Table of Contents


Allows the app to create, update, list, read and delete all workflows and tasks in lifecycle workflows on behalf of a signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the LifecycleWorkflows-Workflow.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier 94c88098-1d9d-4c42-a356-4d5a95312554 29e49f0c-a053-4cc5-a4b1-7da0c8c1e643
DisplayText Read and write all workflows in Lifecycle workflows Read and write all workflows in Lifecycle workflows
Description Allows the app to create, update, list, read and delete all workflows and tasks in lifecycle workflows without a signed-in user. Allows the app to create, update, list, read and delete all workflows and tasks in lifecycle workflows on behalf of a signed-in user.
AdminConsentRequired Yes Yes

Graph Methods

API supports delegated access (access on behalf of a user)
API supports app-only access (access without a user)



Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: identitygovernance-task

Property Type Description
arguments microsoft.graph.keyValuePair collection Arguments included within the task.
For guidance to configure this property, see Configure the arguments for built-in Lifecycle Workflow tasks. Required.
category microsoft.graph.identityGovernance.lifecycleTaskCategory The category of the task. The possible values are: joiner, leaver, unknownFutureValue. This property is multi-valued and the same task can apply to both joiner and leaver categories.

Supports $filter(eq, ne).
continueOnError Boolean A Boolean value that specifies whether, if this task fails, the workflow stops, and subsequent tasks aren't run. Optional.
description String A string that describes the purpose of the task for administrative use. Optional.
displayName String A unique string that identifies the task. Required.

Supports $filter(eq, ne) and orderBy.
executionSequence Int32 An integer that states in what order the task runs in a workflow.

Supports $orderby.
id String Identifier used for individually addressing a specific task. Inherited from entity.

Supports $filter(eq, ne) and $orderby.
isEnabled Boolean A Boolean value that denotes whether the task is set to run or not. Optional.

Supports $filter(eq, ne) and orderBy.
taskDefinitionId String A unique template identifier for the task. For more information about the tasks that Lifecycle Workflows currently supports and their unique identifiers, see Configure the arguments for built-in Lifecycle Workflow tasks. Required.

Supports $filter(eq, ne).