Skip to main content

Revalidate a User’s Identity by Triggering Entra ID Authentication From a Torq Workflow

Updated over 3 weeks ago

You can validate a user’s identity in a Torq workflow by triggering Entra ID authentication for that user.

In the following example, a user triggers a workflow from a Microsoft Teams message that validates the user's identity as a prerequisite for the other workflow to be executed.

Revalidate a user's identity via Entra ID

Step one: Create a webhook trigger integration in Torq

  1. Navigate to the integration: Go to Build > Integrations > Trigger > Webhook and click Add Instance.

  2. Configure the integration:

    1. Give the integration a unique and meaningful name, such as Entra ID Trigger MFA receiver.

    2. Click Accept raw HTTP requests.

    3. Click Add.

Step two: Get the webhook URL

  1. Download the workflow: Download the Entra ID trigger authorization code receiver workflow below.

  2. Import the workflow: Navigate to Build > Workflows, click Import workflow, and select the workflow from your device.

  3. Configure the trigger: Open the trigger, click Create Trigger > Webhook, and then select the integration instance you created earlier.

  4. Copy the synchronous URL: Click Webhook URL, select Synchronous URL, and then copy the URL. You will need it later to create an Entra ID app in Azure.

Step three: Create an application in Microsoft Entra ID

  1. Open Microsoft Azure: Navigate to your Azure portal and go to Azure services > Microsoft Entra ID.

  2. Register a new application: Go to Manage > App registrations and click New registration if a relevant app assigned to an Azure resource does not exist.

    1. Enter a unique and meaningful name.

    2. Give the account Accounts in this organization directory only access.

    3. Click Register.

  3. Open API permissions: In the application, go to API permissions and click + Add a permission.

  4. Add permissions: Select the Microsoft Graph API endpoint, click Delegated permissions, select User.Read permissions, and then click Add permissions.

  5. Open Certificates & secrets: In the application, go to Manage > Certificates & secrets.

  6. Create a client secret: Select the Client secrets tab and click New client secret.

    1. Enter a meaningful description/name.

    2. Select an expiration date according to your organization's best practices.

    3. Click Add.

  7. Copy the secret: Copy the client secret Value to save it for later. You will need it to create the Microsoft 365 steps integration in Torq.

  8. Open Authentication (Preview): Go to Manage > Authentication (Preview) and click + Add Redirect URI.

  9. Add redirect URI: Click Web, paste the synchronous URL you copied earlier as the Redirect URI, and then click Configure.

  10. Copy the client and tenant IDs: Go to the application's Overview page and copy both the Application (client) ID and Directory (tenant) ID to save them for later. You will need them later to create the Microsoft 365 steps integration in Torq.

Step four: Create a Microsoft 365 steps integration in Torq

  1. Navigate to the integration: In Torq, go to Build > Integrations > Steps > Microsoft 365 and click Add Instance.

  2. Configure the integration:

    1. Enter a meaningful name for the integration.

    2. Paste the tenant ID you copied earlier.

    3. Paste the client ID you copied earlier.

    4. Paste the client secret you generated earlier.

  3. Finalize: Click Add.

Step five: Create a workflow to authenticate with Entra ID

You now need to create a workflow that instructs the user to start the authentication process with Entra ID by generating the appropriate authentication URL. This URL must have the following format:

https://login.microsoftonline.com/<tenant ID>/oauth2/v2.0/authorize?response_type=code&client_id=<client ID>&redirect_uri=<redirect URI>&scope=offline_access%20user.read

The tenant ID, client ID, and redirect URI must be the Entra ID app values you generated earlier.

As an illustration, the following workflow uses a Microsoft Teams Bot trigger integration and adaptive card with an Action.OpenUrl button to present the authentication link to the user. An Until Break loop checks whether the Entra ID trigger authorization code receiver workflow successfully received and processed the user's authorization code.

  1. Download the workflow: Download the Trigger Entra ID auth from Teams workflow below.

  2. Import the workflow: Navigate to Build > Workflows, click Import workflow, and select the workflow from your device.

  3. Run the workflow: Review the workflow's parameters and integrations and then execute it.

Workflows

Attachment icon
Entra ID trigger authorization code receiver.yaml
Attachment icon
Trigger Entra ID auth from Teams.yaml
Related Articles
Set up delegated access to a Microsoft application using OAuth 2.0
Set Up Torq SSO: Microsoft Entra ID
Microsoft 365 Graph Subscription
Trigger a Workflow when a File is Changed in a Microsoft OneDrive Folder
Trigger a Workflow when a User Account is Changed in Microsoft Entra ID
Did this answer your question?