Add External User to a Office 365 Group Programmatically

The MSGraph Invitation Manager

Quick overview of Invitation Resource Type, for full information and details please go to Microsoft Graph API Reference.

The resource type has the following definition:

Methods

MethodReturn TypeDescription
Create invitationinvitationWrite properties and relationships of invitation object.

Properties

PropertyTypeDescription
invitedUserDisplayNameStringThe display name of the user being invited.
invitedUserEmailAddressStringThe email address of the user being invited. Required.
invitedUserMessageInfoinvitedUserMessageInfoAdditional configuration for the message being sent to the invited user, including customizing message text, language and cc recipient list.
sendInvitationMessageBooleanIndicates whether an email should be sent to the user being invited or not. The default is false.
inviteRedirectUrlStringThe URL user should be redirected to once the invitation is redeemed. Required.
inviteRedeemUrlStringThe URL user can use to redeem his invitation. Read-Only
invitedUserTypeStringThe userType of the user being invited. By default, this is Guest. You can invite as Member if you’re are company administrator.
statusStringThe status of the invitation. Possible values: PendingAcceptance, Completed, InProgress, and Error

Create an Invitation

To create a external user we have to do a POST to https://graph.microsoft.com/beta/invitations, I use here the beta version of the API but it is available in version 1 too, in the request body we have to specify the following parameters :

Required Parameters:

  • invitedUserEmailAddress
  • inviteRedirectUrl

Optional Parameters:

  • invitedUserDisplayName
  • sendInvitationMessage
  • invitedUserMessageInfo
  • invitedUserType

Response :

If the invitation is created the API return a Invitation object with the follow information:

{
  "id": "string",
  "invitedUserDisplayName": "string",
  "invitedUserEmailAddress": "string",
  "invitedUserMessageInfo": {"@odata.type": "microsoft.graph.invitedUserMessageInfo"},
  "sendInvitationMessage": false,
  "inviteRedirectUrl": "string",
  "inviteRedeemUrl": "string",
  "status": "string",
  "invitedUser": {"@odata.type": "microsoft.graph.user"},
  "invitedUserType": "string"
}

Sample Scenario

I create an Azure Function, in TypeScript that is part of a provisioning process of creating a collaborative Team Site that will be used by internal and external users and it is called by the provisioning process.

The Azure Function receive as parameter, user e-mail, user name of external user and the group id of group to add the user. The Azure Function add the user to AAD and Group and return the information of invitation created.

Here the extract of code of the Azure Function that create the Invite and add user to the Office365 group.

At this moment we have the user created on AAD and added to Office 365 group, but the process is not completed! The user must complete the redemption process and once completed, the invited user becomes an external user in the organization.

In this my Scenario the process of provisioning is responsible to send a email to the user with the redemption url returned by the Azure Function, property “inviteRedeemUrl”

Here exemple of execution of Azure Function:

Until the external user complete the Redemption Process the user is an “Invited User in AAD”.

The Redemption process check if the user has a Microsoft Account and if not the user must follow the steps to create an account and after he will be redirect to the url of the group defined.

The Code is available here .

Thanks for reading !

%d bloggers like this: