| title | Create externalOriginResourceConnector |
|---|---|
| description | Create a new externalOriginResourceConnector object. |
| author | vikama-microsoft |
| ms.date | 02/23/2026 |
| ms.localizationpriority | medium |
| ms.subservice | entra-id-governance |
| doc_type | apiPageType |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Creates a new externalOriginResourceConnector object.
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
POST /identityGovernance/entitlementManagement/externalOriginResourceConnectors| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
In the request body, supply a JSON representation of the externalOriginResourceConnector object.
You can specify the following properties when creating an externalOriginResourceConnector.
| Property | Type | Description |
|---|---|---|
| connectionInfo | connectionInfo | The connection information for the external origin resource connector. Required. |
| connectorType | connectorType | The type of connector. The possible values are: sapIag, sapAc, unknownFutureValue. Required. |
| description | String | The description of the external origin resource connector. Optional. |
| displayName | String | The display name of the external origin resource connector. Optional. |
If successful, this method returns a 201 Created response code and an externalOriginResourceConnector object in the response body.
The following example shows a request.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/externalOriginResourceConnectors
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.externalOriginResourceConnector",
"displayName": "SAP Access Control",
"description": "SAP Access Control connector",
"connectorType": "sapAc",
"connectionInfo": {
"@odata.type": "microsoft.graph.externalTokenBasedSapIagConnectionInfo",
"url": "dev.test",
"accessTokenUrl": "9e90019f-6256-41fa-a225-5ef9cc1d9bf8",
"clientId": "e9ad8b1d-959c-4e86-8ba2-2cbf4d14bc29",
"keyVaultName": "Keyvault",
"secretName": "Test",
"subscriptionId": "5ee98b73-d9df-43a7-8a92-36855054bdee",
"resourceGroup": "SAPIAG Group"
}
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.externalOriginResourceConnector",
"id": "375db7fb-280f-5d24-1abd-c63e0311c131",
"displayName": "SAP Access Control",
"description": "SAP Access Control connector",
"connectorType": "sapAc",
"connectionInfo": {
"@odata.type": "microsoft.graph.externalTokenBasedSapIagConnectionInfo",
"url": "dev.test",
"accessTokenUrl": "9e90019f-6256-41fa-a225-5ef9cc1d9bf8",
"clientId": "e9ad8b1d-959c-4e86-8ba2-2cbf4d14bc29",
"keyVaultName": "Keyvault",
"secretName": "Test",
"subscriptionId": "5ee98b73-d9df-43a7-8a92-36855054bdee",
"resourceGroup": "SAPIAG Group"
},
"createdBy": "admin@contoso.com",
"createdDateTime": "2026-02-23T10:15:30Z",
"modifiedBy": "admin@contoso.com",
"modifiedDateTime": "2026-02-23T10:15:30Z"
}