# Microsoft Entra ID connector thinklet Configure Microsoft Entra ID connector thinklets to take specific actions in your workflow. {% hint style="info" %} Configure API credentials to connect Microsoft Graph API with the Nexthink platform. For detailed instructions, refer to the [Entra ID integration](https://docs.nexthink.com/library/entra-id-integration-for-workflows) documentation for Workflows. Refer to the [Permissions](https://learn.microsoft.com/en-gb/graph/api/user-list-memberof?view=graph-rest-1.0\&tabs=http#permissions) section in the Microsoft documentation to view the required authorizations. {% endhint %} ## Action: Get user UUID **Get user UUID** retrieves a user Universally Unique Identifier (UUID). The Microsoft Entra ID connector thinklet relies on the [Get a User](https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Username**: Active Directory username * **Outputs:** View the outputs of the connector thinklet. * **UUID** (`uuid`): User ID The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	`/users/{{adUsername}}`
Method	GET
Payload
Outputs	`UUID $.id`

## Action: Check if a user is in a group **Check if a user is in the group** verifies whether a user belongs to the Entra ID group. If the system finds the user within the group, the **Outputs** field remains empty. If the user is absent from the group or you submit an unsupported query, the **Outputs** field produces either the `Request_ResourceNotFound` or `Request_UnsupportedQuery` error accordingly. The Microsoft Entra ID connector thinklet relies on the [List a user's direct memberships](https://learn.microsoft.com/en-gb/graph/api/user-list-memberof?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Group UUID**: Active Directory group ID * **User UUID**: Entra ID user UUID * **Outputs:** View the outputs of the connector thinklet. * **Error code** (`groupPresenceErrorCode`): Error code The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	/users/{{userUuid}}//memberOf?$filter=id+eq+'{{groupUuid}}'&$select=id
Method	GET
Payload
Outputs	groupPresenceErrorCode $.error.code

## Action: Check if a device is member of a group **Check if a device is member of a group** verifes whether a device belongs to the Entra ID group. If the system finds the user within the group, the **Outputs** field remains empty. If the user is absent from the group or you submit an unsupported query, the **Outputs** field produces either the Request\_ResourceNotFound or Request\_UnsupportedQuery error accordingly. The Microsoft Entra ID connector thinklet relies on the [List device memberships](https://learn.microsoft.com/en-gb/graph/api/device-list-memberof?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Device object ID**: Device Azure ID * **Group UUID**: Active Directory group ID * **Outputs:** View the outputs of the connector thinklet. * **Error code** (`groupPresenceErrorCode`): Error code The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	/devices/{{DeviceObjectID}}//member`Of?$filter=id+eq+'{{groupUuid}}'&$select=id`
Method	GET
Payload
Outputs	`groupPresenceErrorCode $.error.code`

## Action: Add user to group **Add user to group** adds a user to the Entra ID group. The Microsoft Entra ID connector thinklet relies on the [Add members](https://learn.microsoft.com/en-gb/graph/api/group-post-members?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **User UUID**: User Azure ID * **Group UUID**: UUID of the Entra ID group to which you want to add the user * **Outputs:** View the outputs of the connector thinklet. The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	`/groups/{{groupUuid}}/members/$ref`
Method	POST
Payload
Outputs	`{ "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{{userUuid}}"}`

## Action: Remove a user from a group **Remove a user from a group** removes the user from the Entra ID group. The Microsoft Entra ID connector thinklet relies on the [Remove member](https://learn.microsoft.com/en-gb/graph/api/group-delete-members?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **User UUID**: User Azure ID * **Group UUID**: UUID of the Entra ID group from which you want the user removed * **Outputs:** View the outputs of the connector thinklet. The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	`/groups/{{groupUuid}}/members/{{userUuid}}/$ref`
Method	DELETE
Payload
Outputs

## Action: Get user manager **Get user manager** retrieves the user manager information. The Microsoft Entra ID connector thinklet relies on the [List manager](https://learn.microsoft.com/en-gb/graph/api/user-list-manager?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph. {% hint style="warning" %} Please note that this action does not support application-type permissions and requires delegated permissions.\ For more information on the required permissions and their types, please refer to the API endpoint's documentation for this connector action. {% endhint %}

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **AD user name**: Active Directory username * **Outputs:** View the outputs of the connector thinklet. * **Manager user UUID** (`ManagerUserUUID`): Manager user UUID * **Manager UPN** (**User Principal Name**) (`ManagerUPN`): Manager User Principal Name (UPN) * **Manager email address** (`ManagerEmailAddress`): Manager email address The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	`/users/{{adUsername}}/manager`
Method	GET
Payload
Outputs	`ManagerUserUUID $.id` `ManagerEmailAddress $.mail` `ManagerUPN $.userPrincipalName`

## Action: Check user license **Check user license** verifies whether a specific user has a particular license assigned in Azure. The Microsoft Entra ID connector thinklet relies on the [List licenseDetails](https://learn.microsoft.com/en-us/graph/api/user-list-licensedetails?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph. {% hint style="warning" %} Please note that this action does not support application-type permissions and requires delegated permissions.\ For more information on the required permissions and their types, please refer to the API endpoint's documentation for this connector action. {% endhint %}

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **AD user name**: Active Directory username * **Software license SKU Part Number**: skuPartNumber property of global workflow parameter [SKU Part Number](https://learn.microsoft.com/en-us/graph/api/resources/licensedetails?view=graph-rest-1.0#properties) * **Outputs:** View the outputs of the connector thinklet. * **Software license SKU part number** (`outputSkuPartNumber`): Software license SKU part number * **SKU ID** (`skuId`): SKU internal ID The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	`/users/{{adUsername}}/licenseDetails`
Method	GET
Payload
Outputs	`skuId $.value[?(@.skuPartNumber=="{{skuPartNumber}}")].skuId` `outputSkuPartNumber $.value[?(@.skuPartNumber=="{{skuPartNumber}}")].skuPartNumber`

## Action: Get user details **Get user details** retrieves user details such as job title, mobile phone number and office location. The Microsoft Entra ID connector thinklet relies on the [Get user](https://learn.microsoft.com/en-gb/graph/api/intune-mam-user-get?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **AD user name**: Active Directory username * **Outputs:** View the outputs of the connector thinklet. * **User job title** (`UserJobTitle`): User job title * **User mobile phone** (`UserMobilePhone`): User mobile phone * **User office location** (`UserOfficeLocation`): User office location The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	/users/{{adUsername}}
Method	GET
Payload
Outputs	`UserJobTitle $.jobTitle` `UserMobilePhone $.mobilePhone` `UserOfficeLocation $.officeLocation`

## Action: Get device object ID **Get device object ID** retrieves the device UUID. The Microsoft Entra ID connector thinklet relies on the [List devices](https://learn.microsoft.com/en-us/graph/api/device-list?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Device name**: Active Directory device name * **Outputs:** View the outputs of the connector thinklet. * **Device object ID** (`DeviceObjectID`): Device object ID The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	`/devices?$filter=displayName+eq+'{{DeviceName}}'`
Method	GET
Payload
Outputs	`DeviceObjectID $.value[0].id`

## Action: Add device to the group **Add device to the group** adds the device to the group. The Microsoft Entra ID connector thinklet relies on the [Add members](https://learn.microsoft.com/en-gb/graph/api/group-post-members?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Device object ID**: Entra ID device ID * **Group UUID**: UUID of the Entra ID group to which you want to add the device * **Outputs:** View the outputs of the connector thinklet. The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	`/groups/{{groupUuid}}/members/$ref`
Method	POST
Payload	`{"@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{{DeviceObjectID}}"}`
Outputs

## Action: Remove device from the group **Remove device from the group** removes the device from the group. The Microsoft Entra ID connector thinklet relies on the [Remove member](https://learn.microsoft.com/en-gb/graph/api/group-delete-members?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.

* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Device object ID**: Entra ID device ID * **Group UUID**: UUID of the Entra ID group from which you want to remove the device The table below shows the API Service connector details needed when recreating the connector:

Field	Value
Resource Path	`/groups/{{GroupUUID}}/members/{{DeviceObjectID}}/$ref`
Method	DELETE
Payload
Outputs

Refer to the [Configuring connector thinklets](/platform/user-guide/workflows/creating-workflows/configuring-connector-thinklet.md) documentation for more information about connector thinklets. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nexthink.com/platform/user-guide/workflows/creating-workflows/configuring-connector-thinklet/microsoft-entra-id-connector-thinklet.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.