FlowRunner
Pricing
Theme

Microsoft Entra ID

Identity & Security

Connect AI agents to Microsoft Entra ID (formerly Azure Active Directory). Agents create and manage users and groups, control membership and ownership, invite external guests, and audit directory roles, applications, and service principals.

23 actions available
A new-hire record starts an onboarding flow
Agent reads the hire's name, department, and required group set
Create User with an initial password in the tenant
Add Group Member for each group the role requires
Agent confirms membership and reads back the user's group list
The team channel announces the new hire
An admin confirms membership in a privileged group before the agent adds it

What This Integration Enables

Agents automate employee onboarding by creating a user, setting an initial password, and adding them to the right groups, offboard departing employees by revoking their sign-in sessions and deleting or updating their accounts, sync group membership and ownership from an HR system or spreadsheet, invite external partners as B2B guest users, and audit directory roles, group members, applications, and service principals. Microsoft Graph returns large collections in pages, so list operations pass an @odata.nextLink to retrieve the next page, and the group membership reference operations take a user object ID rather than a principal name. The connector covers the user, group, directory-role, invitation, and application surface of the directory; the surrounding flow decides which membership changes run automatically and where an admin signs off on a privileged assignment or an account deletion.

Without FlowRunner

Manual onboarding Creating a user and adding groups is done by hand per ticket, and details vary
Incomplete offboarding A departing user's sessions are not always revoked, leaving access open
Role audits on demand Directory roles and group members are only reviewed when compliance asks

With FlowRunner

Repeatable onboarding Create User and Add Group Member run identically for every hire, with a record
Clean offboarding Revoke Sign-In Sessions and account changes run as ordered offboarding steps
Scheduled audits Group members, roles, applications, and service principals are enumerated on a routine

Use Case Scenarios

New-hire onboarding across the Microsoft stack

A new-hire record starts the flow. The agent calls Create User with an initial password, then Add Group Member for each group the role requires, and announces the hire in the team's channel. Every hire gets the same baseline access set up the same way, so the directory stays consistent and the team knows who joined without an admin narrating it.

Guest invitation with a personalized welcome

When a partner needs tenant access, the agent calls Invite Guest User to bring them in as a B2B guest, then sends a personalized welcome with next steps through [Outlook](/integrations/outlook). The external collaborator is provisioned and oriented in one flow rather than through a chain of manual emails.

Directory access audit

On a routine, the agent enumerates group members, directory role assignments, applications, and service principals, then compiles the results into an access-review record. Unexpected members of a privileged group, or an application with more reach than expected, surface as exceptions for review rather than waiting for the next compliance cycle.

Human-in-Loop Highlight

Adding someone to a privileged group, or deleting an account, are the directory decisions that should pause for a person. The agent handles the routine assembly on its own: it creates the user, sets the initial password, and stages the standard group memberships the role clearly needs. When the onboarding calls for a privileged group (an admin role or a group with broad access), it pauses before Add Group Member and asks the admin through their channel: "Onboarding [user] requests membership in [privileged group], which grants [scope]. Approve, assign a lower-privilege group, or deny?" The admin decides. The agent does the provisioning; the person owns the privileged grant.

Agent processes routinely
Detects exception requiring judgment
Clear match Continues automatically
Ambiguous Routes to human via preferred channel
Human decides
Agent resumes with decision

Agent Capabilities

16 actions

Users

6
  • Create User Creates a user and sets an initial password during onboarding.
  • Update User Updates a user's attributes.
  • Delete User Deletes a user account during offboarding. The typical human-gated step.
  • Reset User Password Resets a user's password.
  • Revoke Sign-In Sessions Revokes a user's active sign-in sessions in response to an offboarding or security event.
  • List User's Groups Lists the groups a user belongs to.

Groups

5
  • Create Group Creates a directory group.
  • Add Group Member Adds a member to a group by object ID. Privileged-group additions are typically human-gated.
  • Remove Group Member Removes a member from a group by object ID.
  • Add Group Owner Adds an owner to a group by object ID.
  • List Group Members Lists the members of a group for an audit.

Directory Roles and Invitations

3
  • List Directory Roles Lists the directory roles in the tenant.
  • List Directory Role Members Lists the members assigned to a directory role for an audit.
  • Invite Guest User Invites an external partner as a B2B guest user.

Applications

2
  • List Applications Lists the tenant's application registrations.
  • List Service Principals Lists the tenant's service principals for a posture review.

Start building with Microsoft Entra ID

$100 in credits. No card required. Connect in minutes.