How to create users using Microsoft Graph API (from Graph explorer and Java application)

Question

I am new to Microsoft Graph API. I have read many articles on the web to understand the usage of Microosft Garph API for managing users in Azure AD. I am creating a Springboot based REST API service, which needs to create users in Azure AD.

I have registered my application in Azure Active Directory. I have also 'Directory.ReadWrite.All" permission for Microsoft Graph API. I wanted to first try to create the user from Microsoft Garph explorer. In the Graph Explorer, I have to give authorization token in the Request header. In order to create authorization token, I have followed the instruction given in the link https://learn.microsoft.com/en-us/graph/auth-v2-user. I have created the following URL based on the instruction, for obtaining Access token.

https://login.microsoftonline.com/{mytenantID}/oauth2/v2.0/authorize?client_id=validclientID&response_type=code&redirect_uri=https://localhost:4200&response_mode=query&scope=Directory.ReadWrite.All&state=12345

When the above URL is accessed from the web browser, I get a message which says "Need Admin Approval". I am not the admin of the Azure AD and I do not have access to the admin of my client, so I am really stuck. Can anybody help me understand whether I will have to get admin consent each time I need to access "create user" functionality of Azure AD through MS Graph API? . I would also also need the create user functionaltiy in the Springboot API. In this case, how would Admin Consent work?. Is there anyway that the create user functionality can work without Admin consent.

I have read the following two questions in SO before posting this question

How can I find the Admin Consent URL for an Azure AD App that requires Microsoft Graph "Read directory data" permission?

Create user using Microsoft Graph

Answer 1

if you just want to create a user in your tenant , you can follow the steps below :

1. Create a new Azure AD app in your tenant, ask your tenant admin to grant "Directory.ReadWrite.All" permission to this app :

2. Create a app secret for your Azure AD app : Use this secret and this Azure AD app ID to get access_token to call Microsoft Graph API :

   Request URL :

   POST https://login.microsoftonline.com/<-your tenant name->/oauth2/v2.0/token

   Request Header :

   Content-Type: application/x-www-form-urlencoded

   Request Body:

grant_type:client_credentials

client_id:your client Id

client_secret: Your application secret

scope=https://graph.microsoft.com/.default

You will get an access_token from this API calling.

See the screen shot below:

3. Using the access_token we just created to call Microsoft Graph API to create a user :

As you can see , a user has been created :

If you have any further concerns , pls feel free to let me know : )