AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension

Parameters

Parameter Attribute DataType Description Allowed Values
DisplayName Key String Display name of the custom extension.
Id Write String Unique Id of the extension.
Description Write String Description of the extension.
ClientConfiguration Write MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionClientConfiguration Client configuration for the extension
EndpointConfiguration Write MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionEndpointConfiguration Endpoint configuration for the extension
CallbackConfiguration Write MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionCallbackConfiguration Callback configuration for the extension
Ensure Write String Present ensures the instance exists, absent ensures it is removed. Absent, Present
Credential Write PSCredential Credentials of the workload's Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionClientConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
timeoutInMilliseconds Write UInt32 The max duration in milliseconds that Microsoft Entra ID waits for a response from the external app before it shuts down the connection. The valid range is between 200 and 2000 milliseconds. Default duration is 1000.
maximumRetries Write UInt32 The max number of retries that Microsoft Entra ID makes to the external API. Values of 0 or 1 are supported. If null, the default for the service applies.

MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionEndpointConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
logicAppWorkflowName Write String The name of the logic app.
resourceGroupName Write String The Azure resource group name for the logic app.
subscriptionId Write String Identifier of the Azure subscription for the logic app.
url Write String Url of the logic app.

MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionCallbackConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
timeoutDuration Write String Callback time out in ISO 8601 time duration. Accepted time durations are between five minutes to three hours. For example, PT5M for five minutes and PT3H for three hours. Inherited from customExtensionCallbackConfiguration.
authorizedApps Write StringArray[] List of apps names that are allowed to resume a task processing result.

Description

Configures custom extensions for Lifecycle workflows in Entra id.

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • None
  • Update

    • None

Application permissions

  • Read

    • LifecycleWorkflows.Read.All
  • Update

    • LifecycleWorkflows.ReadWrite.All

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension "AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension-My Custom"
        {
            ApplicationId         = $ApplicationId;
            CallbackConfiguration = MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionCallbackConfiguration{
                TimeoutDuration = 'PT34M'
                AuthorizedApps = @('M365DSC')
            };
            CertificateThumbprint = $CertificateThumbprint;
            ClientConfiguration   = MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionClientConfiguration{
                MaximumRetries = 1
                TimeoutInMilliseconds = 1000
            };
            Description           = "My Description";
            DisplayName           = "My Custom Extension";
            EndpointConfiguration = MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionEndpointConfiguration{
                SubscriptionId =       '63e62ab2-fd92-46ce-a393-2cb338039cc7'
                logicAppWorkflowName = 'MyTestApp'
                resourceGroupName =    'TestRG'
                url = 'https://prod-35.eastus.logic.azure.com:443/workflows/xxxxxxxxxxx/triggers/manual/paths/invoke?api-version=2016-10-01'
            };
            Ensure                = "Present";
            TenantId              = $TenantId;
        }
    }
}

Example 2

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension "AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension-My Custom"
        {
            ApplicationId         = $ApplicationId;
            CertificateThumbprint = $CertificateThumbprint;
            CallbackConfiguration = MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionCallbackConfiguration{
                TimeoutDuration = 'PT34M'
                AuthorizedApps = @('M365DSC')
            };
            ClientConfiguration   = MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionClientConfiguration{
                MaximumRetries = 1
                TimeoutInMilliseconds = 1000
            };
            Description           = "My Drifted Description"; # Drift
            DisplayName           = "My Custom Extension";
            EndpointConfiguration = MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionEndpointConfiguration{
                SubscriptionId =       '63e62ab2-fd92-46ce-a393-2cb338039cc7'
                logicAppWorkflowName = 'MyTestApp'
                resourceGroupName =    'TestRG'
                url = 'https://prod-35.eastus.logic.azure.com:443/workflows/xxxxxxxxxxx/triggers/manual/paths/invoke?api-version=2016-10-01'
            };
            Ensure                = "Present";
            TenantId              = $TenantId;
        }
    }
}

Example 3

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension "AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension-My Custom"
        {
            ApplicationId         = $ApplicationId;
            CallbackConfiguration = MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionCallbackConfiguration{
                TimeoutDuration = 'PT34M'
                AuthorizedApps = @('M365DSC')
            };
            CertificateThumbprint = $CertificateThumbprint;
            ClientConfiguration   = MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionClientConfiguration{
                MaximumRetries = 1
                TimeoutInMilliseconds = 1000
            };
            Description           = "My Description";
            DisplayName           = "My Custom Extension";
            EndpointConfiguration = MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionEndpointConfiguration{
                SubscriptionId =       '63e62ab2-fd92-46ce-a393-2cb338039cc7'
                logicAppWorkflowName = 'MyTestApp'
                resourceGroupName =    'TestRG'
                url = 'https://prod-35.eastus.logic.azure.com:443/workflows/xxxxxxxxxxx/triggers/manual/paths/invoke?api-version=2016-10-01'
            };
            Ensure                = "Absent";
            TenantId              = $TenantId;
        }
    }
}