Microsoft Entra ID Spoke (formerly Microsoft Azure Active Directory spoke)
Manage users, applications, groups, devices, tenants, service principals, and passwords. Apply licenses and provision users in Office 365.
Integration Hub subscription
This spoke requires an Integration Hub subscription. For more information, see Legal schedules - IntegrationHub overview.
Spoke version
Microsoft Entra ID spoke (formerly known as Microsoft Azure Active Directory spoke) v4.7.5 is the latest version.
Spoke dependencies
If you’re having trouble installing the app, ensure that these dependent plugins are installed:
- Complex Object (com.glide.cobject)
- ServiceNow IntegrationHub Runtime (com.glide.hub.integration.runtime)
- IHUB Spoke Util Pack (com.snc.ihub_spoke_util_pack)
- ServiceNow IntegrationHub Action Step - PowerShell (com.glide.hub.action_step.powershell)
- ServiceNow IntegrationHub Action Template - Data Stream (com.glide.hub.action_type.datastream)
- ServiceNow IntegrationHub Action Step - REST (com.glide.hub.action_step.rest)
- Remote Directory Sync
Spoke flows
The Microsoft Entra ID spoke provides sample flows in the draft state to demonstrate automating Microsoft Entra tasks. To customize a sample flow, copy it to a new application scope. Available sample flows include:
| Flow | Description |
|---|---|
| User Offboarding | Disables an Entra ID user account and removes the user from the Entra ID groups when a ServiceNow user record is deactivated. |
| User Onboarding | Creates and enables an Entra ID user account when a ServiceNow user record is activated. |
Spoke subflows
The Microsoft Entra ID spoke provides sample subflows in the draft state to demonstrate automating Entra tasks. To customize a sample subflow, copy it to a new application scope. Available sample subflows include:
| Subflow | Description |
|---|---|
| Add User to Group | Looks up the groups that a ServiceNow User record belongs to, and adds the associated Entra ID user account to the same Entra ID groups. |
Available sample conversational subflows
Install Now Assist for Conversational Spokes and start using the conversational ability of Integration Hub spokes. For more information, see Now Assist in Conversational Spokes.
| Conversational subflow | Description |
|---|---|
| Look up Groups - Sample | Retrieves information about the specified groups in the Entra ID. |
| Look up Group Members - Sample | Retrieves information about the specified group members in the Entra ID. |
| Look up Users - Sample | Retrieves information about users in the Entra ID. |
| Look up Direct Reports - Sample | Retrieves information about the direct reports in the Entra ID. |
| Add User to Group using Email Address - Sample | Adds the specified Entra ID user to the specified Entra ID group using the user's email address. |
| Add User to a group - Sample | Adds the specified Entra ID user to the specified Entra ID group. |
Spoke actions
The Microsoft Entra ID spoke provides actions to automate Entra tasks when events occur in ServiceNow. Available actions include:
Note:
- One of the mentioned permissions is required to call the API.
- Ensure that you are aware of these considerations:
- Select the Delegated permission if you intend to use the Authorization Code grant type while registering Entra ID as an OAuth provider.
- Select the Application permission if you intend to use the Client Credentials grant type while registering Entra ID as an OAuth provider.
| Category | Action | Description | Permissions Required (from least to most privileged) | |
|---|---|---|---|---|
| Audit Logs | Look up Sign Ins Stream | Retrieve the list of sign ins. | Delegated (work or school account) | AuditLog.Read.All, Directory.Read.All |
| Delegated (personal Microsoft account) | Not supported | |||
| Application | AuditLog.Read.All , Directory.Read.All | |||
| Group Management | Add Owner to Group | Add an owner to an existing group in Microsoft Entra ID. | Delegated (work or school account) | Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Add User to Group | Add an existing user to a group in Microsoft Entra ID. Note: Adding a user to a mail-enabled security group is not supported by the Microsoft Graph Security API. For more information, see https://learn.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0&tabs=http. |
Delegated (work or school account) | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All | |||
| Create Office 365 Group | Creates an Office 365 group that can be shared with the other members in the group. | Delegated (work or school account) | Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Group.Create, Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Look up Group Membership Stream by Directory | Retrieve the list of group membership. | Delegated (work or school account) | GroupMember.Read.All, Directory.Read.All, Group.Read.All, Group.ReadWrite.All, GroupMember.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | GroupMember.Read.All, Directory.Read.All, Group.Read.All, Group.ReadWrite.All, GroupMember.ReadWrite.All | |||
| Create Security Group | Creates a security group when you want to grant access permissions to a group of users. | Delegated (work or school account) | Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Group.Create, Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Look up Group | Returns the Group information found based on the search criteria. | Delegated (work or school account) | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Look up Group Members Stream | Retrieves the list of members of the specified group. | Application | GroupMember.Read.All, Group.Read.All, GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.Read.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Delegated (work or school account) | GroupMember.Read.All, Group.Read.All, GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.Read.All | |||
| Look up Group Membership Stream | Retrieves the list of groups for the specified user as a complex object. | Delegated (work or school account) | User.Read, GroupMember.Read.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Directory.Read.All, Directory.ReadWrite.All | |||
| Look up Group Transitive Membership Stream | Retrieves list of groups for the specified user as a complex object. | Delegated (work or school account) | Not supported. | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Groups.Read.All, User.Read.All, Sites.FullControl.All, Sites.Selected | |||
| Delete Group | Deletes the specified group from Entra ID. | Delegated (work or school account) | Group.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Group.ReadWrite.All | |||
| Add Owners to Group | Adds the specified users as owners to the specified group in the Entra ID. | Delegated (work or school account) | Group.ReadWrite.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Remove Owner from Group | Removes the owner from a group in Microsoft Entra ID. | Delegated (work or school account) | Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Remove User from Group | Removes an existing user from a group in Microsoft Entra ID. | Delegated (work or school account) | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Look up Groups Stream by Directory | Retrieves the list of groups in the directory integration. | Delegated (work or school account) | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Look up Groups Stream | Lists all the groups in an organization. | Delegated (work or school account) | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Add Users to Group |
Add existing users to a group in Microsoft Entra ID. |
Delegated (work or school account) | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All | |||
| Update Office 365 Group | Updates the specified office 365 group. | Delegated (work or school account) | Group.ReadWrite.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Group.ReadWrite.All, Directory.ReadWrite.All | |||
| License Management | Look up Subscribed SKU | Retrieves the details of the specified subscribed SKU. | Delegated (work or school account) | Organization.Read.All, Directory.Read.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Organization.Read.All, Directory.Read.All, Directory.ReadWrite.All, Organization.ReadWrite.All | |||
| Look up Subscribed SKUs | Retrieves the list of commercial subscriptions that an organization has acquired. | Delegated (work or school account) | Organization.Read.All, Directory.Read.All, Directory.ReadWrite.All, Organization.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Organization.Read.All, Directory.Read.All, Directory.ReadWrite.All, Organization.ReadWrite.All | |||
| Assign User License | Onboards an existing user in the Microsoft Entra ID to Office 365 and grant access to services. | Delegated (work or school account) | User.ReadWrite.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User.ReadWrite.All, Directory.ReadWrite.All | |||
| Remove User License | Removes a license from a user in Microsoft Entra ID. | Delegated (work or school account) | User.ReadWrite.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User.ReadWrite.All, Directory.ReadWrite.All | |||
| Application Management | Look up App Roles Assignments Stream | Retrieves the list of the app roles that have been assigned to a user. | Delegated (work or school account) | User.ReadBasic.All, Directory.Read.All, AppRoleAssignment.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported | |||
| Application | Directory.Read.All, AppRoleAssignment.ReadWrite.All | |||
| Create Application Assignment | Creates an assignment for a specified application in Microsoft Entra ID. | Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.ReadWrite.All | |||
| Delete Application Assignment | Deletes the specified application assignment in Microsoft Entra ID. | Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.ReadWrite.All | |||
| Look up Application Assignments Stream | Lists all application assignments for the specified application in Microsoft Entra ID. | Delegated (work or school account) | DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All | |||
| Revoke User Application Access | Removes an app role assignment that has been granted to a user. | Delegated (work or school account) | AppRoleAssignment.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | AppRoleAssignment.ReadWrite.All | |||
| Look up Applications Stream | Retrieves the list of applications. | Delegated (work or school account) | Application.Read.All, Application.ReadWrite.All, Directory.Read.All | |
| Delegated (personal Microsoft account) | Application.Read.All and User.Read, Application.ReadWrite.All and User.Read | |||
| Application | Application.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.Read.All | |||
| Device Management | Add Device to Group | Adds an existing device to a group in the Entra ID. | Delegated (work or school account) | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported | |||
| Application | GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All | |||
| Is Device in Group | Checks if an existing device is a member of a group in Entra ID. | Delegated (work or school account) | Device.Read.All, Directory.Read.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Device.Read.All, Device.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |||
| Add Devices to Group | Adds the specified devices to the specified group in Entra ID. | Delegated (work or school account) | Group.ReadWrite.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Look up Devices Stream | Lists all the devices in an organization or devices that satisfy the specified filter query, if any. | Delegated (work or school account) | Device.Read.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Device.Read.All, Device.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |||
| Remove Device from Group | Remove an existing device from a group in the Entra ID. | Delegated (work or school account) | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All | |||
| Organization Management | Look up Tenant | Retrieves details of the currently authenticated tenant. | Delegated (work or school account) | DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfig.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfig.ReadWrite.All | |||
| User Authentication | Revoke User SignIn Sessions | Revokes the user signin sessions so that administrators can automate invalidating all the sign in session of a specified user. | ||
| Service Principal Management | Look up App Role Assigned to Service Principal Stream | Retrieves the list of service principal assignments. | Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All | |||
| Look up Service Principals Stream | Retrieves the list of service principals. | Delegated (work or school account) | Application.Read.All, Application.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Application.Read.All, Application.ReadWrite.All, Directory.Read.All | |||
| Password Management | Reset Password | Resets the password of the Entra ID user account. Note: This spoke action resets the password of users created in Entra ID only and
does not reset the password of the federated users. |
Delegated (work or school account) | User-PasswordProfile.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User-PasswordProfile.ReadWrite.All | |||
| Look up Password Expiration | Retrieves Password expiration details for the provided user from Microsoft Entra ID. | Delegated (work or school account) | User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |||
| Change Password | Changes the password of a user in Microsoft Entra ID. Ensure that the password meets the Entra ID password requirements. | Delegated (work or school account) | User-PasswordProfile.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Not supported. | |||
| Generate Random Password | Generates the random password as per the default Entra ID password policy. Note: You must install the KMF plugin before executing this action. |
Delegated (work or school account) | None. | |
| Delegated (personal Microsoft account) | ||||
| Application | ||||
| User Management | Look up User | Retrieves a user account from Entra. | Delegated (work or school account) | User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |||
| Look up Users Stream by Directory | Retrieves the list of users from a directory. | Application | User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Delegated (work or school account) | GroupMember.Read.All, Group.Read.All, GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.Read.All | |||
| Revoke User SignIn Sessions | Invalidates all signed in sessions of a user. | Delegated (work or school account) | User.ReadWrite.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | Not supported. | |||
| Create User | Creates a user with the given details. | Delegated (work or school account) | User.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User.ReadWrite.All, Directory.ReadWrite.All | |||
| Delete User | Deletes a user from Microsoft Entra ID. | Delegated (work or school account) | Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User.ReadWrite.All | |||
| Disable User | Disables a user in Microsoft Entra ID. | Delegated (work or school account) | User.ReadWrite, User.ReadWrite.All, User.ManageIdentities.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | User.ReadWrite | |||
| Application | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |||
| Enable User | Enables a user account in the Microsoft Entra ID. | Delegated (work or school account) | User.ReadWrite, User.ReadWrite.All, User.ManageIdentities.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | User.ReadWrite | |||
| Application | User.ReadWrite.All, User.ManageIdentities.All, Directory.ReadWrite.All | |||
| Fetch Latest Delta Token for Users | Returns the latest delta token for the users. | Delegated (work or school account) | User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |||
| Is User Enabled | Checks whether the specified user account is enabled in Microsoft Entra ID. | Delegated (work or school account) | User.Read, User.ReadWrite, User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | User.Read, User.ReadWrite | |||
| Application | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |||
| Is User in Group | Checks whether the specified user account is a member of the specified group in Entra. | Delegated (work or school account) | User.ReadBasic.All, User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User.ReadBasic.All, User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All | |||
| Look up Users Stream | Lists all the users in an organization or users satisfying the specified search query, filter and next token if any. | Application | User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Delegated (work or school account) | GroupMember.Read.All, Group.Read.All, GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.Read.All | |||
| Update User | Updates user properties in Entra ID with the provided details. Note: Entra ID does not allow updating values to null. Null or empty values are discarded in Entra ID when null is passed as an
input. |
Delegated (work or school account) | User.ReadWrite, User.ReadWrite.All, User.ManageIdentities.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |
| Delegated (personal Microsoft account) | User.ReadWrite | |||
| Application | User.ReadWrite.All, User.ManageIdentities.All, Directory.ReadWrite.All | |||
| Does User owns Group | Checks if an existing user is a owner of a group in Entra ID. | Delegated (work or school account) | GroupMember.Read.All, Group.Read.All, GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.Read.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | GroupMember.Read.All, Group.Read.All, GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.Read.All | |||
| Look up Incremental Changes for Users Stream | Retrieves the list of users in Entra ID. By using Delta Token, enables you discover changes to users without having to fetch the entire set of users. | Delegated (work or school account) | User.Read, User.ReadWrite, User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |
| Delegated (personal Microsoft account) | Not supported. | |||
| Application | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | |||
Available AI agents
Install Now Assist for Integration Hub and start using the available AI agents. For more information, see Now Assist for Integration Hub.
This spoke provides standalone AI agents that mimic human-like intelligence to perform tasks in your ServiceNow instance.
- In the ServiceNow agentic system, you can create an agentic workflow that comprises of a set of large language model (LLM) instructions along with one or more standalone AI agents to execute an
objective. See Create an agentic workflow for information about adding AI agents to create agentic workflows as per your requirement and provide the required trigger.
You can also search for other available AI agents and add them to your agentic workflow. See Find AI agents for more information.
- You can create a clone of the required spoke AI agent and customize it as per your requirement. See Duplicate an AI agent for more information about creating a clone.
- See Now Assist AI agents for information about AI agents.
Available AI agents include:
| AI agent | Description |
|---|---|
| Microsoft Entra ID user management AI agent | Automates user and group management tasks in Microsoft Entra ID. The AI agent creates, enables and disables users, manages security and office groups, and performs advanced queries such as, retrieving incremental changes or direct reports. |
| Microsoft Entra ID group management AI agent | Automates user and group management tasks in Microsoft Entra ID. The AI agent retrieves group details, manages group memberships, creates security groups, and automates user provisioning into Office 365. |
| Microsoft Entra ID license management AI agent | Automates the management of users, security groups, and office groups in Microsoft Entra ID. The AI agent retrieves details about the subscribed SKUs, assigns user licenses, and remove user licenses. |
There might be AI agents installed with the Now Assist application that are not used in agentic workflows. To learn how to see all agents that are available to you, see Find AI agents.
Note:
Ensure that the user running an AI agent has the required roles and permissions to access data or perform operations on data in the table that is associated with the AI agent.
Microsoft Entra ID account requirements
The Microsoft Entra ID spoke requires creating a custom app on your Microsoft Entra account to generate OAuth 2.0 tokens. See: Create an Microsoft Entra ID application.
Connection and credential alias requirements
Integration Hub uses aliases to manage connection and credential information, and OAuth credentials. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using multiple environments. If the connection or credential information changes, you don't need to update any actions that use the connection.
This spoke uses the AzureAD alias record to authorize actions on Microsoft Entra ID.
| Connection alias | Description | Connection URL |
|---|---|---|
| AzureAD | Connection to Microsoft Entra ID. | https://graph.microsoft.com |
For information about setting up the spoke, see Set up Microsoft Entra ID spoke.