Мicrosoft Flow: Creating a Microsoft Team

Microsoft Flow [1] has become a valuable asset to businesses all around the world that are using Office 365 to work more productively, creatively and securely, regardless if their members are at the office, at a conference in another country or simply at home.

With Flow businesses can connect their Office 365 apps and services in an automated manner. No matter if you need a workflow between SharePoint and Outlook or Dropbox and Slack or even Twitter and Dynamics 365, it all can be accomplished – with Flow there are thousands of possibilities. In this way, you save valuable time by automating team notifications, file synchronization, data analysis and more.

Recently, many have asked:

But how can you create a Team by using Flow?

At this time, there is no available Action in Flow that can do that. Therefore, a Custom Connector should be used instead [2].

Creating a Custom Connector

To create the connector there is no need of any code. Instead, a wrapper for the Microsoft Graph API can be used in the form of an Open API 2.0 specification [2]. The following code is the needed json file, made available by Christian Glessner [2].

Next, several steps need to be taken, in order the connector to be ready to use [2].

  1. Register an App in the Azure Portal
    • Register a new Azure AD App in Azure Active Directory
    • Add Microsoft Graph permissions for delegated “Read and write all groups” (Group.ReadWrite.All)
    • Save the application id (Client Id) – it will be needed in the steps that follow.
    • Generate and save a key (Client Secret) – it will be needed in the steps that follow.
  2. Install the Custom Connector
    • Sign in to PowerApps Portal (https://web.powerapps.com)
    • Navigate to Custom connectors → Create custom connector → Import an OpenAPI File (see Figure 1, Figure 2)

     

    Figure 1: PowerApps – Navigate to Custom connectors
    Figure 2: PowerApps – Import an OpenAPI file
    Figure 3: PowerApps – Custom Connector Settings

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    • Enter a title for the connector e.g. “Microsoft Teams Extension CC” and choose the json file presented before
    • In General – verify the following settings:
      Scheme:  HTTPS; Host: “graph.microsoft.com”; Base URL “/” (see Figure 3).
    • In Security – choose as authentication type “OAuth 2.0” (see Figure 4)
      • Select “Generic Oauth 2” as Identity Provider
      • Client Id – paste the one that you have saved from step 1
      • Client Secret – paste the one that you have saved from step 1
      • Authorization URL – Paste “https://login.microsoftonline.com/yourtenant.onmicrosoft.com/oauth2/v2.0/authorize”
      • Token URL – Paste “https://login.microsoftonline.com/yourtenant.onmicrosoft.com/oauth2/v2.0/token”
      • Refresh URL – Paste “https://login.microsoftonline.com/yourtenant.onmicrosoft.com/oauth2/v2.0/token”
      • Scope – Paste “Group.ReadWrite.All”
      • Redirect URL – it will be automatically generated after the custom connector is saved
      • Click “Create connector”
      • Navigate back to the security tab and copy the “Redirect URL” and register the URL as an “Reply URL” in your Azure AD App within the Azure Portal
Figure 4: PowerApps – Security Settings

 

Your Custom Connector is now ready to be used!

It will be shown in Microsoft Flow with all of its options as depicted by Figure 5.

 

Figure 5: The Custom Connector in Microsoft Flow

Use your Custom Connector in Microsoft Flow

Before using your Custom Connector, you should add the following Action – “Azure AD – Create Group”. The ID of this group will be used after that as input for your Custom Connector. However, in order to use the Azure AD connector, the account needs to have the following administrator permissions [3]:

  • Group.ReadWrite.All
  • User.ReadWrite.All
  • Directory.ReadWrite.All

What is left unclear in the documentation by Microsoft is where and how actually to give those permissions. Many have been asking these questions in the forums on the topic.

Well, we at Veroo Consulting have found out that the account, used for the Flow connection, should be granted the role of an Application Administrator (see Figure 6). Further information about the available roles in Azure Active Directory can be found in the documentation, provided by Microsoft  [4].

Figure 6: Microsoft Azure Active Directory – Roles and administrators

Alternatively, if you prefer not to give all the rights of an Application Administrator to the account, a custom role can be created instead in Azure that has only the needed permissions listed above. Further information about how to create a custom role in Azure can be found in the documentation from Microsoft [5].

Another thing to consider is, if there is a restriction that was previously created so that only users that are part of an Office 365 Security Group can create groups [6]. If that is the case, the user account, listed in the corresponding flow connection, should be added to this Security Group.

When all of the needed permissions are granted, the connection between the two Actions can be made (see Figure 7).

Figure 7: Using the Custom Connector in Microsoft Flow

 

Congratulations, now you are a step forward towards an automated and productive working environment 🙂

 

References

[1] Microsoft, “Microsoft Flow – Work less, do more,” Microsoft, 2017. [Online]. Available: https://flow.microsoft.com/en-us/. [Accessed 29 11 2018].
[2] C. Glessner, “Create a Microsoft Team with Flow (Custom Connector),” leitwolf.io, 08 03 2018. [Online]. Available: https://blog.leitwolf.io/create-a-microsoft-team-with-flow-custom-connector/. [Accessed 29 11 2018].
[3] Microsoft, “Connector Reference – Azure AD,” Microsoft, [Online]. Available: https://docs.microsoft.com/en-us/connectors/azuread/#/providers/microsoft.powerapps/apis/shared_azuread/apioperations/creategroup. [Accessed 29 11 2018].
[4] Microsoft, “Microsoft Azure – Administrator role permissions in Azure Active Directory,” 26 10 2018. [Online]. Available: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles. [Accessed 29 11 2018].
[5] Microsoft, “Azure Role-based access control – Custom roles in Azure,” Microsoft, 24 09 2018. [Online]. Available: https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles. [Accessed 29 11 2018].
[6] Microsoft, “Office 365 – Manage who can create Office 365 Groups,” 26 10 2018. [Online]. Available: https://docs.microsoft.com/en-us/office365/admin/create-groups/manage-creation-of-groups?redirectSourcePath=%252fen-us%252farticle%252fManage-Office-365-Group-creation-4c46c8cb-17d0-44b5-9776-005fced8e618&view=o365-worldwide. [Accessed 29 11 2018].

 

Sonia Grozdanova

Sonia Grozdanova

Sonia Grozdanova ist unsere Spezialistin für Mobile App Development und moderene Cloud Architekturen.

One thought on “How to Create a Team by using Microsoft Flow

  • December 6, 2018 at 10:29 am
    Permalink

    Creat article, Sonia. Thank you 🙂

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php