Users and groups (MS Graph API)
You can use the MS Graph API connector to list, create, update, and delete users and groups.
List user entries
This command retrieves a list of users in your Azure tenant. You can also use any system-enabled filter, such as those described in Construct Queries:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request GET \
"http://localhost:8080/openidm/system/azuread/user?_queryId=query-all-ids"
{
"result": [
{
"_id": "c48be8cc-5846-4059-95e8-a7acbf6aec31"
},
{
"_id": "c7fe57e2-3159-45e1-b67a-435232fd88d9"
},
{
"_id": "9e714b5c-345a-430c-93f5-d8c6f9a2f225"
},
...
],
...
}
Return a user entry
This command retrieves a specific user entry from your Azure tenant:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request GET \
"http://localhost:8080/openidm/system/azuread/user/c48be8cc-5846-4059-95e8-a7acbf6aec31"
{
"_id": "c48be8cc-5846-4059-95e8-a7acbf6aec31",
"surname": "Jensen",
"displayName": "Babs Jensen",
"memberOf": [
"036f288c-6f71-41ae-9d09-6a68c8ba315b"
],
"mail": "babs.jensen@example.onmicrosoft.com",
"onPremisesExtensionAttributes": {
...
},
"usageLocation": "FR",
"userType": "Member",
"identities": [
{
"signInType": "userPrincipalName",
"issuerAssignedId": "00991235@example.onmicrosoft.com",
"issuer": "example.onmicrosoft.com"
}
],
"businessPhones": [],
"createdDateTime": "2020-11-20T11:09:15Z",
"accountEnabled": true,
"userPrincipalName": "00991235@example.onmicrosoft.com",
"proxyAddresses": [
"smtp:00991235@example.onmicrosoft.com",
"SMTP:babs.jensen@example.onmicrosoft.com"
],
"imAddresses": [],
"passwordPolicies": "None",
"mailNickname": "00991235",
"givenName": "Babs",
"__NAME__": "00991235@example.onmicrosoft.com"
}
Create users or groups
This command creates a new user in your Azure tenant:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
--header "content-type: application/json" \
--data '{
"surname": "Carter",
"displayName": "Steve Carter",
"givenName": "Steve",
"userType": "Member",
"accountEnabled": true,
"mailNickname": "00654321",
"userPrincipalName": "00654321@forgedemo.onmicrosoft.com",
"__PASSWORD__": "MyPassw0rd"
}' \
"http://localhost:8080/openidm/system/azuread/user?_action=create"
{
"_id": "9fa6c765-0872-45f6-8714-1dcd1ed94859",
"surname": "Carter",
"displayName": "Steve Carter",
"memberOf": [],
"onPremisesExtensionAttributes": {
"extensionAttribute14": null,
...
},
"userType": "Member",
"identities": [
{
"signInType": "userPrincipalName",
"issuerAssignedId": "00654321@example.onmicrosoft.com",
"issuer": "example.onmicrosoft.com"
}
],
"businessPhones": [],
"createdDateTime": "2020-12-18T13:23:58Z",
"accountEnabled": true,
"userPrincipalName": "00654321@example.onmicrosoft.com",
"proxyAddresses": [],
"imAddresses": [],
"mailNickname": "00654321",
"givenName": "Steve",
"__NAME__": "00654321@example.onmicrosoft.com"
}
Update entries
This command changes the password for the user created previously:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request PATCH \
--header "content-type: application/json" \
--data '[ {
"operation": "replace",
"field": "__PASSWORD__",
"value": "MyNewPassw0rd"
} ]' \
"http://localhost:8080/openidm/system/azuread/user/9fa6c765-0872-45f6-8714-1dcd1ed94859"
{
"_id": "9fa6c765-0872-45f6-8714-1dcd1ed94859",
"surname": "Carter",
"displayName": "Steve Carter",
"memberOf": [],
"onPremisesExtensionAttributes": {
"extensionAttribute14": null,
...
},
"userType": "Member",
"identities": [
{
"signInType": "userPrincipalName",
"issuerAssignedId": "00654321@forgedemo.onmicrosoft.com",
"issuer": "forgedemo.onmicrosoft.com"
}
],
"businessPhones": [],
"createdDateTime": "2020-12-18T13:23:58Z",
"accountEnabled": true,
"userPrincipalName": "00654321@forgedemo.onmicrosoft.com",
"proxyAddresses": [],
"imAddresses": [],
"mailNickname": "00654321",
"givenName": "Steve",
"__NAME__": "00654321@forgedemo.onmicrosoft.com"
}
Custom user extension attributes
If you’ve configured extensionPropertySourceAppIds, the connector exposes custom extension attributes on user objects, prefixed with ext_. Learn more about Custom user extension attributes.
Because custom extension attributes aren’t returned by default, request them explicitly in the _fields parameter.
Read a user with extension attributes
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request GET \
"http://localhost:8080/openidm/system/azuread/user/1345d689-997b-4c73-9e99-2698c55457e0?_fields=__NAME__,ext_Department_str,ext_Department_int,ext_Department_bool,ext_Department_date"
{
"_id": "1345d689-997b-4c73-9e99-2698c55457e0",
"__NAME__": "bjensen@example.onmicrosoft.com",
"ext_Department_str": "Engineering",
"ext_Department_int": 42,
"ext_Department_bool": true,
"ext_Department_date": "2026-01-01T00:00:00Z"
}
Query users by extension attribute
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request GET \
"http://localhost:8080/openidm/system/azuread/user?_queryFilter=ext_Department_str+eq+%22Engineering%22&_fields=__NAME__,ext_Department_str,ext_Department_int"
{
"result": [
{
"_id": "1345d689-997b-4c73-9e99-2698c55457e0",
"__NAME__": "bjensen@example.onmicrosoft.com",
"ext_Department_str": "Engineering",
"ext_Department_int": 42
},
...
],
...
}
Update extension attributes on a user
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request PATCH \
--header "content-type: application/json" \
--data '[ {
"operation": "replace",
"field": "ext_Department_str",
"value": "Product"
},
{
"operation": "replace",
"field": "ext_Department_int",
"value": 99
} ]' \
"http://localhost:8080/openidm/system/azuread/user/1345d689-997b-4c73-9e99-2698c55457e0?_fields=ext_Department_str,ext_Department_int"
{
"_id": "1345d689-997b-4c73-9e99-2698c55457e0",
"ext_Department_str": "Product",
"ext_Department_int": 99
}
Delete users and groups
This command deletes a user:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request DELETE \
"http://localhost:8080/openidm/system/azuread/user/9fa6c765-0872-45f6-8714-1dcd1ed94859"
{
"_id": "9fa6c765-0872-45f6-8714-1dcd1ed94859",
"surname": "Carter",
"displayName": "Steve Carter",
"memberOf": [],
"onPremisesExtensionAttributes": {
"extensionAttribute14": null,
...
},
"userType": "Member",
"identities": [
{
"signInType": "userPrincipalName",
"issuerAssignedId": "00654321@forgedemo.onmicrosoft.com",
"issuer": "forgedemo.onmicrosoft.com"
}
],
"businessPhones": [],
"createdDateTime": "2020-12-18T13:23:58Z",
"accountEnabled": true,
"userPrincipalName": "00654321@forgedemo.onmicrosoft.com",
"proxyAddresses": [],
"imAddresses": [],
"mailNickname": "00654321",
"givenName": "Steve",
"__NAME__": "00654321@forgedemo.onmicrosoft.com"
}