ballerinax/ Ballerina library



Ballerina connector for Azure Active Directory (AD) is connecting the Azure AD REST API in Microsoft Graph v1.0 via Ballerina language. It provides capability to perform management operations on user and group resources in an Azure AD tenent (Organization).

The connector uses the Microsoft Graph REST web API that provides the capability to access Microsoft Cloud service resources. This version of the connector only supports the operations on users and groups in an Azure AD.

This module supports Microsoft Graph API v1.0.


Before using this connector in your Ballerina application, complete the following:

  • Create a Microsoft 365 Work and School account

  • Create an Azure account to register an application in the Azure portal

  • Obtain tokens

    • Use this guide to register an application with the Microsoft identity platform
    • The necessary scopes for this connector are shown below
    Permissions nameTypeDescription
    User.ReadWrite.AllDelegatedCreate channels
    Group.ReadWrite.AllDelegatedRead and write all users' full profiles


To use the Azure AD connector in your Ballerina application, update the .bal file as follows:

Step 1 - Import connector

Import the ballerinax/aad module into the Ballerina project.

import ballerinax/azure.aad;

Step 2 - Create a new connector instance

You can now make the connection configuration using the OAuth2 refresh token grant config.

aad:ConnectionConfig configuration = {
    auth: {
        refreshUrl: <REFRESH_URL>,
        refreshToken : <REFRESH_TOKEN>,
        clientId : <CLIENT_ID>,
        clientSecret : <CLIENT_SECRET>

aad:Client aadClient = check new (config);

Step 3 - Invoke connector operation

  1. Create an Azure AD User
ad:NewUser info = {
    accountEnabled: true,
    displayName: "<DISPLAY_NAME>",
    userPrincipalName: "<USER_PRINCIPAL_NAME>",
    mailNickname: "<MAIL_NICKNAME>",
    passwordProfile: {
        password: "<PASSWORD>",
        forceChangePasswordNextSignIn: true
    surname: "<SURNAME>"

ad:User|error userInfo = aadClient->createUser(info);
if (userInfo is ad:User) {
    log:printInfo("User succesfully created " + userInfo?.id.toString());
} else {
  1. Use bal run command to compile and run the Ballerina program.

You can find a list of samples here


import ballerinax/;Copy


Released date: about 1 year ago

Version: 2.4.0

License: Apache-2.0


Platform: java11

Ballerina version: 2201.4.1

Pull count

Total: 15

Current verison: 7

Weekly downloads

Source repository


IT Operations/Security & Identity Tools




Other versions

See more...