Using Microsoft Graph API with Process Integration

Question

I was told by support that the Process Integration feature in SWSD can support 3rd party APIs and not just it's own, but I'm having a hard time conceptualizing how this can use the Microsoft Graph API and I was wondering if anyone has had experience integrated with the MS Graph API when using SWSD?

We have a use case of using the service request process to POST out to the Microsoft Graph API to add a user to an Azure AD group when access is requested and approved. Saving the step of having our IT team manually have to do this each time it is requested.

When creating the integration, SWSD only gives authentication methods of "None", SWSD Web Token" or "Username/Password". The MS Graph API uses OAuth for authentication, so I can't use Username/Password, leaving me with just "None" as an option.

Using "None" for authentication is fine if I was able to use SWSD to POST out to the token endpoint with my refresh token I have registered with my Azure AD App I created for this integration, then use the response JSON and grab the access token. Then use that access token to make my API call to MS Graph. However, I don't see any options to store the response JSON for a subsequent API call. Using the Process Integration looks like it is just a one shot deal and authentication and the request have to made in the same API call.

My trouble is that MS Graph requires that we get a valid access token (1st API call) , then use that access token to make updates (2nd API call). I don't see how that can be possible in SWSD?

Am I missing something with how this could work? Or is there a way to use username/password authentication when calling MS Graph? If there is, I couldn't find it searching online.

If anyone else has had a similar use case of needing to get an access token prior to making the API request, can you please let me know how you accomplished that?

Thank you!

MitchKiah · Accepted Answer

The Process Integration authorization options are limited and don't support OAUTH or even json web tokens (aside from SWSD ones). I have an open feature request to improve this to support custom headers/bearer auth tokens: https://thwack.solarwinds.com/product-forums/solarwinds-service-desk-swsd/i/feature-requests/please-add-additional-authentication-types-to-process-integrations

The best solution for you is probably to use the SWSD API to integrate the two. One solution that's worked well is to add a process integration to send a POST to a Microsoft Flow HTTP endpoint that you create, usually just with a payload of the incident's ID, and then use Microsoft flow for your automation. The POST acts as a trigger to start your Microsoft Flow. Then you can use the Flow to pull information from the ticket via the SWSD API and to interact with MS Graph API.