Teams Inventory – Implement Membership Requests
Recently I published a blog article where I describe a way how to create your own Teams Inventory with native M365 features: https://blog.thinformatics.com/2023/02/how-to-build-a-simple-teams-inventory.
Today I share an example of implementing Teams membership join requests into this solution. The users of your Teams Inventory will be able to request the membership of every listed Team afterward. The Team Owners will be asked for their approval. Again, we use simple tools to get it done.
The process will look somehow like this for the end users:
How to get there?
Here is a short explanation of what we will build today: We will create a Power Automate Flow that can be triggered by users, using the inventory. This helper-flow will create an Approval Item in a separate SharePoint List. This Item will trigger another Power Automate Flow. That Flow will start an approval for the Teams Owners to let them process the approval request. When the owner has approved the membership request, the requesting user will be added to the Team.
Create the Approval List
First, we need to create a List that will contain all membership requests of the users. We create the list in the same site as the inventory. I’ve chosen the Name ‚Approvals‘. I removed the list from the quick launch cause it’s not relevant for the end users. Furthermore, I configured the Item Level Permissions for the new list to only list that the users can only see their own membership requests.
The columns we need for the following are:
GroupID (Text): This ID will contain the ID of the group for which a user requested access
RequestingUser (Person): This column will contain the userobject of the requesting user
Status (Choice): This Column will contain the actual status of the membership request. Provide the following choices: ‚Requested‘, ‚Processing‘, and ‚Processed‘
Result (Choice): This Column will contain the outcome of the approval. Provide the following choices: ‚Approve‘ and ‚Deny‘
Create the helper Flow
To let the users request their access we will create a flow that can be triggered by everyone using the inventory List. The flow is pretty simple.
The trigger action is ‚For a selected item‘ and is scoped to the Inventory List:
Then I’ve defined some vars with the URL and the ListID’s (Perhaps a little exaggerated here, but it’s good to get used to it).
Then we fetch the details of the membership request trigger and create an item for it in the approvals list. The item will contain the email address of the requesting user, the groupID of the Team where the access was requested, and the initial Status ‚Requested‘.
Save the flow and make it „trigger“-able for the inventory users by adding the inventory list as a ‚Run only user‘ of the flow. Assure that the connection of the run-only user is used.
Here you can download the import Ready-Flow: thinBlog/TI-CreateApprovalItem.zip at main · thinformatics/thinBlog (github.com)
Integrate the helper Flow into the inventory List
Next, we need to implement a trigger option for the helper-flow into the inventory list. You can use the standard context-menu method to trigger the flow with a list item, or you update the tile-view formatting to contain a trigger button.
I share the schema here: thinBlog/TeamsInventoryTileViewSchema.json at main · thinformatics/thinBlog (github.com). The relevant part is the button formatting. Insert these lines into the childs section of the schema JSON. The id in the actionParams Value is the ID of the HelperFlow you’ve created before. You can find it when you edit the flow and extract it from the URL
Now you and other TeamInventory Users should be able to request the Teams Membership:
Draw the rest of the f*** owl
Ok, nice… The Membership request is now implemented. But we also want approval right? To get the approval done and process the request accordingly we will create another flow.
The flow connections need to use an identity that has a license for Dataverse (approvals are based on it) included. Furthermore, the user needs Permission to edit Group Memberships. This is not a setting that I like very much, but the effort to do the same with managed identities, etc. in Logic Apps is way higher and not easy to explain in this format.
Create the Flow now by starting with the SharePoint Trigger ‚When an item is created or modified‘ and scope it for the Approvals List
Go to the settings of the trigger and implement this trigger condition to avoid false trigger events. Only Items where the Status Value equals ‚Requested‘ will trigger the Flow
Then define the variables as follows:
Now we want to start an approval that is targeted to the related Team owners. Cause we cannot guarantee that the Inventory List is up to date, we fetch the owners first by sending an HTTP Graph request to the Group using the Office 365 Group Connector (which is not a Premium Connector like the regular HTTP Connector).
To be able to include the Team displayName and more in the approval Task we fetch additional Team Information additionally.
Next, we fill up our TeamsOwnerString variable with the list of the UPN’s of the Teams Owners.
With that information, we can start the approval (and wait for the results)
I’ve disabled the reassignment feature cause we’ve already targeted all valid Team Owners.
Now we just need to react to the approval outcome and add the requesting User when the result equals ‚Approve‘. We use the Office365 Group Connector for this again. You maybe want to add a notification here in the ‚If no‘ section to inform the requesting user accordingly.
The last step is to update the Item in the approval list. You can add some more metadata like the approval justification or the approver name additionally by adding corresponding columns to the list and adding the values here.
That’s it. Now your Teams Inventory can also be used to request Teams Memberships!
Here you have an export of the Flow if you’re struggling with the implementation: thinBlog/TI-ProcessMembershipRequest.zip at main · thinformatics/thinBlog (github.com)
What else?!
I will explain a method to hide some Teams from the inventory sometime. What else would you expect from a Teams inventory?