LifecycleWorkflows.ReadWrite.CustomTaskExtensions

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the LifecycleWorkflows.ReadWrite.CustomTaskExtensions permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	-	-
DisplayText	-	-
Description	-	-
AdminConsentRequired	Yes	No

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /identityGovernance/lifecycleWorkflows/customTaskExtensions/{customTaskExtensionId}/
	GET /identityGovernance/lifecycleWorkflows/customTaskExtensions
	GET /identityGovernance/lifecycleWorkflows/customTaskExtensions/{customTaskExtensionId}
	PATCH /identityGovernance/lifecycleWorkflows/customTaskExtensions/{customTaskExtensionId}
	POST /identityGovernance/lifecycleWorkflows/customTaskExtensions

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /identityGovernance/lifecycleWorkflows/customTaskExtensions/{customTaskExtensionId}/
	GET /identityGovernance/lifecycleWorkflows/customTaskExtensions
	GET /identityGovernance/lifecycleWorkflows/customTaskExtensions/{customTaskExtensionId}
	PATCH /identityGovernance/lifecycleWorkflows/customTaskExtensions/{customTaskExtensionId}
	POST /identityGovernance/lifecycleWorkflows/customTaskExtensions

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgIdentityGovernanceLifecycleWorkflowCustomTaskExtension
	New-MgIdentityGovernanceLifecycleWorkflowCustomTaskExtension
	Remove-MgIdentityGovernanceLifecycleWorkflowCustomTaskExtension
	Update-MgIdentityGovernanceLifecycleWorkflowCustomTaskExtension

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaIdentityGovernanceLifecycleWorkflowCustomTaskExtension
	New-MgBetaIdentityGovernanceLifecycleWorkflowCustomTaskExtension
	Remove-MgBetaIdentityGovernanceLifecycleWorkflowCustomTaskExtension
	Update-MgBetaIdentityGovernanceLifecycleWorkflowCustomTaskExtension

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: customExtensionAuthenticationConfiguration

Graph reference: customExtensionClientConfiguration

Property	Type	Description
timeoutInMilliseconds	Int32	The max duration in milliseconds that Microsoft Entra ID waits for a response from the external app before it shuts down the connection. The valid range is between `200` and `2000` milliseconds. Default duration is `1000`.
maximumRetries	Int32	The max number of retries that Microsoft Entra ID makes to the external API. Values of 0 or 1 are supported. If `null`, the default for the service applies.

Graph reference: customTaskExtension

Property	Type	Description
authenticationConfiguration	microsoft.graph.customExtensionAuthenticationConfiguration	Configuration for securing the API call to the logic app. Inherited from customCalloutExtension. Required.
callbackConfiguration	microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration	The callback configuration for a custom task extension.
clientConfiguration	microsoft.graph.customExtensionClientConfiguration	HTTP connection settings that define how long Microsoft Entra ID can wait for a connection to a logic app, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed. Inherited from customCalloutExtension.
createdDateTime	DateTimeOffset	When the custom task extension was created. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.
description	String	Describes the purpose of the custom task extension for administrative use. Inherited from customCalloutExtension. Optional.
displayName	String	A unique string that identifies the custom task extension. Inherited from customCalloutExtension. Required. Supports `$filter`(`eq`, `ne`) and `$orderby`.
endpointConfiguration	microsoft.graph.customExtensionEndpointConfiguration	Details for allowing the custom task extension to call the logic app. Inherited from customCalloutExtension.
id	String	Inherited from entity. Supports `$filter`(`eq`, `ne`) and `$orderby`.
lastModifiedDateTime	DateTimeOffset	When the custom extension was last modified. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.

Graph reference: customTaskExtensionCallbackConfiguration

Property	Type	Description
timeoutDuration	Duration	Callback time out in ISO 8601 time duration. Accepted time durations are between five minutes to three hours. For example, PT5M for five minutes and PT3H for three hours. Inherited from customExtensionCallbackConfiguration.
authorizedApps	microsoft.graph.application collection	A collection of unique identifiers or **a

Table of Contents

LifecycleWorkflows.ReadWrite.CustomTaskExtensions

Graph Methods

Resources