How can I get the UPN of the person who is activating a EntraID Identity Governance Lifecycle Workflow?
I have written an offboarding Workflow for immediate terminations. The sequence of events is as follows:
- Authorized HR user logs into EntraID Identity Governance Lifecycle Workflows and triggers the "immediate termination" Workflow for the user to be terminated.
- The Workflow uses a Custom Extension to trigger a Logic App (the built-in Workflow offboarding options were not sufficient for my org, so I elected to use an Automation runbook).
- The Logic App triggers an Automation Account Runbook (PowerShell) that does all the work of resetting passwords, disabling the account, revoking sessions, removing licenses, revoking authentication methods, etc, etc.
- The Logic App is monitoring the Runbook job for completion. When the job is complete, the Logic App reports back to the Workflow, where the HR user sees the job is complete.
Here is my problem. The HR user only sees that the job is complete; they do not see if there were errors during execution. I have logging configured throughout the script and I want to send an email to the user who triggered the Workflow in step 1 above, but I cannot find a way to get that user's UPN when they triggered the Workflow. How can I get the UPN of the person who is activating a EntraID Identity Governance Lifecycle Workflow?
Initially, I created one sample Entra ID Identity Governance Lifecycle Workflow as below:
To know who activated the workflow, you can check Audit logs of Lifecycle Workflows by filtering based on specific activities and categories:
To get these details via Graph API, you can run below GET request in Graph Explorer filtering with specific Activity Name based on your need:
GET https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=category eq 'WorkflowManagement' and loggedByService eq 'Lifecycle Workflows' and activityDisplayName eq 'Set workflow for on-demand execution' and targetResources/any(tr:tr/displayName eq 'Workflow Name')
Response:
Alternatively, you can make use of below PowerShell script to get the UPN of the person who is activating the Lifecycle workflow:
# Connect to Microsoft Graph with necessary permissions
Connect-MgGraph -Scopes "AuditLog.Read.All"
# Define the filter query to get audit logs for Lifecycle Workflows with the specific activity name and target resource display name
$targetResourceDisplayName = "Immediate termination" # Replace with your workflow name
$filterQuery = "category eq 'WorkflowManagement' and loggedByService eq 'Lifecycle Workflows' and activityDisplayName eq 'Set workflow for on-demand execution' and targetResources/any(tr:tr/displayName eq '$targetResourceDisplayName')"
# Retrieve the audit logs using the filter query
$auditLogs = Get-MgAuditLogDirectoryAudit -Filter $filterQuery
# Extract and display UPN of the user who initiated each workflow and the target resource display name
foreach ($log in $auditLogs) {
$initiatorUPN = $log.InitiatedBy.User.UserPrincipalName
$targetResourceDisplayName = $log.TargetResources[0].DisplayName
Write-Output "Lifecycle Workflow initiated by: $initiatorUPN on target resource: $targetResourceDisplayName"
}
Response:
Reference:
Auditing Lifecycle Workflows - Microsoft Entra ID Governance
- Computational Processes vs. Organizational Processes in a workflow
- Uber Cadence (java): How to pause and wait for external signal events?
- [GitHub Actions]: Create Artifact Container failed: Artifact storage quota has been hit. Unable to upload any new artifacts
- What workflow framework to use in C#
- How to rebase back a bunch of chained pull requests?
- My workflow is triggered on push but it is picking wrong branch
- Slack Workflow Builder url formatting
- How can I get the UPN of the person who is activating a EntraID Identity Governance Lifecycle Workflow?
- Using PowerShell, can I copy one file from my local system to many remote computers in parallel?
- GitHub Actions: "You've used 100% of included services for GitHub Storage (GitHub Actions and Packages)" after deleting all Artifacts
- Is there a way to have a generic kogito instance that can reaqd serverless workflows at runtime
- How to run Snakemake on an undetermined set of samples?
- Github Actions: environment String is not fetched
- Is there any possibility to rebuild templates in utask (ovh/utask) on runtime?
- Azure Boards Workflow Sequencing
- Running incorrect file on Azure through Github Actions Workflow ASP .Net multifile project
- How can I trigger a GitHub Actions workflow on push to another branch?
- How can I commit and push changes to a repository in concurrent Github Actions Workflow runs?
- Workflow is not shown so I cannot run it manually (Github Actions)
- Failed to create ISE, as i want to use this enable netorking in Logic app
- Git feature branches and minor code improvements
- What is the use of "actions/checkout" in GitHub Actions?
- How to pass a Github Secret as Environment Variable to Docker?
- Github action not getting triggered on scheduled time
- Github actions, schedule operation on branch
- Is it possible to inherit the environment context of a called composite GitHub action in the caller workflow
- GitHub actions workflow throws error 137 when installing dependencies
- How to set or change a global variable in github action?
- Flyte won't run in parallel
- how to use FetchExpression and retrievemultiple to fetch multiple pages of entities?