Microsoft Active Directory · Arazzo Workflow

Active Directory Decommission Application

Version 1.0.0

Resolve an application by name, read its details, and soft-delete the registration.

1 workflow 1 source API 1 provider
View Spec View on GitHub Active DirectoryAuthenticationAuthorizationDirectory ServicesIdentity ManagementMicrosoft EntraZero TrustArazzoWorkflows

Provider

active-directory

Workflows

decommission-application
Find an application by name, capture its details, then delete it.
Searches the applications collection by display name, retrieves the matched application object, and deletes the application registration if a match was found.
3 steps inputs: displayName outputs: appId, applicationId
1
findApplication
list-applications
Resolve the application by display name, returning at most one match.
2
getApplication
get-application
Retrieve the full application object to capture appId and credential metadata before deletion.
3
deleteApplication
delete-application
Soft-delete the application registration; it remains restorable for 30 days.

Source API Descriptions

openapi
applicationsApi https://raw.githubusercontent.com/api-evangelist/active-directory/refs/heads/main/openapi/active-directory-applications-openapi.yaml

Arazzo Workflow Specification

active-directory-decommission-application-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Active Directory Decommission Application
  summary: Resolve an application by name, read its details, and soft-delete the registration.
  description: >-
    An application lifecycle teardown pattern. The workflow resolves an
    application registration by display name, reads the full application object
    to capture its appId and credential metadata for the audit trail, then
    soft-deletes the registration so it can still be restored within 30 days.
    Each step inlines its request so the flow runs without the OpenAPI source.
  version: 1.0.0
sourceDescriptions:
- name: applicationsApi
  url: ../openapi/active-directory-applications-openapi.yaml
  type: openapi
workflows:
- workflowId: decommission-application
  summary: Find an application by name, capture its details, then delete it.
  description: >-
    Searches the applications collection by display name, retrieves the matched
    application object, and deletes the application registration if a match was
    found.
  inputs:
    type: object
    required:
    - displayName
    properties:
      displayName:
        type: string
        description: Display name of the application registration to decommission.
  steps:
  - stepId: findApplication
    description: Resolve the application by display name, returning at most one match.
    operationId: list-applications
    parameters:
    - name: $filter
      in: query
      value: "displayName eq '$inputs.displayName'"
    - name: $top
      in: query
      value: 1
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      applicationId: $response.body#/value/0/id
    onSuccess:
    - name: applicationFound
      type: goto
      stepId: getApplication
      criteria:
      - context: $response.body
        condition: $.value.length > 0
        type: jsonpath
    - name: applicationMissing
      type: end
      criteria:
      - context: $response.body
        condition: $.value.length == 0
        type: jsonpath
  - stepId: getApplication
    description: >-
      Retrieve the full application object to capture appId and credential
      metadata before deletion.
    operationId: get-application
    parameters:
    - name: applicationId
      in: path
      value: $steps.findApplication.outputs.applicationId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      appId: $response.body#/appId
      capturedDisplayName: $response.body#/displayName
  - stepId: deleteApplication
    description: >-
      Soft-delete the application registration; it remains restorable for 30
      days.
    operationId: delete-application
    parameters:
    - name: applicationId
      in: path
      value: $steps.findApplication.outputs.applicationId
    successCriteria:
    - condition: $statusCode == 204
    outputs:
      deletedApplicationId: $steps.findApplication.outputs.applicationId
  outputs:
    applicationId: $steps.findApplication.outputs.applicationId
    appId: $steps.getApplication.outputs.appId