LifecycleWorkflows.ReadWrite.Workflows

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the LifecycleWorkflows.ReadWrite.Workflows permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	-	-
DisplayText	-	-
Description	-	-
AdminConsentRequired	Yes	No

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /identitygovernance/lifecycleWorkflows/workflows/{workflowId}/executionScope

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /identitygovernance/lifecycleWorkflows/workflows/{workflowId}/executionScope

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgIdentityGovernanceLifecycleWorkflowExecutionScope

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaIdentityGovernanceLifecycleWorkflowExecutionScope

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: timeBasedAttributeTrigger

Property	Type	Description
offsetInDays	Int32	How many days before or after the time-based attribute specified the workflow should trigger. For example, if the attribute is `employeeHireDate` and offsetInDays is -1, then the workflow should trigger one day before the employee hire date. The value can range between -180 and 180 days.
timeBasedAttribute	microsoft.graph.identityGovernance.workflowTriggerTimeBasedAttribute	Determines which time-based identity property to reference. The possible values are: `employeeHireDate`, `employeeLeaveDateTime`, `createdDateTime`, `unknownFutureValue`.

Graph reference: triggerAndScopeBasedConditions

Property	Type	Description
scope	microsoft.graph.subjectSet	Defines who the workflow runs for.
trigger	microsoft.graph.identityGovernance.workflowExecutionTrigger	What triggers a workflow to run.

Graph reference: userProcessingResult

Property	Type	Description
completedDateTime	DateTimeOffset	The date time that the workflow execution for a user completed. Value is null if the workflow hasn't completed. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.
failedTasksCount	Int32	The number of tasks that failed in the workflow execution.
id	String	Identifier used for individually addressing a specific user processing result.Inherited from entity. Supports `$filter`(`eq`, `ne`) and `$orderby`.
processingStatus	microsoft.graph.identityGovernance.lifecycleWorkflowProcessingStatus	The workflow execution status. The possible values are: `queued`, `inProgress`, `completed`, `completedWithErrors`, `canceled`, `failed`, `unknownFutureValue`. Supports `$filter`(`eq`, `ne`) and `$orderby`.
scheduledDateTime	DateTimeOffset	The date time that the workflow is scheduled to be executed for a user. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.
startedDateTime	DateTimeOffset	The date time that the workflow execution started. Value is `null` if the workflow execution has not started. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.
totalTasksCount	Int32	The total number of tasks that in the workflow execution.
totalUnprocessedTasksCount	Int32	The total number of unprocessed tasks for the workflow.
workflowExecutionType	microsoft.graph.identityGovernance.workflowExecutionType	Describes the execution type of the workflow. The possible values are: `scheduled`, `onDemand`, `unknownFutureValue`. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.
workflowVersion	Int32	The version of the workflow that was executed.

Graph reference: workflow

Property	Type	Description
category	microsoft.graph.identityGovernance.lifecycleWorkflowCategory	The category of the HR function supported by the workflows created using this template. A workflow can only belong to one category. The possible values are: `joiner`, `leaver`, `mover`, `unknownFutureValue`. Inherited from workflowBase. Required. Supports `$filter`(`eq`,`ne`) and `$orderby`
createdDateTime	DateTimeOffset	When the `workflow` was created. Inherited from workflowBase. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.
deletedDateTime	DateTimeOffset	When the workflow was deleted. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.
description	String	The description of the `workflow`. Inherited from workflowBase. Optional.
displayName	String	The display name of the `workflow`. Inherited from workflowBase. Required. Supports `$filter`(`eq`, `ne`) and `orderby`.
executionConditions	microsoft.graph.identityGovernance.workflowExecutionConditions	Conditions describing when to execute the workflow and the criteria to identify in-scope subject set. Inherited from workflowBase. Required.
id	String	Identifier used for individually addressing a specific workflow. Supports `$filter`(`eq`, `ne`) and `$orderby`.
isEnabled	Boolean	Whether the workflow is enabled or disabled. If this setting is `true`, the workflow can be run on demand or on schedule when isSchedulingEnabled is `true`. Inherited from workflowBase. Optional. Defaults to `true`. Supports `$filter`(`eq`, `ne`) and `orderBy`.
isSchedulingEnabled	Boolean	If `true`, the Lifecycle Workflow engine executes the workflow based on the schedule defined by tenant settings. Cannot be `true` for a disabled workflow (where isEnabled is `false`). Inherited from workflowBase. Optional. Defaults to `false`. Supports `$filter`(`eq`, `ne`) and `orderBy`.
lastModifiedDateTime	DateTimeOffset	The date time when the `workflow` was last modified. Inherited from workflowBase. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.
nextScheduleRunDateTime	DateTimeOffset	The date time when the `workflow` is expected to run next based on the schedule interval, if there are any users matching the execution conditions. Supports `$filter`(`lt`,`gt`) and `$orderby`.
version	Int32	The current version number of the workflow. Value is 1 when the workflow is first created. Supports `$filter`(`lt`, `le`, `gt`, `ge`, `eq`, `ne`) and `$orderby`.

Table of Contents

LifecycleWorkflows.ReadWrite.Workflows

Graph Methods

Resources