title | description | ms.localizationpriority | author | ms.subservice | doc_type | ms.date |
---|---|---|---|---|---|---|
Lifecycle Workflow reporting API Overview |
You can use Lifecycle Workflows reporting features to gain insight into how lifecycle workflows were processed for users in your organization. Auditable logs are also available to track all events relating to Lifecycle Workflows in your tenant. |
medium |
AlexFilipin |
entra-id-governance |
conceptualPageType |
11/17/2022 |
[!INCLUDE beta-disclaimer]
Lifecycle Workflows offers reports that enable organizations to gain insight into how lifecycle workflows were processed for users in your organization.
[!INCLUDE GDPR-related-guidance]
The lifecycle workflows API is defined in the OData subnamespace, microsoft.graph.identityGovernance.
Reporting feature | Description |
---|---|
User processing result | Result of a lifecycle workflow that was executed for a specific user. The result is an aggregation of all task processing results of the workflow tasks that were part of the lifecycle workflow and executed for the specific user. |
Task processing result | Result of a workflow task that was executed for a specific user. |
Workflow run | Result of a lifecycle workflow that was executed for a collection of users. The result is an aggregation of all user processing results of the users that were either processed within an interval or were part of an on-demand execution. |
Task report | An aggregation of task processing results for a specific workflow task within a workflow run. With this report, the health status of a workflow task within a workflow run can be easily determined and thus the source of error can be identified more quickly should a workflow run fail. |
All events run in Lifecycle Workflows are logged by Microsoft Entra ID. These include creating, updating, deleting, or running workflows, and assigning permissions to apps.
These auditable logs are represented by the directoryAudit resource type and its associated GET methods in Microsoft Graph.
Using this feature requires Microsoft Entra ID Governance licenses. To find the right license for your requirements, see Compare generally available features of Micorosft Microsoft Entra ID.
The following Microsoft Entra roles are required for a calling user to read reports in Lifecycle Workflows.
Operation | Application permissions | Required directory role of the calling user |
---|---|---|
Read | LifecycleWorkflows.Read.All or LifecycleWorkflows.ReadWrite.All | Global Reader or Lifecycle Workflows Administrator |
Create, Update or Delete | LifecycleWorkflows.ReadWrite.All | Lifecycle Workflows Administrator |