Azure AD with external accounts and Microsoft Graph API

0
votes

We are setting up Microsoft Azure Active Directory as an SSO solution for our mobile app but want to manage the account creation for users via the server side Microsoft Graph API.

For internal users of the domain, this works perfectly as we are using the Graph API as an admin user to create the accounts.

But, when trying to create an external account, (say [email protected]), this fails.

We are using the API call:

POST https://graph.microsoft.com/v1.0/users

BODY:

{
  "accountEnabled": true,
  "mailNickname": "joe.bloggs",
  "displayName": "Joe Bloggs",
  "givenName": "Joe",
  "surname": "Bloggs",
  "userPrincipalName": "[email protected]",
  "passwordProfile" : {
    "forceChangePasswordNextSignIn": false,
    "password": "somepassword"
  }
}

RESPONSE:

{
    "error": {
        "code": "Request_BadRequest",
        "message": "Property userPrincipalName is invalid.",
        "innerError": {
            "request-id": "619450ec-e703-4a12-86e3-8f53c20d55fc",
            "date": "2018-01-17T16:30:37"
        },
        "details": [
            {
                "target": "userPrincipalName",
                "code": "InvalidValue"
            }
        ]
    }
}

It is saying the "userPrincipalName" is invalid, but after reviewing the documentation I'm not sure if the API supports external accounts or not?

NOTE: I realise you can use the "/beta/invitations" call but this does not create accounts.

1
azureazure-active-directorymicrosoft-graph-apiazure-ad-graph-api
Well.. for one thing you must create the user with userType: Guest. - juunas
That Microsoft Graph API is just for creating users with work or school accounts (Internal members), NOT for guest users. - Wayne Yang

1 Answers

3
votes

I assume that you'r using Azure AD B2B and want to add new guest users to your Directory.

One thing I want to make clear is that you can invite guest users to your Directory , but you cannot create guest users directly in your Directory.

So, you can invite guest users with this Microsoft Graph API:

Request

POST https://graph.microsoft.com/beta/invitations
Content-type: application/json
Content-length: 551

{
  "invitedUserEmailAddress": "[email protected]",
  "inviteRedirectUrl": "https://myapp.com"
}

Response

HTTP/1.1 201 OK
Content-type: application/json
Content-length: 551

{
  "id": "7b92124c-9fa9-406f-8b8e-225df8376ba9",
  "inviteRedeemUrl": "https://invitations.microsoft.com/redeem/?tenant=04dcc6ab-388a-4559-b527-fbec656300ea&user=7b92124c-9fa9-406f-8b8e-225df8376ba9&ticket=VV9dmiExBsfRIVNFjb9ITj9VXAd07Ypv4gTg%2f8PiuJs%3d&lc=1033&ver=2.0",
  "invitedUserDisplayName": "yyy",
  "invitedUserEmailAddress": "[email protected]",
  "sendInvitationMessage": false,
  "invitedUserMessageInfo": {
     "messageLanguage": null,
     "ccRecipients": [
          {
             "emailAddress": {
                 "name": null,
                 "address": null
              }
          }
     ],
     "customizedMessageBody": null
  },
  "inviteRedirectUrl": "https://myapp.com/",
  "status": "Completed",
  "invitedUser":  [ {  "id": "243b1de4-ad9f-421c-a933-d55305fb165d" } ]
}

Additional, if you want to invite guest users without an invitation, please refer to this document.

Hope this helps!