Guest Access Series: Inviting a Specific Domain into a Specific Team — Invite a Guest into a Team
A little twist to just sending out an invitation
The notion of inviting a guest into your tenant via the Microsoft Graph is already documented here, but as we’re leveraging this as part of an overall solution, there are a couple things to call out for this specific scenario. Let’s pull apart the workflow that we’re using and call out specific areas that are required for this scenario.
Inputs to our Invitation
Specific to this process, our Power Automate Flow expects a couple/few items:
- Tenant Id
- Team Id
- Group Id
- Invited Guest Display Name
- Invited Guest Email Address
- Invite Message to Guest
We use the above to not only target who we’re sending this out to, but we also customize the outgoing email to the individual.
Unlock/Lock the Door (Team)
This solution assumes (and it’s more a requirement) that the ability to invite a guest into this specific team is off/false (see example of a way to accomplish this here). This prevents anyone from using the normal, out-of-the-box method to invite a guest in (a later article will wrap this all up to give the ability back to an individual team member). Because this setting is false, we need to (1) set it to true, (2) add them as a member, then (3) set it back to false. This allows the workflow to process the invitations and authorization properly, but makes sure that that “door is closed” so a team member can’t go around our process. So, how do we accomplish this? We can leverage either the PATCH or POST methods (depending if the setting already exists or not) when calling the group settings endpoint.
Once we set the flag, we can then add the individual to our group/team via the Office 365 Groups connector.
Afterwards, we revert the group settings back to false via another PATCH call back to the same endpoint for the group, just modifying the payload to reflect false.
Opportunities for Enhancements
Note that while the above can be configured to just call the relevant steps straight through, you can enhance this process to whatever rules you want. Is there a central area that should approve guests' invitations before they go out? Forward an approval request to them as part of this. Should we notify the team owner that a guest was added? Fire off a message to the user in Teams as a 1:1 chat letting them know. You can enhance this process as much as you like to meet your needs, as this is your business process.
Putting it all together
How does this then all get assembled? Well, we’ll leverage a simple Power App to put all this together, providing the user a way to invite a guest into a team, even when they can’t through normal means. Let’s check that out next.
