Lifecycle Workflow reporting API Overview
Important
APIs under the /beta
version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Lifecycle Workflows offers reports that enable organizations to gain insight into how lifecycle workflows were processed for users in your organization.
Note
This article describes how to export personal data from a device or service. These steps can be used to support your obligations under the General Data Protection Regulation (GDPR). Authorized tenant admins can use Microsoft Graph to correct, update, or delete identifiable information about end users, including customer and employee user profiles or personal data, such as a user's name, work title, address, or phone number, in your Microsoft Entra ID environment.
The lifecycle workflows API is defined in the OData subnamespace, microsoft.graph.identityGovernance.
Key elements of Lifecycle Workflows reports
Reporting feature | Description |
---|---|
User processing result | Result of a lifecycle workflow that was executed for a specific user. The result is an aggregation of all task processing results of the workflow tasks that were part of the lifecycle workflow and executed for the specific user. |
Task processing result | Result of a workflow task that was executed for a specific user. |
Workflow run | Result of a lifecycle workflow that was executed for a collection of users. The result is an aggregation of all user processing results of the users that were either processed within an interval or were part of an on-demand execution. |
Task report | An aggregation of task processing results for a specific workflow task within a workflow run. With this report, the health status of a workflow task within a workflow run can be easily determined and thus the source of error can be identified more quickly should a workflow run fail. |
Lifecycle workflows in audit logs
All events run in Lifecycle Workflows are logged by Microsoft Entra ID. These include creating, updating, deleting, or running workflows, and assigning permissions to apps.
These auditable logs are represented by the directoryAudit resource type and its associated GET methods in Microsoft Graph.
License checks
Using this feature requires Microsoft Entra ID Governance licenses. To find the right license for your requirements, see Compare generally available features of Micorosft Microsoft Entra ID.
Role and application permission authorization checks
The following Microsoft Entra roles are required for a calling user to read reports in Lifecycle Workflows.
Operation | Application permissions | Required directory role of the calling user |
---|---|---|
Read | LifecycleWorkflows.Read.All or LifecycleWorkflows.ReadWrite.All | Global Reader or Lifecycle Workflows Administrator |
Create, Update or Delete | LifecycleWorkflows.ReadWrite.All | Lifecycle Workflows Administrator |