset successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "User password reset was not successful."

General

List Groups

List Microsoft Entra ID groups based on the specified search criteria. This action is not working on entities. Additionally, filtering works on the Name field.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Order By Field	List	displayName	No	Specifies the field based on which the results are ordered.
Order by	List	ASC	No	Specifies the result order.
Filter Logic	DDL	Equal Possible values: Equal Contains	No	Specify the filter logic that should be applied. Filtering works on the Name field.
Filter Value	String	N/A	No	Specify the value that should be used in the filter. If "Equal" is selected, the action tries to find the exact match among results. If "Contains" is selected, the action tries to find results that contain the provided substring. If nothing is provided in this parameter, the filter is not applied. Filtering works on the Name field.

Use cases

Confirm groups

User wants to confirm the group existing in Microsoft Entra ID.
User lists the groups.

Run On

GENERAL

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

Group list data JSON is returned.

[
    {
        "Group Type": "managed",
        "Id": "1212-12312-123",
        "Name": "Group Name",
        "Description": "This group is ...",
        "Created Time":"2019-10-24T19:10:18Z"
    }
]

Entity Enrichment

Enrichment Field Name	Logic - When to apply
Group Type	Returns if it exists in JSON result
ID	Returns if it exists in JSON result
Name	Returns if it exists in JSON result
Description	Returns if it exists in JSON result
Created Time	Returns if it exists in JSON result

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "Groups list was fetched successfully." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "Groups list fetch was not successful."	General
Table	Groups {Name, id, Description, Mail, Created Time, Group Type}	Entity

Result Type

Value / Description

Type

Output message*

If successful: "Groups list was fetched successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Groups list fetch was not successful."

General

Table

Groups {Name, id, Description, Mail, Created Time, Group Type}

Entity

Enrich User

Enrich the User entity with information from Microsoft Entra ID. This action expects the User entity in the username@domain format.

Parameters

N/A

Use cases

Enrich user: Get information on the user.

Run On

This action runs on the User entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

User data JSON is returned.

[
    {
        "EntityResult": {
            "displayName": "Test User",
            "mobilePhone": "0001110001",
            "preferredLanguage": "English",
            "jobTitle": "Engineer",
            "userPrincipalName":"test_user@example.com"
        },
        "Entity": "test_user@example.com"
    }
]

Entity Enrichment

Enrichment Field Name	Logic - When to apply
AAD_Name	Returns if it exists in JSON result
AAD_Mobile Phone	Returns if it exists in JSON result
AAD_Preferred Language	Returns if it exists in JSON result
AAD_Job Title	Returns if it exists in JSON result
AAD_Username	Returns if it exists in JSON result

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "User details were fetched successfully:{username}." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "Users list fetch was not successful."	General
Table	User Table	Entity

Result Type

Value / Description

Type

Output message*

If successful: "User details were fetched successfully:{username}."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Users list fetch was not successful."

General

Table

User Table

Entity

Enrich Host

Enrich the Host entity with information from Microsoft Entra ID. This action finds a match for a provided Host entity based on the devices displayName field in Microsoft Entra ID.

Parameters

N/A

Use cases

Enrich host: Get information on host.

Run On

This action runs on the Host entity.

Action Results

Entity Enrichment

Enrichment Field Name	Logic - When to apply
AAD_Name	Returns if it exists in JSON result
AAD_Enabled	Returns if it exists in JSON result
AAD_Property Device ID	Returns if it exists in JSON result
AAD_OS	Returns if it exists in JSON result
AAD_Version	Returns if it exists in JSON result
AAD_Profile Type	Returns if it exists in JSON result
AAD_Compliant	Returns if it exists in JSON result
AAD_Last Sign In	Returns if it exists in JSON result

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

Host data in JSON is returned.

[
    {
        "EntityResult": {
            "deletedDateTime": "1234569",
            "complianceExpirationDateTime": "1234567",
            "profileType": "RegisteredDevice",
            "key": "007",
            "if":"889922-aaaa-123123"
        },
        "Entity": "us-lt-v13001"
    }
]

Entity Enrichment

Enrichment Field Name	Logic - When to apply
AAD_Name	Returns if it exists in JSON result
AAD_Enabled	Returns if it exists in JSON result
AAD_Property Device ID	Returns if it exists in JSON result
AAD_OS	Returns if it exists in JSON result
AAD_Version	Returns if it exists in JSON result
AAD_Profile Type	Returns if it exists in JSON result
AAD_Compliant	Returns if it exists in JSON result
AAD_Last Sign In	Returns if it exists in JSON result

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "Host details were fetched successfully:{hostname}." If errors: "Some errors occurred. Please check log." If unsuccessful: "Host details were not found."	General
Table	Host Table	Entity

Result Type

Value / Description

Type

Output message*

If successful: "Host details were fetched successfully:{hostname}."

If errors: "Some errors occurred. Please check log."

If unsuccessful: "Host details were not found."

General

Table

Host Table

Entity

Is User in Group

Check if the user has membership in a specific Microsoft Entra ID group. This action expects the User entity in the username@domain format and group ID in the 00e40000-1971-439d-80fc-d0e000001dbd format.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Group ID	String	N/A	Yes	Microsoft Entra ID group ID in the 00e40000-1971-439d-80fc-d0e000001dbd format.

Use cases

Confirm the group membership of a user:

List groups. Get the group ID.
Find if a user is in a group.

Run On

This action runs on the User entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

Group details JSON is returned. Example:

[
    {
        "EntityResult": "true",
        "Entity": "user@example.com"
    }
]

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "The following user was found in the group:{user}." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "User was not found in the group."	General

Result Type

Value / Description

Type

Output message*

If successful: "The following user was found in the group:{user}."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "User was not found in the group."

General

Add User to a Group

Add a user to a specific Microsoft Entra ID group. This action expects the User entity in the username@domain format and group ID in the 00e40000-1971-439d-80fc-d0e000001dbd format.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Group ID	String	N/A	Yes	Microsoft Entra ID group ID in the 00e40000-1971-439d-80fc-d0e000001dbd format.

Use cases

Add a new member:

Get user. Confirm user ID.
List groups. Confirm group ID to add member.
Add the member to a group using user and group ID.

Run On

This action runs on the user entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "Member {id} was added to group {id} successfully." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "Member could not be added successfully."	General

Result Type

Value / Description

Type

Output message*

If successful: "Member {id} was added to group {id} successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Member could not be added successfully."

General

Ping

Test connectivity to the Microsoft Entra ID service with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.

Use cases

Test Connectivity.

Run On

This action runs on all entities.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

Case Wall

Result Type	Value / Description	Type
Output message*	If successful: "Connection Established successfully." If errors are reported: "Some errors occurred. Please check log." If unsuccessful: "Connection could not be established successfully."	General

Result Type

Value / Description

Type

Output message*

If successful: "Connection Established successfully."

If errors are reported: "Some errors occurred. Please check log."

If unsuccessful: "Connection could not be established successfully."

General

Revoke User Session

Revoke user session. Supported entities: Username, Email Address (username that matches email regex).

Parameters

N/A

Use Cases

N/A

Run On

This action runs on the Username entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON result

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Edm.Boolean",
    "value": true
}

If the user is not found:

{
    "error": "User not found."
}

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If the 200 status code is reported for one user (is_success=true): "Successfully revoked sessions for the following users Azure AD: {entity.identifier}" If the user is not found (is_success=true): "Action wasn't able to find the following users in Azure AD: {entity.identifier}" If all users are not found (is_success=false): "None of the provided users were found in Azure AD." The action should fail and stop a playbook execution: If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "Revoke User Session". Reason: {0}''.format(error.Stacktrace)"	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If the 200 status code is reported for one user (is_success=true): "Successfully revoked sessions for the following users Azure AD: {entity.identifier}"

If the user is not found (is_success=true): "Action wasn't able to find the following users in Azure AD: {entity.identifier}"

If all users are not found (is_success=false): "None of the provided users were found in Azure AD."

The action should fail and stop a playbook execution:

If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "Revoke User Session". Reason: {0}''.format(error.Stacktrace)"

General

List User's Groups Membership

List Microsoft Entra ID groups the user is a member of.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
User Name	String (CSV)	N/A	No	Specify the username to return groups membership for. User name should be specified in the username@domain format. Parameter accepts multiple values as a comma-separated string.
Return Only Security Enabled Groups	Checkbox	Unchecked	No	If enabled, only security groups that the user is a member of are returned.
Return Detailed Groups Information	Checkbox	Unchecked	No	If enabled, detailed information on the AD groups is returned.
Filter Key	DDL	Select One Possible values: Select One Group Display Name Group Description	No	Specify the key that needs to be used to filter groups.
Filter Logic	DDL	Not Specified Possible values: Not Specified Equal Contains	No	Specify the filter logic that should be applied. Filtering logic works based on the value provided in the "Filter Key" parameter.
Filter Value	String	N/A	No	Specify the value that should be used in the filter. If "Equal" is selected, the action tries to find the exact match among results. If "Contains" is selected, the action tries to find results that contain the provided substring. If nothing is provided in this parameter, the filter will not be applied. Filtering logic works based on the value provided in the "Filter Key" parameter.
Max Records To Return	Integer	50	No	Specify the number of records to return. If nothing is provided, action will return 50 records.

Run On

This action runs on the Username entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON result

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(Edm.String)",
    "value": [
        "d25ca1b5-c61c-4f7f-8d44-24c64e05a035",
        "59a278af-e84f-48ed-acab-84b64dcee830",
        "bf4ec937-31f5-467b-a0d4-0bb71b68ecc1",
        "a8356f85-7b28-4118-a7e2-ea07cbf1ab55",
        "1f54a09d-dc84-469e-925d-db7e40391dbb",
        "192c0699-fad2-4d02-88a2-84efd6369894",
        "ee820b05-6cb4-4496-b441-b6f744358536",
        "37220e2c-ad25-4ffc-891d-f6c71dca4792",
        "c084d2c7-a7e6-47a5-921b-0c32c3ab41d1",
        "b8e1af87-3083-46d0-8e7d-6c953eced5c5"
    ]
}

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If data is available (is_success=true): "Successfully found groups for the provided criteria for the following entities: ". If the provided username is not found (is_success=false): "The following entities were not found in the Azure AD: ." If data is not available (is_success=false): "No groups were found in Azure Active Directory for the following entities: " If the "Filter Value" parameter is empty (is_success=true): "The filter was not applied, because the "Filter Value" parameter has an empty value." The action should fail and stop a playbook execution: If the "Filter Key" is set to "Select One" and the "Filter Logic" parameter is set to "Equal" or "Contains": "Error executing action "List User's Groups Membership"." Reason: you need to select a field from the "Filter Key" parameter. If the provided username is not found in Azure AD: "Error executing action "Remove User from the Group"." Reason: Provided username was not found in the Azure Active Directory. If an invalid value is provided for the "Max Records to Return" parameter: "Error executing action "List User's Groups Membership"." Reason: "Invalid value was provided for "Max Records to Return": . Positive number should be provided". If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "List User's Groups Membership"." Reason: {0}''.format(error.Stacktrace	General
Case Wall Table	Table Name: Groups Memberships Table Columns: ID Display Name Description Security Enabled Security Identifier Created DateTime Classification Visibility Mail Mail Enabled Mail Nickname	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If data is available (is_success=true): "Successfully found groups for the provided criteria for the following entities: ".

If the provided username is not found (is_success=false): "The following entities were not found in the Azure AD: ."

If data is not available (is_success=false): "No groups were found in Azure Active Directory for the following entities: "

If the "Filter Value" parameter is empty (is_success=true): "The filter was not applied, because the "Filter Value" parameter has an empty value."

The action should fail and stop a playbook execution:

If the "Filter Key" is set to "Select One" and the "Filter Logic" parameter is set to "Equal" or "Contains": "Error executing action "List User's Groups Membership"." Reason: you need to select a field from the "Filter Key" parameter.

If the provided username is not found in Azure AD: "Error executing action "Remove User from the Group"." Reason: Provided username was not found in the Azure Active Directory.

If an invalid value is provided for the "Max Records to Return" parameter: "Error executing action "List User's Groups Membership"." Reason: "Invalid value was provided for "Max Records to Return": . Positive number should be provided".

If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "List User's Groups Membership"." Reason: {0}''.format(error.Stacktrace

General

Case Wall Table

Table Name: Groups Memberships

Table Columns:

ID
Display Name
Description
Security Enabled
Security Identifier
Created DateTime Classification
Visibility
Mail
Mail Enabled
Mail Nickname

General

List Members in the Group

List members in the specified Microsoft Entra ID group.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
User Name	String (CSV)	N/A	No	Specify the username to return groups membership for. User name should be specified in the username@domain format. Parameter accepts multiple values as a comma-separated string.
Return Only Security Enabled Groups	Checkbox	Unchecked	No	If enabled, only security groups that the user is a member of is returned.
Return Detailed Groups Information	Checkbox	Unchecked	No	If enabled, detailed information on the AD groups is returned.
Filter Key	DDL	Select One Possible Values: Select One Group Display Name Group Description	No	Specify the key that needs to be used to filter groups.
Filter Logic	DDL	Not Specified Possible Values: Not Specified Equal Contains	No	Specify the filter logic that should be applied. Filtering logic works based on the value provided in the "Filter Key" parameter.
Filter Value	String	N/A	No	Specify the value that should be used in the filter. If "Equal" is selected, the action tries to find the exact match among results. If "Contains" is selected, the action tries to find results that contain the provided substring. If nothing is provided in this parameter, the filter is not applied. Filtering logic works based on the value provided in the "Filter Key" parameter.
Max Records To Return	Integer	50	No	Specify the number of records to return. If nothing is provided, action will return 50 records.
Group ID	String	N/A	No	Specify the ID of the group in which you want to list the members. If both the "Group Name" parameter and the "Group ID" parameter are provided, then the "Group ID" parameter has priority. Example of the ID: 00e40000-1971-439d-80fc-d0e000001dbd.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON result

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(Edm.String)",
    "value": [
        "d25ca1b5-c61c-4f7f-8d44-24c64e05a035",
        "59a278af-e84f-48ed-acab-84b64dcee830",
        "bf4ec937-31f5-467b-a0d4-0bb71b68ecc1",
        "a8356f85-7b28-4118-a7e2-ea07cbf1ab55",
        "1f54a09d-dc84-469e-925d-db7e40391dbb",
        "192c0699-fad2-4d02-88a2-84efd6369894",
        "ee820b05-6cb4-4496-b441-b6f744358536",
        "37220e2c-ad25-4ffc-891d-f6c71dca4792",
        "c084d2c7-a7e6-47a5-921b-0c32c3ab41d1",
        "b8e1af87-3083-46d0-8e7d-6c953eced5c5"
    ]
}

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If data is available (is_success=true): "Successfully found members for the provided criteria in Azure AD group". If data is not available (is_success=false): "No members were found for the provided criteria in Azure AD group." If the "Filter Value" parameter is empty (is_success=true): "The filter was not applied, because parameter "Filter Value" has an empty value." The action should fail and stop a playbook execution: If the provided group name is not found in Azure AD: "Error executing action "List Members in Group"." Reason: Provided group name was not found in the Azure Active Directory. If the "Filter Key" is set to "Select One" and the "Filter Logic" is set to "Equal" or "Contains": "Error executing action "List Members in Group"." Reason: you need to select a field from the "Filter Key" parameter. If an invalid value is provided for the "Max Records to Return" parameter: "Error executing action "List Members in Group"." Reason: "Invalid value was provided for "Max Records to Return": . Positive number should be provided". If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "List Users in Group"." Reason: {0}''.format(error.Stacktrace) If the "Group ID" and "Group Name" parameters are not specified: "Error executing action "Remove User from a Group". Either "Group ID" or "Group Name" needs to be provided."	General
Case Wall Table	Table Name: Available members of the group Table Columns: Id User Principal Name Display Name Surname Given Name Mail Job Title Business Phones Mobile Phone Office Location Preferred Language	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If data is available (is_success=true): "Successfully found members for the provided criteria in Azure AD group".

If data is not available (is_success=false): "No members were found for the provided criteria in Azure AD group."

If the "Filter Value" parameter is empty (is_success=true): "The filter was not applied, because parameter "Filter Value" has an empty value."

The action should fail and stop a playbook execution:

If the provided group name is not found in Azure AD: "Error executing action "List Members in Group"." Reason: Provided group name was not found in the Azure Active Directory.

If the "Filter Key" is set to "Select One" and the "Filter Logic" is set to "Equal" or "Contains": "Error executing action "List Members in Group"." Reason: you need to select a field from the "Filter Key" parameter.

If an invalid value is provided for the "Max Records to Return" parameter: "Error executing action "List Members in Group"." Reason: "Invalid value was provided for "Max Records to Return": . Positive number should be provided".

If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "List Users in Group"." Reason: {0}''.format(error.Stacktrace)

If the "Group ID" and "Group Name" parameters are not specified: "Error executing action "Remove User from a Group". Either "Group ID" or "Group Name" needs to be provided."

General

Case Wall Table

Table Name: Available members of the group

Table Columns:

Id
User Principal Name
Display Name
Surname
Given Name
Mail
Job Title
Business Phones
Mobile Phone
Office Location
Preferred Language

General

Remove User from the Group

Remove a user from the specified group.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
User Name	String (CSV)	N/A	No	Specify the username to remove from the target group. Username should be specified in the username@domain format. Parameter accepts multiple values as a comma-separated string.
Group Name	String	N/A	No	Specify the group name from which you want to remove the user.
Group ID	String	N/A	No	Specify the ID of the group from which you want to remove the user. If both the "Group Name" parameter and the "Group ID" parameter are provided, then the "Group ID" parameter will have priority. Example of the id: 00e40000-1971-439d-80fc-d0e000001dbd.

Parameter Display Name

Type

Default Value

Is Mandatory

Description

User Name

String (CSV)

N/A

Specify the username to remove from the target group.

Username should be specified in the username@domain format.

Parameter accepts multiple values as a comma-separated string.

Group Name

String

N/A

Specify the group name from which you want to remove the user.

Group ID

String

N/A

Specify the ID of the group from which you want to remove the user.

If both the "Group Name" parameter and the "Group ID" parameter are provided, then the "Group ID" parameter will have priority.

Example of the id: 00e40000-1971-439d-80fc-d0e000001dbd.

Run On

This action runs on the Username entity.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If data is available (is_success=true): "Successfully removed the following entities from the Azure AD group : ". If the 404 status code is reported (is_success=false): "The following entities were not found in the Azure AD: ." If the 404 status code is reported for all of the provided entities (is_success=false): "No usernames were removed from the Azure AD group ." The action should fail and stop a playbook execution: If the provided group name is not found in Azure AD: "Error executing action "List Members in Group"." Reason: Provided group name was not found in the Azure Active Directory. If the provided username is not found in Azure AD: Error executing action "Remove User from the Group". Reason: Provided username was not found in the Azure Active Directory. If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "List Users in Group"." Reason: {0}''.format(error.Stacktrace) If the "Group ID" and "Group Name" parameters are not specified: "Error executing action "Remove User from a Group". Either "Group ID" or "Group Name" needs to be provided."	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If data is available (is_success=true): "Successfully removed the following entities from the Azure AD group : ".

If the 404 status code is reported (is_success=false): "The following entities were not found in the Azure AD: ."

If the 404 status code is reported for all of the provided entities (is_success=false): "No usernames were removed from the Azure AD group ."

The action should fail and stop a playbook execution:

If the provided group name is not found in Azure AD: "Error executing action "List Members in Group"." Reason: Provided group name was not found in the Azure Active Directory.

If the provided username is not found in Azure AD: Error executing action "Remove User from the Group". Reason: Provided username was not found in the Azure Active Directory.

If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "List Users in Group"." Reason: {0}''.format(error.Stacktrace)

If the "Group ID" and "Group Name" parameters are not specified: "Error executing action "Remove User from a Group". Either "Group ID" or "Group Name" needs to be provided."

General