Inviting a guest User to a SharePoint Site using PowerAutomate

Question

We are developing a PowerAutomate Flow to automate the process of inviting external users to a SharePoint Site.

Below are the steps being followed so far

1. Created an MS Form for an external user to register
2. Passing the response**(Email)** from the form to the flow
3. Adding the user to a SharePoint Group using email parameter and sending an email invite to the External User(Requirement)

I have been able to get to point no 2 , However I have been experiencing challenges achieving point no 3

Came across different articles online for adding a guest users , However most of them talk about adding the guest to Azure AD as shown below

https://medium.com/southworks/adding-a-guest-to-an-office-365-sharepoint-site-with-javascript-fa7604ad8678

https://laurakokkarinen.com/how-to-build-a-guest-user-self-service-registration-for-office-365-with-azure/

https://www.timlinenterprises.com/how-to-invite-external-users-using-microsoft-flow-and-microsoft-graph-api/

Also checked a few articles for running PowerShell commands from Flow , However this approach doesn't look straightforward either

The below article works only for internal users https://www.c-sharpcorner.com/article/add-the-users-to-the-sharepoint-groups-using-microsoft-flow/

The end goal here is to invite external user to a SharePoint Site once the user registers himself through a registration form (MS Form)

Would appreciate if anyone could help me out in achieving this.

Thanks in advance

Answer 1

This is my solution to add Guest Users to Private Channels in MS Teams with PowerAutomate.

Step0 - Register the domain of the Guest Users in your AD account as a valida Guest Domain

Step1 - User a registration form (MS Forms)

Step2 - Create a Trigger Process in MS PowerAutomate to receive the Form Data. I like to create small/short flows to only capture and validate form data, and then call a separate Flow / RestService. This makes your solution a little bit more decoupled and reusable. (Imagine replacing the Form with a web app form or mobile app form in the future).

Create a second HTTP request trigger flow receiving the Form data (optional way to setup multi-flow solution)

Step3 - Create a Private Channel in teams via GrapAPI

GraphAPI - POST https://graph.microsoft.com/v1.0/teams/<teams_id>/channels

POST BODY:

{
  "membershipType": "private",
  "displayName": "<e.g. channel name from form data>",
  "description": "<e.g. description from form data>",
  "members": [
    {
      "@odata.type": "#microsoft.graph.aadUserConversationMember",
      "[email protected]": "https://graph.microsoft.com/v1.0/users('[email protected]')",
      "roles": [
        "owner"
      ]
    }
  ],
  "@odata.type": "#Microsoft.Graph.channel"
}

Step4 - Call GraphAPI to retrieve the Guest User Details

GraphAPI: GET https://graph.microsoft.com/v1.0/users?$filter=mail eq '[email protected]'

I have added this in a loop - since I had many members who had to be added - and I also included a condition check to check if the domain is indeed valid

Now you can assign the output (or portions of the output) to some variables

Step5 - Retrieve the ID value from the step above (Step4). This is the value that must be used to add the new guest member.

1. Retrieve the ID from the Step4 output
2. Also set a variable to the account type - which should (MUST BE) be "guest"

Now - Add guest users to the private teams channel

Step6 - Call GraphAPI to add guest members

GraphAPI: POST https://graph.microsoft.com/v1.0/teams/<team_id>/channels/<channel_id>/members

Post Body: The role must be "guest" for guest account But valid options for other types of access can be

1. owner
2. member
3. guest

Microsoft documentation (HERE) states roles must be owner or empty This did not work so well for me. Use guest

{
  "@odata.type": "#microsoft.graph.aadUserConversationMember",
  "roles": [
    "@{variables('membership_type')}"
  ],
  "[email protected]": "https://graph.microsoft.com/v1.0/users('@{variables('principal_user')}')"
}

Bonus Step Now you can catch all responses from the previous steps and respond back with an HTTP Request/Response connector.

1. A 200 response on successful executions
2. A non-200 response on failed executions (or how ever you desire)

To configure exception handling or failure handling responses do this below

Answer 2

Before inviting the user to SharePoint you must add him to Azure AD. So you will need to configure an HTTP action to invite the user first.

If you are using SharePoint Modern Sites (those who have Microsoft 365 groups associated), you need to create a HTTP action to add the guest to the group: HTTP Action Configuration Here

NOTE: HTTP will not accept "@" sign directly, so you need to put it into a "Compose" or "Variable" and add it as per my screenshot.

In the URI you have the Group ID from Azure AD. In the Body it's the guest user ID

You will need to register and Azure AD App to use for the HTTP action and give it the following permissions:

Graph -> Application -> GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All https://learn.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0&tabs=http#permissions

Use the App ID and Secret to connect the HTTP action.