You can trigger a Torq workflow when a user account is created, updated, or deleted in Microsoft Entra ID.
In the following example, the workflow uses delta queries in Microsoft Graph to retrieve details about changes to the user resource. The Get Latest Delta Token Query step queries the API endpoint for the user resource: https://graph.microsoft.com/v1.0/users/delta?$deltatoken=latest. A global variable is created from the output of that step, which is then returned by the Get Latest Delta for Users Resource step to obtain the URL for the specific API endpoint.
Prerequisites
Before you begin:
Create a Torq step integration that stores your API key's client ID and client secret.
Create a Microsoft 365 step integration in Torq.
Create a Microsoft 365 Graph Subscription trigger integration in Torq and copy the webhook URL.
Create a subscription to Microsoft Graph API change notifications for the user resource
Import the Microsoft Graph Subscription workflow: Import the Create Microsoft Graph Subscription and Renew Daily workflow template to your workspace.
Configure the workflow parameters: Once the workflow opens, click the Workflow Parameters step.
For torq_graph_microsoft365_webhook, paste the webhook URL you copied earlier when creating the Microsoft 365 Graph Subscription trigger integration.
For microsoft365_integration, select the Microsoft 365 step integration instance you created earlier.
For resource_to_monitor, enter
/users.For Torq Integration, select the relevant Torq step integration instance.
(Optional) Modify Torq Global Variable Name according to your organization's needs or customs.
Edit both Create Graph Subscription to Change Notifications steps: For the Change type parameter, select create,updated,deleted to receive notifications for any changes to the user resource in Entra ID.
Create a workflow triggered by Microsoft 365 Graph API change notifications for the user resource
Change notifications for the user resource in Microsoft Graph can take several minutes to get delivered to the remote endpoint, i.e. the Torq trigger integration.
Microsoft Graph's change notifications only provide information about the nature of the change ("changeType": "created", "changeType": "updated", or "changeType": "deleted") and the affected user ID (resourceData.id) but won't provide further details about the specific change to the resource. Retrieving those details requires querying the appropriate endpoint from the Microsoft Graph API.
Download the workflow: Download the Entra ID user account change notifications workflow below.
Import the workflow: Navigate to Build > Workflows, click Import workflow, and select the workflow from your device.
Configure the trigger: Open the trigger, click Create Trigger > Microsoft 365 Graph Subscription, and then select the integration instance you created earlier.
Review and run the workflow: Review the workflow's steps and their parameters, and then run the workflow.
