Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

invitedToGroups and invitedToApplications in Invitation API

Deleted
Not applicable

Hi,

 

This is not a question.

 

I am writing this after being in contact with the product group, so that others can find this later without bothering them again :)

 

The invitedToGroups and invitedToApplications columns from CSV are not directly implemented in the invitations API, because equivalents already exists in the graph API under other endpoints.

 

For example to add a user to a group:

https://graph.microsoft.io/en-us/docs/api-reference/v1.0/api/group_post_members

 

And to add a appRoleAssignment to a user:

https://graph.microsoft.io/en-us/docs/api-reference/beta/resources/approleassignment

 

Hope this saves someone some time :)

17 Replies
Thanks Marius! This will be very useful for those who want to invite a user and add them to a group or an app in the same script.

Great find!

 

So how are you detecting that the user has accepted the invitation?  As you can't add them to a group or application until they do.

 

I believe this is because they're not actually created in AzureAD until they complete the invitation process.

 

Thanks

Craig

When you invite using the Azure AD B2B API - the user is added right away and updated when the redemption happens.

So you can go ahead and add them to groups as soon as you invite them using our API.

Hi, I'm still actually interested in the answer to Craig's question.

 

"how are you detecting that the user has accepted the invitation?"

 

I have need to know whether a guest user has redeemed an invitation or not.  

 

If they have redeemed, further communications should not talk about invitations, etc). If they have not yet redeemed, I should be sending a "did you miss our invite? here's another..".

 

With further thought, I think this data should be interesting in both the Graph API, and the Azure Portal..

 

 

Hi Craig - we will be exposing the redemption state in the APIs in the coming months. This is already available in the Azure Portal in the "Source" property. And you can resend the invitation from the portal.

 

Resend.PNG

Hi Sarat, does the 'resend button' allow you to set the redirect URL or customize the email message? It doesn't look like it. I would guess that this resend button takes the user to the MyApps page, using the default invitation email format/messaging.

Those are big reasons why we are using the API today. "Coming Months" is a little vague. can I press you for something a tiny bit more specific? beginning of Y2017Q3 for example? :)

Hi, 

 

I believe you can actually implement this today, but in a bit of a "funky way".

 

When you send an invitation using the invitation API to a user that has already accepted the invite (you can of course set "send email" to false), the invite result will say "Accepted" (this is also true for auto redeem functionality), while if the user has not accepted the invite, it will say "Pending". 

 

Marius

When you say " the invite result will say 'Accepted' " , Are you referring to the "Status" field in the invitation response? https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/invitation_post

According to the parent page: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/invitation that property contains "The status of the invitation. Possible values: Completed, InProgress, and Error"

So you're saying that a (funky) way to detect redemption is to perform an additional invite with
sendInvitationMessage = false; and then check the Status property.

If Status = InProgress, the user is not redeemed, and I should continue to communicate to them about the value of clicking on that invite link...

If Status = Completed, the user has redeemed, and I can skip over all that extra messaging.

If it indeed works like this, yes it's funky, but an acceptable work around while we wait for 'coming months' :) (clever idea btw)

Correct. Wrote from my phone, so was difficult to find the exact parameters and values, but you have the correct ones there :)
Thanks Marius - clever idea indeed :) Would you mind starting a new thread and writing about it so everyone can learn from this pattern - rather than to look at this thread?

Chad - sorry I am not able to be more specific right now than stating that this is on our roadmap.

Hmm.. Does the Status attribute report back the redemption status at an application level(i.e the status of THAT invite) or an AAD Directory level?

Suppose I have three applications (A,B,C), and I invite the user to two of them (A,B), and he accepts the invitation to only one of them (A).

Will the status report back "Completed" for all three? or will it only be "Completed" for Application A, and "In Progress" for Application B?

I'm worried that I have to do a "fakeInvite" check against every application the user has access to, looking for at least one status of "Completed".

I think my users only have 3-4 applications, but a 'Redemption flag' for that user that covers all applications (user has redeemed at least one invitation) is what I'm really looking for.





Hi
I have exactly the same requirement as stated here. Whenever I'm sending a B2B invitation using Graph Invitation API, the invitation is sent to external user. But I need to keep track whether the external user has accepted the invite or not.

I've tried calling the API again to check the status having sendInvitationMessage = false;
But always in the response object, status is showing "Pending Acceptance". Even if the user source changed to "External Azure Active Directory" from "Invited User".

Does the api gives status as "Completed" if we call the invitation api, when user has redeemed the invite.

Thanks for your questions!

 

We will be working on exposing the invitation status through the Graph API.

 

In the meantime, we are also going to make this information available in the audit logs - so that you can write queries against the Audit APIs to get the invitation status of your B2B users.

 

Currently, the only way to reliably get that is through the presence of AltSecID for the B2B users - which is only exposed through the first party (private) APIs.

Hi Sarat,
Do you have any expected timeline by when invitation status would be available through the Graph API.
It is now October 2017. Is there an update on when or if we can use the Graph API to get the status of an invitation.

Please note that this is the main reason we continue to use the classic azure portal. (and we will continue to need the classic portal because there is no way to see remption status in the new portal).

 

When will redemption status be visible?