Getting Started with the Azure AD B2B Invite API

Developer Support

This post is provided by Senior App Dev Manager Nick McCollum, who introduces us to Azure Active Directory B2B collaboration.


Azure Active Directory Business to Business (B2B) Collaboration enables your business partners to selectively access your corporate applications. In the original release of the product the invitation experience required a user to craft a comma-separated value (.csv) file containing the email addresses of the business partner users to be invited to use an application. This file was uploaded to Azure Active Directory via the Azure management portal and email invitations were sent to the users contained in the file. The email invitations contained a link that allowed the user to redeem their invitation and gain access to the associated application(s). While this approach provided the basic functionality required it limited the ability to create advanced scenarios such as self-registration. In addition, the original release did not support inviting users with social media email addresses such as Facebook and Google. This prevented sharing corporate applications with small business partners who may have been leveraging social media services for email, collaboration, and document management.

The latest release of Azure AD B2B Collaboration provides many updates to address the shortcomings of the original release including a new REST API for managing the invitation process. The features of the new invitation manager API will be the focus of this article.

Accessing the Azure AD B2B Invitation Manager API

The Azure AD B2B invitation manager API is accessed via the Microsoft Graph. To create an invitation you send an HTTP POST to https://graph.microsoft.com/v1.0/invitations. The body of the HTTP POST contains a JSON representation of the invitation as follows.

{

“invitedUserDisplayName”: “string”,

“invitedUserEmailAddress”: “string”,

“invitedUserMessageInfo”: {“@odata.type”: “microsoft.graph.invitedUserMessageInfo”},

“sendInvitationMessage”: false,

“inviteRedirectUrl”: “string”

}

A description of each property of the invitation is given below.

Property Type Description
invitedUserDisplayName String User’s full name
invitedUserEmailAddress String User’s email address
invitedUserMessageInfo invitedUserMessageInfo Customized invitation message details
sendInvitationMessage Boolean Indicates if the invitation API should send the email invitation. Default value is false.
inviteRedirectUrl String The URL to redirect the user to following successful redemption of the invitation

At a minimum you must provide an invitedUserEmailAddress and an inviteRedirectUrl to create an invitation.

The invitedUserMessageInfo property can be used to customize certain aspects of the invitation email message. A description of each property of the microsoft.graph.invitedUserMessageInfo type is given below.

Property Type Description
ccRecipients Array of Recipient An array of additional recipients the invitation email message should be sent to. Currently only 1 additional recipient is supported.
customizedMessageBody String Customized message body you would like to send rather than the default message
messageLanguage String ISO 639 language format. Default is en-US. Ignored if the customizedMessageBody property is populated.

By default the sendInvitationMessage property is false. To have the invitation manager API send the email message on behalf of your application set this property to true. Otherwise, you can retrieve the redemption URL from the create invitation response and send out the email invitation yourself through whatever mechanism you choose (SMTP, Exchange, SendGrid, etc.). Using this approach allows you some additional control over the registration process in a self-registration scenario where an approval is required internally before an invitation is sent.

Sending an Invitation

The example code below demonstrates how to send an invitation using the Azure AD B2B invitation manager API. As with all graph operations you will need to provide a bearer token in the Authorization header of the HTTP POST request to the invitation manager API. The sample code uses the Active Directory Authentication Library (ADAL) to obtain an access token for the Microsoft Graph prior to calling the invitation manager API. A simple class is created that contains the properties of the invitation discussed earlier. In the example, the invitedUserEmailAddress and inviteRedirectUrl are populated and the sendInvitationMessage property is set to true indicating that we want the invitation manager to send the email invitation to the user immediately. ClientCredential credential = new ClientCredential(clientId, clientSecret); AuthenticationResult authResult = authenticationContext.AcquireTokenAsync(resourceUrl, credential).Result;

InvitationModel invite = new InvitationModel();

invite.invitedUserEmailAddress = emailAddress;

invite.inviteRedirectUrl = redirectUrl;

invite.sendInvitationMessage = true;

using (HttpClient client = new HttpClient())

{

client.BaseAddress = new Uri(resourceUrl);

client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);

HttpResponseMessage response = client.PostAsJsonAsync<InvitationModel>("v1.0/invitations", invite).Result;

dynamic inviteResult = response.Content.ReadAsAsync<dynamic>().Result;

if (inviteResult.status != “Error”)

{

// Invite successfully sent

}

}

A dynamic object is used to store the response of the create invitation request. A JSON representation of the response is show below.

{

“invitedUserDisplayName”: “string”,

“invitedUserEmailAddress”: “string”,

“invitedUserMessageInfo”: {“@odata.type”: “microsoft.graph.invitedUserMessageInfo”},

“sendInvitationMessage”: false,

“inviteRedirectUrl”: “string”,

“inviteRedeemUrl”: “string”,

“status”: “string”,

“invitedUser”: [{“@odata.type”: “microsoft.graph.user”}]

}

The response to a create invitation request contains all of the properties described earlier in the invitation as well as these additional properties.

Property Type Description
inviteRedeemUrl String The URL the user can use to redeem his invitation
status String The status of the invitation. Possible values include Completed, In Progress, and Error.
invitedUser User The guest user created in Azure AD as part of the invitation creation

An example of the default email invitation message the user will receive is shown below. The user can click the redemption link contained in the email message to redeem their invitation and access the associated application(s).

Once the invitation has been sent a guest user account is created in your organization’s Azure Active Directory to represent the invited user. If you search Azure AD through the Azure management portal, you can find this user and examine its profile as shown below.

The profile will indicate that the user is a Guest and they are an Invited User.

Wrapping Up

This post has provided you with the basic information needed to get started with the Azure AD B2B invitation manager API. In a subsequent post we will discuss how to leverage other APIs in the Microsoft Graph to assign a user to a particular application role when they register.


Premier Support for Developers provides strategic technology guidance, critical support coverage, and a range of essential services to help teams optimize development lifecycles and improve software quality.  Contact your Application Development Manager (ADM) or email us to learn more about what we can do for you.

0 comments

Discussion is closed.

Feedback usabilla icon