Microsoft Entra
Microsoft Entra (formerly Azure Active Directory) provides identity and access management services including authentication, authorization, and directory services.
14 APIs
8 Features
Access ManagementAuthenticationAzure ADEntraIdentityIdentity GovernanceMicrosoftNetwork SecuritySecurityZero Trust
Core identity and access management API for user authentication, authorization, and directory management.
API for identity risk detection, investigation, and remediation.
API for managing conditional access policies and controls.
API for managing privileged access and just-in-time administration.
API for issuing and verifying decentralized identity credentials.
API for managing customer and partner identity and access management.
API for managing identity governance including access reviews, entitlement management, and lifecycle workflows to ensure the right people have the right access at the right time.
API for registering, configuring, and managing applications and service principals in Microsoft Entra ID.
API for managing user authentication methods including FIDO2 security keys, passwordless phone sign-in, Microsoft Authenticator, and MFA registration.
API for managing and securing identities for software workloads such as applications, services, scripts, and containers.
API for automating user provisioning and deprovisioning using SCIM protocol, including API-driven inbound provisioning from any system of record.
API for managing Microsoft Entra Internet Access and Microsoft Entra Private Access, providing identity-centric secure web gateway and zero-trust network access.
API endpoints for OAuth 2.0, OpenID Connect, and SAML authentication protocols enabling application integration with Microsoft Entra ID.
API for creating, securing, and monitoring AI agent identities, providing authentication, authorization, and lifecycle management for AI agents.
Identity and Access Management
Manage user identities, authentication, and authorization across cloud and hybrid environments with single sign-on.
Conditional Access
Enforce adaptive access policies based on user, device, location, and risk signals for zero trust security.
Identity Governance
Automate access reviews, entitlement management, and lifecycle workflows to ensure proper access controls.
Privileged Identity Management
Manage, control, and monitor privileged access with just-in-time and approval-based activation.
Verified ID
Issue and verify decentralized identity credentials using open standards for portable, self-sovereign identity.
External Identities
Enable secure collaboration with external partners and customers through B2B and B2C identity management.
Global Secure Access
Provide identity-centric secure web gateway and zero-trust network access for internet and private resources.
Workload Identities
Secure and manage identities for applications, services, scripts, and containers running as software workloads.
Zero Trust Implementation
Implement zero trust architecture with identity-based access controls, conditional access policies, and continuous verification.
Hybrid Identity Management
Synchronize and manage identities across on-premises Active Directory and cloud environments.
Application Single Sign-On
Enable SSO for thousands of SaaS and on-premises applications with SAML, OIDC, and password-based authentication.
Automated User Provisioning
Automate user lifecycle management with SCIM-based provisioning and deprovisioning across integrated applications.
AI Agent Identity Management
Create, secure, and monitor identities for AI agents with authentication, authorization, and lifecycle management.
Microsoft 365
Deep integration for identity and access management across all Microsoft 365 applications and services.
Azure Services
Native identity provider for Azure resources including VMs, databases, storage, and managed identities.
Active Directory
Hybrid identity synchronization with on-premises Active Directory using Azure AD Connect.
Salesforce
SAML and SCIM integration for single sign-on and automated user provisioning with Salesforce.
ServiceNow
SSO and automated provisioning integration with ServiceNow ITSM platform.
Workday
Inbound provisioning from Workday HR to automate user lifecycle management.
SAP
SSO and provisioning integration with SAP applications and S/4HANA.
Okta
Cross-platform identity federation and migration support with Okta identity provider.
aid: microsoft-entra
name: Microsoft Entra
description: >-
Microsoft Entra (formerly Azure Active Directory) provides identity and access management services including
authentication, authorization, and directory services.
url: https://raw.githubusercontent.com/api-evangelist/microsoft-entra/refs/heads/main/apis.yml
image: https://www.microsoft.com/en-us/security/content/dam/microsoft/final/security/includes/microsoft-entra-logo.svg
created: '2024-01-01'
modified: '2026-05-19'
specificationVersion: '0.19'
type: Index
access: 3rd-Party
tags:
- Access Management
- Authentication
- Azure AD
- Entra
- Identity
- Identity Governance
- Microsoft
- Network Security
- Security
- Zero Trust
apis:
- aid: microsoft-entra:graph-identity
name: Microsoft Entra ID (Azure AD) API
description: Core identity and access management API for user authentication, authorization, and directory management.
image: https://www.microsoft.com/en-us/security/content/dam/microsoft/final/security/includes/microsoft-entra-logo.svg
humanURL: https://learn.microsoft.com/en-us/graph/azuread-identity-access-management-concept-overview
baseURL: https://graph.microsoft.com/v1.0
tags:
- Authentication
- Authorization
- Directory
- Groups
- Identity
- Users
properties:
- type: OpenAPI
url: openapi/microsoft-entra-graph-identity-openapi.yml
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/identity/
- type: Authentication
url: https://learn.microsoft.com/en-us/graph/auth/
- type: SDK
url: https://learn.microsoft.com/en-us/graph/sdks/sdks-overview
- type: Pricing
url: https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing
- type: GettingStarted
url: https://learn.microsoft.com/en-us/graph/tutorial-applications-basics
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/identity-network-access-overview
- aid: microsoft-entra:id-protection
name: Microsoft Entra ID Protection API
description: API for identity risk detection, investigation, and remediation.
humanURL: https://learn.microsoft.com/en-us/graph/api/resources/identityprotection-overview
baseURL: https://graph.microsoft.com/v1.0
tags:
- Identity Protection
- Risk Detection
- Security
- Threat Protection
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/id-protection/
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/identityprotectionroot
- aid: microsoft-entra:conditional-access
name: Microsoft Entra Conditional Access API
description: API for managing conditional access policies and controls.
humanURL: https://learn.microsoft.com/en-us/graph/api/resources/conditionalaccessroot
baseURL: https://graph.microsoft.com/v1.0
tags:
- Access Control
- Conditional Access
- Policies
- Security
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/identity/conditional-access/
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/conditionalaccessroot
- aid: microsoft-entra:pim
name: Microsoft Entra Privileged Identity Management API
description: API for managing privileged access and just-in-time administration.
humanURL: https://learn.microsoft.com/en-us/graph/api/resources/privilegedidentitymanagementv3-overview
baseURL: https://graph.microsoft.com/v1.0
tags:
- Just-In-Time
- PIM
- Privileged Access
- Role Management
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/privilegedidentitymanagementv3-overview
- aid: microsoft-entra:verified-id
name: Microsoft Entra Verified ID API
description: API for issuing and verifying decentralized identity credentials.
humanURL: https://learn.microsoft.com/en-us/entra/verified-id/
baseURL: https://verifiedid.did.msidentity.com/v1.0
tags:
- Decentralized Identity
- DID
- SSI
- Verifiable Credentials
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/verified-id/verifiable-credentials-configure-tenant
- type: APIReference
url: https://learn.microsoft.com/en-us/entra/verified-id/get-started-request-api
- aid: microsoft-entra:external-id
name: Microsoft Entra External ID API
description: API for managing customer and partner identity and access management.
humanURL: https://learn.microsoft.com/en-us/entra/external-id/
baseURL: https://graph.microsoft.com/v1.0
tags:
- B2B
- B2C
- Customer Identity
- External Identities
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/external-id/external-identities-overview
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/identity-network-access-overview
- aid: microsoft-entra:id-governance
name: Microsoft Entra ID Governance API
description: >-
API for managing identity governance including access reviews, entitlement management, and lifecycle workflows to
ensure the right people have the right access at the right time.
humanURL: https://learn.microsoft.com/en-us/graph/api/resources/identitygovernance-overview
baseURL: https://graph.microsoft.com/v1.0
tags:
- Access Reviews
- Compliance
- Entitlement Management
- Identity Governance
- Lifecycle Workflows
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/id-governance/identity-governance-overview
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/identitygovernance-overview
- type: GettingStarted
url: https://learn.microsoft.com/en-us/graph/tutorial-access-package-api
- aid: microsoft-entra:application-management
name: Microsoft Entra Application Management API
description: API for registering, configuring, and managing applications and service principals in Microsoft Entra ID.
humanURL: https://learn.microsoft.com/en-us/graph/applications-concept-overview
baseURL: https://graph.microsoft.com/v1.0
tags:
- App Registration
- Applications
- Credentials
- OAuth
- Service Principals
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/graph/api/resources/applications-api-overview
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/applications-api-overview
- type: GettingStarted
url: https://learn.microsoft.com/en-us/graph/tutorial-applications-basics
- aid: microsoft-entra:authentication-methods
name: Microsoft Entra Authentication Methods API
description: >-
API for managing user authentication methods including FIDO2 security keys, passwordless phone sign-in, Microsoft
Authenticator, and MFA registration.
humanURL: https://learn.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview
baseURL: https://graph.microsoft.com/v1.0
tags:
- Authentication Methods
- FIDO2
- MFA
- Passkeys
- Passwordless
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview
- type: GettingStarted
url: https://learn.microsoft.com/en-us/graph/authenticationmethods-get-started
- aid: microsoft-entra:workload-id
name: Microsoft Entra Workload ID API
description: >-
API for managing and securing identities for software workloads such as applications, services, scripts, and
containers.
humanURL: https://learn.microsoft.com/en-us/entra/workload-id/
baseURL: https://graph.microsoft.com/v1.0
tags:
- Managed Identities
- Service Principals
- Workload Identities
- Workload Identity Federation
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/workload-id/workload-identities-overview
- aid: microsoft-entra:provisioning
name: Microsoft Entra Provisioning API
description: >-
API for automating user provisioning and deprovisioning using SCIM protocol, including API-driven inbound
provisioning from any system of record.
humanURL: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/inbound-provisioning-api-concepts
baseURL: https://graph.microsoft.com/v1.0
tags:
- Inbound Provisioning
- Provisioning
- SCIM
- Synchronization
- User Lifecycle
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/how-provisioning-works
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/synchronization-overview
- type: GettingStarted
url: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/inbound-provisioning-api-configure-app
- aid: microsoft-entra:global-secure-access
name: Microsoft Entra Global Secure Access API
description: >-
API for managing Microsoft Entra Internet Access and Microsoft Entra Private Access, providing identity-centric
secure web gateway and zero-trust network access.
humanURL: https://learn.microsoft.com/en-us/entra/global-secure-access/overview-what-is-global-secure-access
baseURL: https://graph.microsoft.com/beta
tags:
- Internet Access
- Network Security
- Private Access
- Secure Web Gateway
- Zero Trust
- ZTNA
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/global-secure-access/
- type: APIReference
url: https://learn.microsoft.com/en-us/graph/api/resources/networkaccess-global-secure-access-api-overview
- type: GettingStarted
url: https://learn.microsoft.com/en-us/graph/tutorial-entra-private-access
- aid: microsoft-entra:identity-platform
name: Microsoft Identity Platform API
description: >-
API endpoints for OAuth 2.0, OpenID Connect, and SAML authentication protocols enabling application integration
with Microsoft Entra ID.
humanURL: https://learn.microsoft.com/en-us/entra/identity-platform/
baseURL: https://login.microsoftonline.com
tags:
- Identity Platform
- OAuth 2.0
- OpenID Connect
- SAML
- Token Service
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/entra/identity-platform/
- type: APIReference
url: https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols
- aid: microsoft-entra:agent-id
name: Microsoft Entra Agent ID API
description: >-
API for creating, securing, and monitoring AI agent identities, providing authentication, authorization, and
lifecycle management for AI agents.
humanURL: https://learn.microsoft.com/en-us/graph/api/resources/agentid-platform-overview
baseURL: https://graph.microsoft.com/beta
tags:
- Agent Identity
- Agent Registry
- AI Agents
- Machine Identity
properties:
- type: Documentation
url: https://learn.microsoft.com/en-us/graph/api/resources/agentid-platform-overview
- type: GettingStarted
url: https://learn.microsoft.com/en-us/entra/agent-id/identity-platform/interactive-agent-request-user-tokens
common:
- type: PostmanWorkspace
url: https://www.postman.com/kinlaneapi/microsoft-entra/overview
- type: ArazzoWorkflows
url: arazzo/
workflows:
- url: arazzo/microsoft-entra-audit-user-memberships-workflow.yml
name: Microsoft Entra Audit User Memberships
summary: Find a user by UPN, read its profile, and list its group memberships.
- url: arazzo/microsoft-entra-create-group-with-member-workflow.yml
name: Microsoft Entra Create Group With Member
summary: Create a security group, add a member, and list its members.
- url: arazzo/microsoft-entra-create-m365-group-with-owner-member-workflow.yml
name: Microsoft Entra Create Microsoft 365 Group With Member
summary: Create a Unified M365 group, add a member, and read the group back.
- url: arazzo/microsoft-entra-decommission-application-workflow.yml
name: Microsoft Entra Decommission Application
summary: Find a service principal by appId, delete it, then delete the app.
- url: arazzo/microsoft-entra-deprovision-user-workflow.yml
name: Microsoft Entra Deprovision User
summary: Disable a user account, then delete the user from the directory.
- url: arazzo/microsoft-entra-find-and-update-application-workflow.yml
name: Microsoft Entra Find And Update Application
summary: Find an app by appId, update its display name, and read it back.
- url: arazzo/microsoft-entra-find-and-update-group-workflow.yml
name: Microsoft Entra Find And Update Group
summary: Find a group by display name, update it, and read it back.
- url: arazzo/microsoft-entra-find-and-update-user-workflow.yml
name: Microsoft Entra Find And Update User
summary: Find a user by UPN, update its profile, and read the result.
- url: arazzo/microsoft-entra-grant-app-role-assignment-workflow.yml
name: Microsoft Entra Grant App Role Assignment
summary: Grant an app role to a service principal then list its assignments.
- url: arazzo/microsoft-entra-offboard-user-from-group-workflow.yml
name: Microsoft Entra Offboard User From Group
summary: Find a user by UPN, remove it from a group, and verify removal.
- url: arazzo/microsoft-entra-onboard-user-to-group-workflow.yml
name: Microsoft Entra Onboard User To Group
summary: Create a user, add it to an existing group, and confirm membership.
- url: arazzo/microsoft-entra-provision-user-workflow.yml
name: Microsoft Entra Provision User
summary: Create a new Entra ID user and read back the provisioned account.
- url: arazzo/microsoft-entra-register-app-with-service-principal-workflow.yml
name: Microsoft Entra Register Application With Service Principal
summary: Create an app registration then instantiate its service principal.
- url: arazzo/microsoft-entra-rotate-application-secret-workflow.yml
name: Microsoft Entra Rotate Application Secret
summary: Add a fresh client secret to an app, then remove the old one.
- type: Portal
url: https://entra.microsoft.com/
- type: GettingStarted
url: https://learn.microsoft.com/en-us/entra/fundamentals/
- type: Blog
url: https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/bg-p/Identity
- type: Support
url: https://learn.microsoft.com/en-us/entra/fundamentals/how-to-get-support
- type: StatusPage
url: https://status.azure.com/
- type: TermsOfService
url: https://www.microsoft.com/licensing/terms/
- type: PrivacyPolicy
url: https://privacy.microsoft.com/
- type: ChangeLog
url: https://learn.microsoft.com/en-us/entra/fundamentals/whats-new
- type: SDK
url: https://learn.microsoft.com/en-us/graph/sdks/sdks-overview
- type: GitHubOrganization
url: https://github.com/microsoftgraph
- type: Authentication
url: https://learn.microsoft.com/en-us/graph/auth/
- type: Pricing
url: https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing
- type: JSONLD
url: json-ld/microsoft-entra-context.jsonld
- type: JSONSchema
url: json-schema/microsoft-entra-user-schema.json
- type: JSONSchema
url: json-schema/microsoft-entra-application-schema.json
- type: Features
data:
- name: Identity and Access Management
description: >-
Manage user identities, authentication, and authorization across cloud and hybrid environments with single
sign-on.
- name: Conditional Access
description: Enforce adaptive access policies based on user, device, location, and risk signals for zero trust security.
- name: Identity Governance
description: Automate access reviews, entitlement management, and lifecycle workflows to ensure proper access controls.
- name: Privileged Identity Management
description: Manage, control, and monitor privileged access with just-in-time and approval-based activation.
- name: Verified ID
description: >-
Issue and verify decentralized identity credentials using open standards for portable, self-sovereign
identity.
- name: External Identities
description: Enable secure collaboration with external partners and customers through B2B and B2C identity management.
- name: Global Secure Access
description: Provide identity-centric secure web gateway and zero-trust network access for internet and private resources.
- name: Workload Identities
description: >-
Secure and manage identities for applications, services, scripts, and containers running as software
workloads.
- type: UseCases
data:
- name: Zero Trust Implementation
description: >-
Implement zero trust architecture with identity-based access controls, conditional access policies, and
continuous verification.
- name: Hybrid Identity Management
description: Synchronize and manage identities across on-premises Active Directory and cloud environments.
- name: Application Single Sign-On
description: >-
Enable SSO for thousands of SaaS and on-premises applications with SAML, OIDC, and password-based
authentication.
- name: Automated User Provisioning
description: >-
Automate user lifecycle management with SCIM-based provisioning and deprovisioning across integrated
applications.
- name: AI Agent Identity Management
description: >-
Create, secure, and monitor identities for AI agents with authentication, authorization, and lifecycle
management.
- type: Integrations
data:
- name: Microsoft 365
description: Deep integration for identity and access management across all Microsoft 365 applications and services.
- name: Azure Services
description: Native identity provider for Azure resources including VMs, databases, storage, and managed identities.
- name: Active Directory
description: Hybrid identity synchronization with on-premises Active Directory using Azure AD Connect.
- name: Salesforce
description: SAML and SCIM integration for single sign-on and automated user provisioning with Salesforce.
- name: ServiceNow
description: SSO and automated provisioning integration with ServiceNow ITSM platform.
- name: Workday
description: Inbound provisioning from Workday HR to automate user lifecycle management.
- name: SAP
description: SSO and provisioning integration with SAP applications and S/4HANA.
- name: Okta
description: Cross-platform identity federation and migration support with Okta identity provider.
maintainers:
- FN: Kin Lane
email: [email protected]
url: https://apievangelist.com/