Namespace: microsoft.graph.identityGovernance
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Create a new customTaskExtension object.
This API is available in the following national cloud deployments.
| Global service |
US Government L4 |
US Government L5 (DOD) |
China operated by 21Vianet |
| ✅ |
✅ |
✅ |
❌ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
| Permission type |
Least privileged permissions |
Higher privileged permissions |
| Delegated (work or school account) |
LifecycleWorkflows-CustomExt.ReadWrite.All |
LifecycleWorkflows.ReadWrite.All |
| Delegated (personal Microsoft account) |
Not supported. |
Not supported. |
| Application |
LifecycleWorkflows-CustomExt.ReadWrite.All |
LifecycleWorkflows.ReadWrite.All |
Important
The calling user also requires one of the following Azure Resource Manager roles for the specified Azure Logic App: Logic App contributor, Contributor, or Owner.
Important
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. Lifecycle Workflows Administrator is the least privileged role supported for this operation.
HTTP request
POST /identityGovernance/lifecycleWorkflows/customTaskExtensions
Request body
In the request body, supply a JSON representation of the customTaskExtension object.
You can specify the following properties when creating a customTaskExtension.
Response
If successful, this method returns a 201 Created response code and a microsoft.graph.identityGovernance.customTaskExtension object in the response body.
Examples
Request
The following example shows a request.
POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/customTaskExtensions
Content-Type: application/json
Content-length: 588
{
"displayName": "Grant manager access to mailbox and OneDrive",
"description": "Grant manager access to mailbox and OneDrive",
"endpointConfiguration": {
"@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
"subscriptionId": "c500b67c-e9b7-4ad2-a90d-77d41385ae55",
"resourceGroupName": "RG-LCM",
"logicAppWorkflowName": "ManagerAccess"
},
"authenticationConfiguration": {
"@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
"resourceId": "542dc01a-0b5d-4edc-b3f9-5cfe6393f557"
},
"clientConfiguration": {
"@odata.type": "#microsoft.graph.customExtensionClientConfiguration",
"maximumRetries": 1,
"timeoutInMilliseconds": 1000
},
"callbackConfiguration": {
"@odata.type": "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration",
"timeoutDuration": "PT5M"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models.IdentityGovernance;
using Microsoft.Graph.Beta.Models;
var requestBody = new CustomTaskExtension
{
DisplayName = "Grant manager access to mailbox and OneDrive",
Description = "Grant manager access to mailbox and OneDrive",
EndpointConfiguration = new LogicAppTriggerEndpointConfiguration
{
OdataType = "#microsoft.graph.logicAppTriggerEndpointConfiguration",
SubscriptionId = "c500b67c-e9b7-4ad2-a90d-77d41385ae55",
ResourceGroupName = "RG-LCM",
LogicAppWorkflowName = "ManagerAccess",
},
AuthenticationConfiguration = new AzureAdTokenAuthentication
{
OdataType = "#microsoft.graph.azureAdTokenAuthentication",
ResourceId = "542dc01a-0b5d-4edc-b3f9-5cfe6393f557",
},
ClientConfiguration = new CustomExtensionClientConfiguration
{
OdataType = "#microsoft.graph.customExtensionClientConfiguration",
MaximumRetries = 1,
TimeoutInMilliseconds = 1000,
},
CallbackConfiguration = new CustomTaskExtensionCallbackConfiguration
{
OdataType = "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration",
TimeoutDuration = TimeSpan.Parse("PT5M"),
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.LifecycleWorkflows.CustomTaskExtensions.PostAsync(requestBody);
mgc-beta identity-governance lifecycle-workflows custom-task-extensions create --body '{\
"displayName": "Grant manager access to mailbox and OneDrive",\
"description": "Grant manager access to mailbox and OneDrive",\
"endpointConfiguration": {\
"@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",\
"subscriptionId": "c500b67c-e9b7-4ad2-a90d-77d41385ae55",\
"resourceGroupName": "RG-LCM",\
"logicAppWorkflowName": "ManagerAccess"\
},\
"authenticationConfiguration": {\
"@odata.type": "#microsoft.graph.azureAdTokenAuthentication",\
"resourceId": "542dc01a-0b5d-4edc-b3f9-5cfe6393f557"\
},\
"clientConfiguration": {\
"@odata.type": "#microsoft.graph.customExtensionClientConfiguration",\
"maximumRetries": 1,\
"timeoutInMilliseconds": 1000\
},\
"callbackConfiguration": {\
"@odata.type": "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration",\
"timeoutDuration": "PT5M"\
}\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodelsidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/models/identitygovernance"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodelsidentitygovernance.NewCustomTaskExtension()
displayName := "Grant manager access to mailbox and OneDrive"
requestBody.SetDisplayName(&displayName)
description := "Grant manager access to mailbox and OneDrive"
requestBody.SetDescription(&description)
endpointConfiguration := graphmodels.NewLogicAppTriggerEndpointConfiguration()
subscriptionId := "c500b67c-e9b7-4ad2-a90d-77d41385ae55"
endpointConfiguration.SetSubscriptionId(&subscriptionId)
resourceGroupName := "RG-LCM"
endpointConfiguration.SetResourceGroupName(&resourceGroupName)
logicAppWorkflowName := "ManagerAccess"
endpointConfiguration.SetLogicAppWorkflowName(&logicAppWorkflowName)
requestBody.SetEndpointConfiguration(endpointConfiguration)
authenticationConfiguration := graphmodels.NewAzureAdTokenAuthentication()
resourceId := "542dc01a-0b5d-4edc-b3f9-5cfe6393f557"
authenticationConfiguration.SetResourceId(&resourceId)
requestBody.SetAuthenticationConfiguration(authenticationConfiguration)
clientConfiguration := graphmodels.NewCustomExtensionClientConfiguration()
maximumRetries := int32(1)
clientConfiguration.SetMaximumRetries(&maximumRetries)
timeoutInMilliseconds := int32(1000)
clientConfiguration.SetTimeoutInMilliseconds(&timeoutInMilliseconds)
requestBody.SetClientConfiguration(clientConfiguration)
callbackConfiguration := graphmodelsidentitygovernance.NewCustomTaskExtensionCallbackConfiguration()
timeoutDuration , err := abstractions.ParseISODuration("PT5M")
callbackConfiguration.SetTimeoutDuration(&timeoutDuration)
requestBody.SetCallbackConfiguration(callbackConfiguration)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
customTaskExtensions, err := graphClient.IdentityGovernance().LifecycleWorkflows().CustomTaskExtensions().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.identitygovernance.CustomTaskExtension customTaskExtension = new com.microsoft.graph.beta.models.identitygovernance.CustomTaskExtension();
customTaskExtension.setDisplayName("Grant manager access to mailbox and OneDrive");
customTaskExtension.setDescription("Grant manager access to mailbox and OneDrive");
LogicAppTriggerEndpointConfiguration endpointConfiguration = new LogicAppTriggerEndpointConfiguration();
endpointConfiguration.setOdataType("#microsoft.graph.logicAppTriggerEndpointConfiguration");
endpointConfiguration.setSubscriptionId("c500b67c-e9b7-4ad2-a90d-77d41385ae55");
endpointConfiguration.setResourceGroupName("RG-LCM");
endpointConfiguration.setLogicAppWorkflowName("ManagerAccess");
customTaskExtension.setEndpointConfiguration(endpointConfiguration);
AzureAdTokenAuthentication authenticationConfiguration = new AzureAdTokenAuthentication();
authenticationConfiguration.setOdataType("#microsoft.graph.azureAdTokenAuthentication");
authenticationConfiguration.setResourceId("542dc01a-0b5d-4edc-b3f9-5cfe6393f557");
customTaskExtension.setAuthenticationConfiguration(authenticationConfiguration);
CustomExtensionClientConfiguration clientConfiguration = new CustomExtensionClientConfiguration();
clientConfiguration.setOdataType("#microsoft.graph.customExtensionClientConfiguration");
clientConfiguration.setMaximumRetries(1);
clientConfiguration.setTimeoutInMilliseconds(1000);
customTaskExtension.setClientConfiguration(clientConfiguration);
com.microsoft.graph.beta.models.identitygovernance.CustomTaskExtensionCallbackConfiguration callbackConfiguration = new com.microsoft.graph.beta.models.identitygovernance.CustomTaskExtensionCallbackConfiguration();
callbackConfiguration.setOdataType("#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration");
PeriodAndDuration timeoutDuration = PeriodAndDuration.ofDuration(Duration.parse("PT5M"));
callbackConfiguration.setTimeoutDuration(timeoutDuration);
customTaskExtension.setCallbackConfiguration(callbackConfiguration);
com.microsoft.graph.models.identitygovernance.CustomTaskExtension result = graphClient.identityGovernance().lifecycleWorkflows().customTaskExtensions().post(customTaskExtension);
const options = {
authProvider,
};
const client = Client.init(options);
const customTaskExtension = {
displayName: 'Grant manager access to mailbox and OneDrive',
description: 'Grant manager access to mailbox and OneDrive',
endpointConfiguration: {
'@odata.type': '#microsoft.graph.logicAppTriggerEndpointConfiguration',
subscriptionId: 'c500b67c-e9b7-4ad2-a90d-77d41385ae55',
resourceGroupName: 'RG-LCM',
logicAppWorkflowName: 'ManagerAccess'
},
authenticationConfiguration: {
'@odata.type': '#microsoft.graph.azureAdTokenAuthentication',
resourceId: '542dc01a-0b5d-4edc-b3f9-5cfe6393f557'
},
clientConfiguration: {
'@odata.type': '#microsoft.graph.customExtensionClientConfiguration',
maximumRetries: 1,
timeoutInMilliseconds: 1000
},
callbackConfiguration: {
'@odata.type': '#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration',
timeoutDuration: 'PT5M'
}
};
await client.api('/identityGovernance/lifecycleWorkflows/customTaskExtensions')
.version('beta')
.post(customTaskExtension);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\CustomTaskExtension;
use Microsoft\Graph\Beta\Generated\Models\LogicAppTriggerEndpointConfiguration;
use Microsoft\Graph\Beta\Generated\Models\AzureAdTokenAuthentication;
use Microsoft\Graph\Beta\Generated\Models\CustomExtensionClientConfiguration;
use Microsoft\Graph\Beta\Generated\Models\IdentityGovernance\CustomTaskExtensionCallbackConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new CustomTaskExtension();
$requestBody->setDisplayName('Grant manager access to mailbox and OneDrive');
$requestBody->setDescription('Grant manager access to mailbox and OneDrive');
$endpointConfiguration = new LogicAppTriggerEndpointConfiguration();
$endpointConfiguration->setOdataType('#microsoft.graph.logicAppTriggerEndpointConfiguration');
$endpointConfiguration->setSubscriptionId('c500b67c-e9b7-4ad2-a90d-77d41385ae55');
$endpointConfiguration->setResourceGroupName('RG-LCM');
$endpointConfiguration->setLogicAppWorkflowName('ManagerAccess');
$requestBody->setEndpointConfiguration($endpointConfiguration);
$authenticationConfiguration = new AzureAdTokenAuthentication();
$authenticationConfiguration->setOdataType('#microsoft.graph.azureAdTokenAuthentication');
$authenticationConfiguration->setResourceId('542dc01a-0b5d-4edc-b3f9-5cfe6393f557');
$requestBody->setAuthenticationConfiguration($authenticationConfiguration);
$clientConfiguration = new CustomExtensionClientConfiguration();
$clientConfiguration->setOdataType('#microsoft.graph.customExtensionClientConfiguration');
$clientConfiguration->setMaximumRetries(1);
$clientConfiguration->setTimeoutInMilliseconds(1000);
$requestBody->setClientConfiguration($clientConfiguration);
$callbackConfiguration = new CustomTaskExtensionCallbackConfiguration();
$callbackConfiguration->setOdataType('#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration');
$callbackConfiguration->setTimeoutDuration(new \DateInterval('PT5M'));
$requestBody->setCallbackConfiguration($callbackConfiguration);
$result = $graphServiceClient->identityGovernance()->lifecycleWorkflows()->customTaskExtensions()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
displayName = "Grant manager access to mailbox and OneDrive"
description = "Grant manager access to mailbox and OneDrive"
endpointConfiguration = @{
"@odata.type" = "#microsoft.graph.logicAppTriggerEndpointConfiguration"
subscriptionId = "c500b67c-e9b7-4ad2-a90d-77d41385ae55"
resourceGroupName = "RG-LCM"
logicAppWorkflowName = "ManagerAccess"
}
authenticationConfiguration = @{
"@odata.type" = "#microsoft.graph.azureAdTokenAuthentication"
resourceId = "542dc01a-0b5d-4edc-b3f9-5cfe6393f557"
}
clientConfiguration = @{
"@odata.type" = "#microsoft.graph.customExtensionClientConfiguration"
maximumRetries = 1
timeoutInMilliseconds = 1000
}
callbackConfiguration = @{
"@odata.type" = "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration"
timeoutDuration = "PT5M"
}
}
New-MgBetaIdentityGovernanceLifecycleWorkflowCustomTaskExtension -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_governance.custom_task_extension import CustomTaskExtension
from msgraph_beta.generated.models.logic_app_trigger_endpoint_configuration import LogicAppTriggerEndpointConfiguration
from msgraph_beta.generated.models.azure_ad_token_authentication import AzureAdTokenAuthentication
from msgraph_beta.generated.models.custom_extension_client_configuration import CustomExtensionClientConfiguration
from msgraph_beta.generated.models.identity_governance.custom_task_extension_callback_configuration import CustomTaskExtensionCallbackConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = CustomTaskExtension(
display_name = "Grant manager access to mailbox and OneDrive",
description = "Grant manager access to mailbox and OneDrive",
endpoint_configuration = LogicAppTriggerEndpointConfiguration(
odata_type = "#microsoft.graph.logicAppTriggerEndpointConfiguration",
subscription_id = "c500b67c-e9b7-4ad2-a90d-77d41385ae55",
resource_group_name = "RG-LCM",
logic_app_workflow_name = "ManagerAccess",
),
authentication_configuration = AzureAdTokenAuthentication(
odata_type = "#microsoft.graph.azureAdTokenAuthentication",
resource_id = "542dc01a-0b5d-4edc-b3f9-5cfe6393f557",
),
client_configuration = CustomExtensionClientConfiguration(
odata_type = "#microsoft.graph.customExtensionClientConfiguration",
maximum_retries = 1,
timeout_in_milliseconds = 1000,
),
callback_configuration = CustomTaskExtensionCallbackConfiguration(
odata_type = "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration",
timeout_duration = "PT5M",
),
)
result = await graph_client.identity_governance.lifecycle_workflows.custom_task_extensions.post(request_body)
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/customTaskExtensions/$entity",
"id": "ee2590e4-4572-4820-a397-969ecd7bd6a9",
"displayName": "Grant manager access to mailbox and OneDrive",
"description": "Grant manager access to mailbox and OneDrive",
"createdDateTime": "2022-08-24T22:37:46.1790566Z",
"lastModifiedDateTime": "2022-08-24T22:37:46.179062Z",
"endpointConfiguration": {
"@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
"subscriptionId": "c500b67c-e9b7-4ad2-a90d-77d41385ae55",
"resourceGroupName": "RG-LCM",
"logicAppWorkflowName": "ManagerAccess"
},
"authenticationConfiguration": {
"@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
"resourceId": "542dc01a-0b5d-4edc-b3f9-5cfe6393f557"
},
"clientConfiguration": {
"@odata.type": "#microsoft.graph.customExtensionClientConfiguration",
"maximumRetries": 1,
"timeoutInMilliseconds": 1000
},
"callbackConfiguration": {
"@odata.type": "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration",
"timeoutDuration": "PT5M"
}
}