# Microsoft Entra ID connector thinklet Configure Microsoft Entra ID connector thinklets to take specific actions in your workflow. {% hint style="info" %} Configure API credentials to connect Microsoft Graph API with the Nexthink platform. For detailed instructions, refer to the [Entra ID integration](https://docs.nexthink.com/library/entra-id-integration-for-workflows) documentation for Workflows. Refer to the [Permissions](https://learn.microsoft.com/en-gb/graph/api/user-list-memberof?view=graph-rest-1.0\&tabs=http#permissions) section in the Microsoft documentation to view the required authorizations. {% endhint %} ## Action: Get user UUID **Get user UUID** retrieves a user Universally Unique Identifier (UUID). The Microsoft Entra ID connector thinklet relies on the [Get a User](https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.
image-20240531-134603.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Username**: Active Directory username * **Outputs:** View the outputs of the connector thinklet. * **UUID** (`uuid`): User ID The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/users/{{adUsername}}
MethodGET
Payload
OutputsUUID $.id
## Action: Check if a user is in a group **Check if a user is in the group** verifies whether a user belongs to the Entra ID group. If the system finds the user within the group, the **Outputs** field remains empty. If the user is absent from the group or you submit an unsupported query, the **Outputs** field produces either the `Request_ResourceNotFound` or `Request_UnsupportedQuery` error accordingly. The Microsoft Entra ID connector thinklet relies on the [List a user's direct memberships](https://learn.microsoft.com/en-gb/graph/api/user-list-memberof?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.
image-20240531-140301.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Group UUID**: Active Directory group ID * **User UUID**: Entra ID user UUID * **Outputs:** View the outputs of the connector thinklet. * **Error code** (`groupPresenceErrorCode`): Error code The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/users/{{userUuid}}//memberOf?$filter=id+eq+'{{groupUuid}}'&$select=id
MethodGET
Payload
OutputsgroupPresenceErrorCode $.error.code
## Action: Check if a device is member of a group **Check if a device is member of a group** verifes whether a device belongs to the Entra ID group. If the system finds the user within the group, the **Outputs** field remains empty. If the user is absent from the group or you submit an unsupported query, the **Outputs** field produces either the Request\_ResourceNotFound or Request\_UnsupportedQuery error accordingly. The Microsoft Entra ID connector thinklet relies on the [List device memberships](https://learn.microsoft.com/en-gb/graph/api/device-list-memberof?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.
image-20240531-142406.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Device object ID**: Device Azure ID * **Group UUID**: Active Directory group ID * **Outputs:** View the outputs of the connector thinklet. * **Error code** (`groupPresenceErrorCode`): Error code The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/devices/{{DeviceObjectID}}//memberOf?$filter=id+eq+'{{groupUuid}}'&$select=id
MethodGET
Payload
OutputsgroupPresenceErrorCode $.error.code
## Action: Add user to group **Add user to group** adds a user to the Entra ID group. The Microsoft Entra ID connector thinklet relies on the [Add members](https://learn.microsoft.com/en-gb/graph/api/group-post-members?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.
image-20240531-144444.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **User UUID**: User Azure ID * **Group UUID**: UUID of the Entra ID group to which you want to add the user * **Outputs:** View the outputs of the connector thinklet. The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/groups/{{groupUuid}}/members/$ref
MethodPOST
Payload
Outputs{ "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{{userUuid}}"}
## Action: Remove a user from a group **Remove a user from a group** removes the user from the Entra ID group. The Microsoft Entra ID connector thinklet relies on the [Remove member](https://learn.microsoft.com/en-gb/graph/api/group-delete-members?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.
image-20240531-145251.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **User UUID**: User Azure ID * **Group UUID**: UUID of the Entra ID group from which you want the user removed * **Outputs:** View the outputs of the connector thinklet. The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/groups/{{groupUuid}}/members/{{userUuid}}/$ref
MethodDELETE
Payload
Outputs
## Action: Get user manager **Get user manager** retrieves the user manager information. The Microsoft Entra ID connector thinklet relies on the [List manager](https://learn.microsoft.com/en-gb/graph/api/user-list-manager?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph. {% hint style="warning" %} Please note that this action does not support application-type permissions and requires delegated permissions.\ For more information on the required permissions and their types, please refer to the API endpoint's documentation for this connector action. {% endhint %}
image-20240531-145852.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **AD user name**: Active Directory username * **Outputs:** View the outputs of the connector thinklet. * **Manager user UUID** (`ManagerUserUUID`): Manager user UUID * **Manager UPN** (**User Principal Name**) (`ManagerUPN`): Manager User Principal Name (UPN) * **Manager email address** (`ManagerEmailAddress`): Manager email address The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/users/{{adUsername}}/manager
MethodGET
Payload
Outputs

ManagerUserUUID $.id

ManagerEmailAddress $.mail

ManagerUPN $.userPrincipalName

## Action: Check user license **Check user license** verifies whether a specific user has a particular license assigned in Azure. The Microsoft Entra ID connector thinklet relies on the [List licenseDetails](https://learn.microsoft.com/en-us/graph/api/user-list-licensedetails?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph. {% hint style="warning" %} Please note that this action does not support application-type permissions and requires delegated permissions.\ For more information on the required permissions and their types, please refer to the API endpoint's documentation for this connector action. {% endhint %}
image-20240320-082519.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **AD user name**: Active Directory username * **Software license SKU Part Number**: skuPartNumber property of global workflow parameter [SKU Part Number](https://learn.microsoft.com/en-us/graph/api/resources/licensedetails?view=graph-rest-1.0#properties) * **Outputs:** View the outputs of the connector thinklet. * **Software license SKU part number** (`outputSkuPartNumber`): Software license SKU part number * **SKU ID** (`skuId`): SKU internal ID The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/users/{{adUsername}}/licenseDetails
MethodGET
Payload
Outputs

skuId $.value[?(@.skuPartNumber=="{{skuPartNumber}}")].skuId

outputSkuPartNumber $.value[?(@.skuPartNumber=="{{skuPartNumber}}")].skuPartNumber

## Action: Get user details **Get user details** retrieves user details such as job title, mobile phone number and office location. The Microsoft Entra ID connector thinklet relies on the [Get user](https://learn.microsoft.com/en-gb/graph/api/intune-mam-user-get?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.
image-20240531-151328.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **AD user name**: Active Directory username * **Outputs:** View the outputs of the connector thinklet. * **User job title** (`UserJobTitle`): User job title * **User mobile phone** (`UserMobilePhone`): User mobile phone * **User office location** (`UserOfficeLocation`): User office location The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/users/{{adUsername}}
MethodGET
Payload
Outputs

UserJobTitle $.jobTitle

UserMobilePhone $.mobilePhone

UserOfficeLocation $.officeLocation

## Action: Get device object ID **Get device object ID** retrieves the device UUID. The Microsoft Entra ID connector thinklet relies on the [List devices](https://learn.microsoft.com/en-us/graph/api/device-list?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.
image-20240531-152149.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Device name**: Active Directory device name * **Outputs:** View the outputs of the connector thinklet. * **Device object ID** (`DeviceObjectID`): Device object ID The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/devices?$filter=displayName+eq+'{{DeviceName}}'
MethodGET
Payload
OutputsDeviceObjectID $.value[0].id
## Action: Add device to the group **Add device to the group** adds the device to the group. The Microsoft Entra ID connector thinklet relies on the [Add members](https://learn.microsoft.com/en-gb/graph/api/group-post-members?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.
image-20240604-105948.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Device object ID**: Entra ID device ID * **Group UUID**: UUID of the Entra ID group to which you want to add the device * **Outputs:** View the outputs of the connector thinklet. The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/groups/{{groupUuid}}/members/$ref
MethodPOST
Payload{"@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{{DeviceObjectID}}"}
Outputs
## Action: Remove device from the group **Remove device from the group** removes the device from the group. The Microsoft Entra ID connector thinklet relies on the [Remove member](https://learn.microsoft.com/en-gb/graph/api/group-delete-members?view=graph-rest-1.0\&tabs=http) API endpoint provided by Microsoft Graph.
image-20240604-110920.png
* **Parameters:** Configure the data used as parameters for this action. Hover over the tooltip icon for more information on how the parameter is mapped and what data is required. * **Device object ID**: Entra ID device ID * **Group UUID**: UUID of the Entra ID group from which you want to remove the device The table below shows the API Service connector details needed when recreating the connector:
FieldValue
Resource Path/groups/{{GroupUUID}}/members/{{DeviceObjectID}}/$ref
MethodDELETE
Payload
Outputs
Refer to the [Configuring connector thinklets](https://docs.nexthink.com/platform/user-guide/workflows/creating-workflows/configuring-connector-thinklet) documentation for more information about connector thinklets.