Azure Data Factory — Access Microsoft Graph API
Published in
3 min readMay 30, 2021
Use Service Principal to access Microsoft Graph API
Steps
Create a Service principal account
- Create a new service principal
- https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-service-principal-tutorial
- Assign Microsoft Graph -> Users -> Users.Read.All
- Create a secret
- Store the Client id and secret in Azure Keyvault
Azure Data Factory
- Entire flow to view all users in microsoft graph api
- First we need to bring client id and secret from Key vault
- use Web Acitivity to get the secrets and assign to variables
- Create a new pipleline
- Create variables called
- clientid
- clientsecret
- token
- now log into azure portal
- Go to Azure keyvault
- go to secrets and copy the URL to access
- Make sure ADF managed identity has contributor in keyvault
- Also provide get permission to read the keys in azure keyvault
- Now lets get the client id
- Drag the web activity
- Go to Advanced option
- Select managed identity
- In the URL box paste the below
https://vault.azure.net- Assign the output to variable
- Lets bring client secret now
- Go to Advanced option
- Select managed identity
- In the URL box paste the below
https://vault.azure.net- Assign to clientsecret variable
- Now time to get the authoriazation token to use for microsoft graph
- in URL field
https://login.microsoftonline.com/tenantid/oauth2/v2.0/token
- here is the code for request body
- Body text is formed by concating client id and secret with tenant id and scope
@concat(concat('tenant=tenantid&client_id=',variables('clientid'),'&client_secret='),variables('clientsecret'),'&grant_type=client_credentials&scope=https://graph.microsoft.com/.default')- Assign the token to variable called token
- Now call the Microsoft graph to retrieve data
- Need the token for authorization
