As a developer or IT administrator, you can use API connectors to integrate your self-service sign-up user flows with web APIs to customize the sign-up experience and integrate with external systems. For example, with API connectors, you can:
Perform identity verification. Use an identity verification service to add an extra level of security to account creation decisions.
Validate user input data. Validate against malformed or invalid user data. For example, you can validate user-provided data against existing data in an external data store or list of permitted values. If invalid, you can ask a user to provide valid data or block the user from continuing the sign-up flow.
Overwrite user attributes. Reformat or assign a value to an attribute collected from the user. For example, if a user enters the first name in all lowercase or all uppercase letters, you can format the name with only the first letter capitalized.
Run custom business logic. You can trigger downstream events in your cloud systems to send push notifications, update corporate databases, manage permissions, audit databases, and perform other custom actions.
An API connector provides Microsoft Entra ID with the information needed to call API endpoint by defining the HTTP endpoint URL and authentication for the API call. Once you configure an API connector, you can enable it for a specific step in a user flow. When a user reaches that step in the sign-up flow, the API connector is invoked and materializes as an HTTP POST request to your API, sending user information ("claims") as key-value pairs in a JSON body. The API response can affect the execution of the user flow. For example, the API response can block a user from signing up, ask the user to reenter information, or overwrite and append user attributes.
Where you can enable an API connector in a user flow
There are two places in a user flow where you can enable an API connector:
After federating with an identity provider during sign-up
Before creating the user
Important
In both of these cases, the API connectors are invoked during user sign-up, not sign-in.
After federating with an identity provider during sign-up
An API connector at this step in the sign-up process is invoked immediately after the user authenticates with an identity provider (like Google, Facebook, & Microsoft Entra ID). This step precedes the attribute collection page, which is the form presented to the user to collect user attributes. This step isn't invoked if a user is registering with a local account. The following are examples of API connector scenarios you might enable at this step:
Use the email or federated identity that the user provided to look up claims in an existing system. Return these claims from the existing system, prefill the attribute collection page, and make them available to return in the token.
Implement an allow or blocklist based on social identity.
Before creating the user
An API connector at this step in the sign-up process is invoked after the attribute collection page, if one is included. This step is always invoked before a user account is created. The following are examples of scenarios you might enable at this point during sign-up:
Validate user input data and ask a user to resubmit data.
Block a user sign-up based on data entered by the user.
Perform identity verification.
Query external systems for existing data about the user to return it in the application token or store it in Microsoft Entra ID.
Select User flows, and then select the user flow you want to add the API connector to. Select API connectors, and then select the API endpoints you want to invoke at the following steps in the user flow: After federating with an identity provider during sign-up.
Browse to Identity > External Identities > User flows, and then select New user flow. Select the user flow type (for example, Sign up and sign in). Select the version (Recommended or Preview), and then select Create.
API connectors include the functionality to connect to an API (application programming interface) and exchange data. They are built to run on an enterprise iPaaS or embedded iPaaS as part of an integration.
Self-service sign up: This is the method by which a user signs up for a cloud service and has an identity automatically created for them in Azure Active Directory (AD) based on their email domain. Unmanaged Azure tenant: This is the directory where that identity is created.
Self-service sign-up makes it easier for users in your organization to sign up for online services from Microsoft. We call this sign up process "self-service sign-up" because your users can sign up to use services paid by your subscription, or use free services, without asking you to take action on their behalf.
The signup flow is one of the most critical aspects of the user experience journey. It is the initial encounter that a user has with your product. The way you design it can have a major impact on how users perceive your product.
A self-service portal is a website that acts as a searchable database for self-service resources. Users can find information, search solutions, and—when necessary—reach out for further support. Self-service portals give users the opportunity to find their own answers without outside help.
APIs are mechanisms that enable two software components to communicate with each other using a set of definitions and protocols. For example, the weather bureau's software system contains daily weather data. The weather app on your phone “talks” to this system via APIs and shows you daily weather updates on your phone.
With API Connect, you can: Ensure secure & controlled access to the APIs using a rich set of enforced policies. Drive innovation and engage with the developer community through the self-service developer portal. Gain deep insights around API consumption from its built-in analytics.
Microsoft Entra External ID is a customer identity access management (CIAM) solution that lets you create secure, customized sign-in experiences for your external-facing apps and services.
A web based Active Directory accounts management tool
With the extremely reliable self-serve capabilities of AD Self Service Portal you can now empower Active Directory users to update their own user profiles, reset their passwords and unlock their domain accounts, all through the convenience of a web-based interface.
Sign in to Power Apps or Power Automate. On the left pane, select Data > Custom connectors. Select New custom connector > Create from blank. Enter a name for the custom connector, and then select Continue.
Introduction: My name is Lakeisha Bayer VM, I am a brainy, kind, enchanting, healthy, lovely, clean, witty person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.