Automating Azure AD with Power Automate

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity service. If you’re using Azure AD, Power Automate becomes an incredibly handy tool for automating those repetitive AD admin tasks. This really shines when you’re managing Tallyfy members and their access - especially if you’ve set up Azure AD for Single Sign-On (SSO) with Tallyfy.

Introduction to Azure AD automation for Tallyfy

Want to save hours on user management? Automating Azure AD tasks with Power Automate speeds up everything Tallyfy-related: onboarding new users who need access, removing people when they leave, managing which groups get which Tallyfy roles, and pulling those compliance reports your auditors keep asking for.

Relevance to Tallyfy:

• Managing Tallyfy members: When your Tallyfy member list syncs with Azure AD groups, Power Automate handles the heavy lifting - adding and removing users automatically. No more manual updates!
• Automating Tallyfy access via SSO: Link Tallyfy SSO to specific Azure AD security groups, then let Power Automate manage who’s in those groups. It’s that simple.
• Reporting for Tallyfy compliance: Need to know who has Tallyfy access for your quarterly review? Generate reports on Azure AD group membership in seconds instead of hours.

Key Azure AD actions in Power Automate for Tallyfy integration

Here’s what Power Automate gives you for working with Azure AD and Tallyfy:

• Azure AD Connector: Your main tool for user and group operations that affect Tallyfy access. For the basics on connectors, check out understanding Power Automate basics.
  • Get user profile (V2) and Get manager (V2): Pull user details to make smart Tallyfy task assignments.
  • Create user, Update user, Delete user: Automate the entire user lifecycle - when someone joins, changes roles, or leaves.
  • Add user to group, Remove user from group: Control who gets into those Azure AD groups that grant Tallyfy access. Works like a charm.
  • List group members, List users: Perfect for those “who has access to what” reports.
• Office 365 Groups Connector: Handy if you’re using Microsoft 365 Groups to organize teams that need Tallyfy access.
• HTTP with Microsoft Graph API (Advanced): Need something the standard connectors can’t do? Like pulling custom user attributes for Tallyfy role assignments? The HTTP action with Graph API has you covered. More details in connecting Power Automate to external data.

Example: new Tallyfy member added to an Azure AD group

Scenario: You want new Tallyfy members from Sales automatically added to your “Tallyfy Users” Azure AD security group. No manual work required.

This example assumes you have a way to trigger the flow when someone new joins Tallyfy. Could be a Tallyfy webhook (if available for new member events), an HR system trigger, or - for this demo - a simple manual trigger.

1. Trigger: Manually trigger a flow (for demonstration).

   • Add input fields: User Email (Text), Job Title (Text). (In a real scenario, this data might come from Tallyfy or an HR system).

2. Action: Azure AD - “Get user (V2)”.

   • User UPN or ID: Use the User Email dynamic content from the trigger. This pulls the user’s complete Azure AD profile - you’ll need that Object ID for group management.

3. Control: “Condition”.

   • Refer to using conditional logic for details on conditions.
   • Value 1: Dynamic content Job Title from the trigger.
   • Operator: contains (or is equal to if titles are exact).
   • Value 2: Sales.

4. IF YES Branch: Action: Azure AD - “Add user to group”.

   • Group Id: The Object ID of your “Tallyfy Sales Users” Azure AD security group. (Find it in Azure portal: Azure Active Directory > Groups > select your group > copy the Object ID).
   • User Id: Use the Id (Object ID) dynamic content from the “Get user (V2)” action output.

5. Save and test the flow. See managing and monitoring flows for testing tips.

Example: reporting on Azure AD users for Tallyfy access review

Scenario: Every month, you need a CSV report of everyone in your “Tallyfy General Access” Azure AD group. Let’s automate it and email it straight to whoever needs it.

1. Trigger: Recurrence.

   • Set the Interval to 1 and Frequency to Month.
   • Configure a specific day and time.

2. Action: Azure AD - “List group members”.

   • Group Id: Drop in the Object ID of your “Tallyfy General Access” Azure AD group.

3. Action: “Create CSV table” (Data Operation).

   • Need help with data operations? See working with data operations and variables.
   • From: Use the value dynamic content from “List group members” (it’s an array of users).
   • Columns: Choose Custom.
     • Header 1: UserPrincipalName, Value 1: Select User Principal Name from the dynamic content.
     • Header 2: DisplayName, Value 2: Select Display Name from the dynamic content.

4. Action: “Send an email (V2)” (Outlook 365).

   • To: Administrator’s email address.
   • Subject: Monthly Tallyfy User Access Review Report.
   • Body: Here's the monthly report of users in the 'Tallyfy General Access' group.
   • Click Show advanced options.
   • Attachments Name - 1: TallyfyUserReport.csv.
   • Attachments Content - 1: Use the Output dynamic content from the “Create CSV table” action.

5. Save and test your flow.

Using the HTTP connector for advanced Azure AD tasks affecting Tallyfy (brief overview)

Hit a wall with the standard Azure AD connector? Maybe you need to pull specific user properties for Tallyfy role assignments. The HTTP action with Microsoft Graph API is your answer. We dive deeper into this in connecting Power Automate to external data.

Here’s what you’ll need to tackle:

1. App Registration in Azure AD: Set up an app registration with the right API permissions for Tallyfy user data.
2. Authentication Details: Keep those credentials secure in your HTTP action.
3. HTTP Action Configuration: Configure the method, URI, headers, and body for your Graph API calls.
4. Parse JSON Action: Turn that JSON response into something your flow can actually use.

Yes, it’s more complex - you’ll need to understand Azure AD app registrations and Graph API. But the flexibility? Worth it.

Tips for Tallyfy and Azure AD automation

• Permissions: Give your API permissions and service accounts only what they absolutely need. Nothing more.
• Use group IDs: Display names change, Object IDs don’t. Always use the Group Object ID in your flows.
• Testing: If regular users will run these flows, test with their permissions - not your admin account.
• User lifecycle: Hook into Azure AD lifecycle events to automatically provision and deprovision Tallyfy members. Especially powerful with SSO.

Related articles

Authentication > Integrate Azure AD SSO

Microsoft Azure Active Directory integrates with Tallyfy through SAML-based single sign-on requiring coordination with Tallyfy Support to create an enterprise application configure authentication settings and exchange metadata for automatic user provisioning and seamless authentication within 30 minutes.

Middleware > Power Automate

Microsoft Power Automate serves as an integration bridge that connects Tallyfy’s human-centric process management platform with Microsoft ecosystem applications and other business systems to automate data flows and system-to-system tasks while Tallyfy handles workflow management and process tracking.

Power Automate > Connect Tallyfy to Power Automate

Learn how to connect Tallyfy to Microsoft Power Automate using the Tallyfy connector to enable workflow automation between Tallyfy and other services.

Power Automate > Managing and monitoring power automate flows

A comprehensive guide to managing Power Automate flows through effective sharing collaboration monitoring troubleshooting and best practices for maintaining reliable Tallyfy automations in business operations.