IdentityUserFlow.ReadWrite.All

Allows the app to read or write your organization's user flows, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the IdentityUserFlow.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	65319a09-a2be-469d-8782-f6b07debf789	281892cc-4dbf-4e3a-b6cc-b21029bb4e82
DisplayText	Read and write all identity user flows	Read and write all identity user flows
Description	Allows the app to read or write your organization's user flows, without a signed-in user.	Allows the app to read or write your organization's user flows, on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /identity/b2xUserFlows/{id}
	DELETE /identity/b2xUserFlows/{id}/identityProviders/{id}/$ref
	DELETE /identity/b2xUserFlows/{id}/languages/{id}/overridesPages/$value
	DELETE /identity/b2xUserFlows/{id}/userAttributeAssignments/{id}
	DELETE /identity/userFlowAttributes/{id}
	GET /identity/b2xUserFlows
	GET /identity/b2xUserFlows/{b2xIdentityUserFlowId}/userAttributeAssignments/getOrder
	GET /identity/b2xUserFlows/{id}
	GET /identity/b2xUserFlows/{id}/identityProviders
	GET /identity/b2xUserFlows/{id}/languages
	GET /identity/b2xUserFlows/{id}/languages/{id}/defaultPages
	GET /identity/b2xUserFlows/{id}/languages/{id}/defaultPages/{id}/$value
	GET /identity/b2xUserFlows/{id}/languages/{id}/overridesPages
	GET /identity/b2xUserFlows/{id}/languages/{id}/overridesPages/{id}/$value
	GET /identity/b2xUserFlows/{id}/userAttributeAssignments
	GET /identity/b2xUserFlows/{id}/userAttributeAssignments/{id}
	GET /identity/userFlowAttributes
	GET /identity/userFlowAttributes/{id}
	GET identity/b2xUserFlows/{id}/apiConnectorConfiguration
	GET identity/b2xUserFlows/{id}/languages/{id}
	PATCH /identity/b2xUserFlows/{id}/userAttributeAssignments/{id}
	PATCH /identity/userFlowAttributes/{id}
	POST /identity/b2xUserFlows
	POST /identity/b2xUserFlows/{b2xIdentityUserFlowId}/userAttributeAssignments/setOrder
	POST /identity/b2xUserFlows/{id}/identityProviders/$ref
	POST /identity/b2xUserFlows/{id}/userAttributeAssignments
	POST /identity/userFlowAttributes
	PUT /identity/b2xUserFlows/{b2xUserFlowId}/apiConnectorConfiguration/{step}/$ref
	PUT /identity/b2xUserFlows/{id}/languages/{id}/overridesPages/{id}/$value

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /identity/b2cUserFlows/{id}
	DELETE /identity/b2cUserFlows/{id}/identityProviders/{id}/$ref
	DELETE /identity/b2cUserFlows/{id}/languages/{id}
	DELETE /identity/b2cUserFlows/{id}/languages/{id}/overridesPages/$value
	DELETE /identity/b2cUserFlows/{id}/userAttributeAssignments/{id}
	DELETE /identity/b2cUserFlows/{userflow-id}/userflowIdentityProviders/{identityProvider-id}/$ref
	DELETE /identity/b2xUserFlows/{id}
	DELETE /identity/b2xUserFlows/{id}/identityProviders/{id}/$ref
	DELETE /identity/b2xUserFlows/{id}/languages/{id}/overridesPages/$value
	DELETE /identity/b2xUserFlows/{id}/userAttributeAssignments/{id}
	DELETE /identity/b2xUserFlows/{userflow-id}/userflowIdentityProviders/{id}/$ref
	DELETE /identity/userFlowAttributes/{id}
	DELETE /identity/userFlows/{id}
	GET /identity/b2cUserFlows
	GET /identity/b2cUserFlows/{b2cIdentityUserFlowId}/userAttributeAssignments/getOrder
	GET /identity/b2cUserFlows/{id}
	GET /identity/b2cUserFlows/{id}/identityProviders
	GET /identity/b2cUserFlows/{id}/languages
	GET /identity/b2cUserFlows/{id}/languages/{id}/defaultPages
	GET /identity/b2cUserFlows/{id}/languages/{id}/defaultPages/{id}/$value
	GET /identity/b2cUserFlows/{id}/languages/{id}/overridesPages
	GET /identity/b2cUserFlows/{id}/languages/{id}/overridesPages/{id}/$value
	GET /identity/b2cUserFlows/{id}/userAttributeAssignments
	GET /identity/b2cUserFlows/{id}/userAttributeAssignments/{id}
	GET /identity/b2cUserFlows/{userflow-id}/userflowIdentityProviders
	GET /identity/b2xUserFlows
	GET /identity/b2xUserFlows/{b2xIdentityUserFlowId}/userAttributeAssignments/getOrder
	GET /identity/b2xUserFlows/{id}
	GET /identity/b2xUserFlows/{id}/identityProviders
	GET /identity/b2xUserFlows/{id}/languages
	GET /identity/b2xUserFlows/{id}/languages/{id}/defaultPages
	GET /identity/b2xUserFlows/{id}/languages/{id}/defaultPages/{id}/$value
	GET /identity/b2xUserFlows/{id}/languages/{id}/overridesPages
	GET /identity/b2xUserFlows/{id}/languages/{id}/overridesPages/{id}/$value
	GET /identity/b2xUserFlows/{id}/userAttributeAssignments
	GET /identity/b2xUserFlows/{id}/userAttributeAssignments/{id}
	GET /identity/b2xUserFlows/{userflow-id}/userflowIdentityProviders
	GET /identity/userFlowAttributes
	GET /identity/userFlowAttributes/{id}
	GET /identity/userFlows
	GET /identity/userFlows/{id}
	GET identity/b2cUserFlows/{id}/apiConnectorConfiguration
	GET identity/b2cUserFlows/{id}/languages/{id}
	GET identity/b2xUserFlows/{id}/apiConnectorConfiguration
	GET identity/b2xUserFlows/{id}/languages/{id}
	PATCH /identity/b2cUserFlows/{id}
	PATCH /identity/b2cUserFlows/{id}/userAttributeAssignments/{id}
	PATCH /identity/b2xUserFlows/{id}/userAttributeAssignments/{id}
	PATCH /identity/b2xUserFlows/{userflow-id}/userflowIdentityProviders/$ref
	PATCH /identity/userFlowAttributes/{id}
	POST /identity/b2cUserFlows
	POST /identity/b2cUserFlows/{b2cIdentityUserFlowId}/userAttributeAssignments/setOrder
	POST /identity/b2cUserFlows/{id}/identityProviders/$ref
	POST /identity/b2cUserFlows/{id}/userAttributeAssignments
	POST /identity/b2cUserFlows/{userflow-id}/userflowIdentityProviders/$ref
	POST /identity/b2xUserFlows
	POST /identity/b2xUserFlows/{b2xIdentityUserFlowId}/userAttributeAssignments/setOrder
	POST /identity/b2xUserFlows/{id}/identityProviders/$ref
	POST /identity/b2xUserFlows/{id}/userAttributeAssignments
	POST /identity/userFlowAttributes
	POST /identity/userFlows
	PUT /identity/b2cUserFlows/{b2cUserFlowId}/apiConnectorConfiguration/{step}/$ref
	PUT /identity/b2cUserFlows/{id}/languages/{id}
	PUT /identity/b2cUserFlows/{id}/languages/{id}/overridesPages/{id}/$value
	PUT /identity/b2xUserFlows/{b2xUserFlowId}/apiConnectorConfiguration/{step}/$ref
	PUT /identity/b2xUserFlows/{id}/languages/{id}/overridesPages/{id}/$value

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgIdentityB2XUserFlow
	Get-MgIdentityB2XUserFlowApiConnectorConfiguration
	Get-MgIdentityB2XUserFlowIdentityProvider
	Get-MgIdentityB2XUserFlowLanguage
	Get-MgIdentityB2XUserFlowLanguageDefaultPage
	Get-MgIdentityB2XUserFlowLanguageDefaultPageContent
	Get-MgIdentityB2XUserFlowLanguageOverridePage
	Get-MgIdentityB2XUserFlowLanguageOverridePageContent
	Get-MgIdentityB2XUserFlowUserAttributeAssignment
	Get-MgIdentityB2XUserFlowUserAttributeAssignmentOrder
	Get-MgIdentityUserFlowAttribute
	New-MgIdentityB2XUserFlow
	New-MgIdentityB2XUserFlowUserAttributeAssignment
	New-MgIdentityUserFlowAttribute
	Remove-MgIdentityB2XUserFlow
	Remove-MgIdentityB2XUserFlowLanguageOverridePage
	Remove-MgIdentityB2XUserFlowLanguageOverridePageContent
	Remove-MgIdentityB2XUserFlowUserAttributeAssignment
	Remove-MgIdentityUserFlowAttribute
	Set-MgIdentityB2XUserFlowLanguageOverridePageContent
	Set-MgIdentityB2XUserFlowUserAttributeAssignmentOrder
	Update-MgIdentityB2XUserFlowLanguageOverridePage
	Update-MgIdentityB2XUserFlowUserAttributeAssignment
	Update-MgIdentityUserFlowAttribute

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaIdentityB2CUserFlow
	Get-MgBetaIdentityB2CUserFlowIdentityProvider
	Get-MgBetaIdentityB2CUserFlowIdentityProviderByRef
	Get-MgBetaIdentityB2CUserFlowLanguage
	Get-MgBetaIdentityB2CUserFlowLanguageDefaultPage
	Get-MgBetaIdentityB2CUserFlowLanguageDefaultPageContent
	Get-MgBetaIdentityB2CUserFlowLanguageOverridePage
	Get-MgBetaIdentityB2CUserFlowLanguageOverridePageContent
	Get-MgBetaIdentityB2CUserFlowUserAttributeAssignment
	Get-MgBetaIdentityB2CUserFlowUserAttributeAssignmentOrder
	Get-MgBetaIdentityB2XUserFlow
	Get-MgBetaIdentityB2XUserFlowApiConnectorConfiguration
	Get-MgBetaIdentityB2XUserFlowIdentityProvider
	Get-MgBetaIdentityB2XUserFlowLanguage
	Get-MgBetaIdentityB2XUserFlowUserAttributeAssignment
	Get-MgBetaIdentityB2XUserFlowUserAttributeAssignmentOrder
	Get-MgBetaIdentityUserFlow
	Get-MgBetaIdentityUserFlowAttribute
	New-MgBetaIdentityB2CUserFlow
	New-MgBetaIdentityB2CUserFlowIdentityProviderByRef
	New-MgBetaIdentityB2CUserFlowUserAttributeAssignment
	New-MgBetaIdentityB2XUserFlow
	New-MgBetaIdentityB2XUserFlowUserAttributeAssignment
	New-MgBetaIdentityUserFlow
	New-MgBetaIdentityUserFlowAttribute
	Remove-MgBetaIdentityB2CUserFlow
	Remove-MgBetaIdentityB2CUserFlowIdentityProviderByRef
	Remove-MgBetaIdentityB2CUserFlowLanguage
	Remove-MgBetaIdentityB2CUserFlowLanguageOverridePage
	Remove-MgBetaIdentityB2CUserFlowLanguageOverridePageContent
	Remove-MgBetaIdentityB2CUserFlowUserAttributeAssignment
	Remove-MgBetaIdentityB2XUserFlow
	Remove-MgBetaIdentityB2XUserFlowIdentityProviderBaseByRef
	Remove-MgBetaIdentityUserFlow
	Remove-MgBetaIdentityUserFlowAttribute
	Set-MgBetaIdentityB2CUserFlowLanguageOverridePageContent
	Set-MgBetaIdentityB2CUserFlowUserAttributeAssignmentOrder
	Set-MgBetaIdentityB2XUserFlowUserAttributeAssignmentOrder
	Update-MgBetaIdentityB2CUserFlow
	Update-MgBetaIdentityB2CUserFlowLanguage
	Update-MgBetaIdentityB2CUserFlowLanguageOverridePage
	Update-MgBetaIdentityB2CUserFlowUserAttributeAssignment
	Update-MgBetaIdentityUserFlowAttribute

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: assignmentOrder

Property	Type	Description
order	String collection	A list of identityUserFlowAttribute object identifiers that determine the order in which attributes should be collected within a user flow.

Graph reference: b2cIdentityUserFlow

Property	Type	Description
id	String	The name of the user flow. This is a required value and is immutable after it's created. The name will be prefixed with the value of `B2C_1_` after creation.
userFlowType	userFlowType	The type of user flow. The supported values for userFlowType are: `signUp`, `signIn`, `signUpOrSignIn`, `passwordReset`, `profileUpdate`, `resourceOwner`.
userFlowTypeVersion	Single	The version of the user flow.
isLanguageCustomizationEnabled	Boolean	The property that determines whether language customization is enabled within the B2C user flow. Language customization is not enabled by default for B2C user flows.
defaultLanguageTag	String	Indicates the default language of the b2cIdentityUserFlow that is used when no `ui_locale` tag is specified in the request. This field is RFC 5646 compliant.
apiConnectorConfiguration	userFlowApiConnectorConfiguration	Configuration for enabling an API connector for use as part of the user flow. You can only obtain the value of this object using Get userFlowApiConnectorConfiguration.

Graph reference: b2xIdentityUserFlow

Property	Type	Description
apiConnectorConfiguration	userFlowApiConnectorConfiguration	Configuration for enabling an API connector for use as part of the self-service sign-up user flow. You can only obtain the value of this object using Get userFlowApiConnectorConfiguration.
id	String	The name of the user flow is a required value and is immutable after it's created. The name will be prefixed with the value of `B2X_1_` after creation.
userFlowType	userFlowType	The type of user flow. For self-service sign-up user flows, the value can only be `signUpOrSignIn` and can't be modified after creation.
userFlowTypeVersion	Single	The version of the user flow. For self-service sign-up user flows, the version is always `1`.

Graph reference: identityApiConnector

Property	Type	Description
authenticationConfiguration	apiAuthenticationConfigurationBase	The object which describes the authentication configuration details for calling the API. Basic and PKCS 12 client certificate are supported.
displayName	String	The name of the API connector.
id	String	The randomly generated identifier of the API connector.
targetUrl	String	The URL of the API endpoint to call.

Graph reference: identityprovider

Property	Type	Description
clientId	String	The client ID for the application. This is the client ID obtained when registering the application with the identity provider. Required. Not nullable.
clientSecret	String	The client secret for the application. This is the client secret obtained when registering the application with the identity provider. This is write-only. A read operation will return `****`. Required. Not nullable.
id	String	The ID of the identity provider.
name	String	The display name of the identity provider. Not nullable.
type	String	The identity provider type is a required field. For B2B scenario: `Google`, `Facebook`. For B2C scenario: `Microsoft`, `Google`, `Amazon`, `LinkedIn`, `Facebook`, `GitHub`, `Twitter`, `Weibo`, `QQ`, `WeChat`, `OpenIDConnect`. Not nullable.

Property	Type	Description
displayName	String	The display name of the identity provider.
id	String	The identifier of the identity provider.

Graph reference: identityUserFlow

Property	Type	Description
id	String	The identifier of the user flow. The prefix of B2C_1_ is added to the value that you provide.
userFlowType	userFlowType	Possible values are: `signUp`, `signIn`, `signUpOrSignIn`, `passwordReset`, `profileUpdate`, `resourceOwner`, `unknownFutureValue`.
userFlowTypeVersion	Single	This is the version of the user flow type. Each user flow type can have different possible versions such as 1, 1.1 or 2.

Graph reference: identityUserFlowAttribute

Property	Type	Description
dataType	identityUserFlowAttributeDataType	The data type of the user flow attribute. Can't be modified after the custom user flow attribute is created. The supported values for dataType are: `string` , `boolean` , `int64` , `stringCollection` , `dateTime`, `unknownFutureValue`. Supports `$filter` (`eq`, `ne`).
displayName	String	The display name of the user flow attribute. Supports `$filter` (`eq`, `ne`).
description	String	The description of the user flow attribute that's shown to the user at the time of sign up.
id	String	The identifier of the user flow attribute. Read-only. Supports `$filter` (`eq`, `ne`).
userFlowAttributeType	identityUserFlowAttributeType	The type of the user flow attribute. Read-only. Depending on the type of attribute, the values for this property are `builtIn`, `custom`, `required`, `unknownFutureValue`. Supports `$filter` (`eq`, `ne`).

Graph reference: identityUserFlowAttributeAssignment

Property	Type	Description
displayName	String	The display name of the identityUserFlowAttribute within a user flow.
id	String	The identifier of the identityUserFlowAttributeAssignment. This identifier is immutable after it's created and is a read-only property.
isOptional	Boolean	Determines whether the identityUserFlowAttribute is optional. `true` means the user doesn't have to provide a value. `false` means the user can't complete sign-up without providing a value.
requiresVerification	Boolean	Determines whether the identityUserFlowAttribute requires verification, and is only used for verifying the user's phone number or email address.
userAttributeValues	userAttributeValuesItem collection	The input options for the user flow attribute. Only applicable when the userInputType is `radioSingleSelect`, `dropdownSingleSelect`, or `checkboxMultiSelect`.
userInputType	identityUserFlowAttributeInputType	The input type of the user flow attribute. Possible values are: `textBox`, `dateTimeDropdown`, `radioSingleSelect`, `dropdownSingleSelect`, `emailBox`, `checkboxMultiSelect`.

Graph reference: userAttributeValuesItem

Property	Type	Description
isDefault	Boolean	Determines whether the value is set as the default.
name	String	The display name of the property displayed to the user in the user flow.
value	String	The value that is set when this item is selected.

Graph reference: userFlowLanguageConfiguration

Property	Type	Description
displayName	String	The language name to display. This property is read-only.
id	String	The identifier of the language. This field is Language ID tag RFC 5646 compliant and must be a documented Language ID.
isEnabled	Boolean	Indicates whether the language is enabled within the user flow.

Table of Contents

IdentityUserFlow.ReadWrite.All

Graph Methods

Resources