Prerequisites for Creating a Connection
You must satisfy the following prerequisites to create a connection with the Azure Active Directory Adapter:
Register an Application
Register an application in the Microsoft Entra admin center, and obtain the tenant ID and client ID.
Assign API Permissions
You must grant API permissions to the application that you created in the Microsoft Entra admin center (Azure AD).
- Log in to the Microsoft Entra admin center.
- Navigate to Identity, then Applications, and then to App registrations.
- Select the application that you registered. See Register an Application.
- Click API Permissions.
- Add the required permissions. See Microsoft Graph Permissions Reference.
Note:
You must have the mandated API permissions for the specific User, Group, Organization, and Application Business Object.Refer to the following tables for the required permissions to create an Azure Active Directory Adapter connection.
Table 2-1 Permissions Required for Connections
Delegated (Work or School Account) Permissions | Delegated (Personal Microsoft Account) Permissions | Application Permissions |
---|---|---|
|
Not supported. |
|
Table 2-2 Permissions Required for Invoke Actions
Business Object | Action | Delegated (Work or School Account) Permissions | Delegated (Personal Microsoft Account) Permissions | Application Permissions |
---|---|---|---|---|
User | Create User |
|
Not supported. |
|
Update User |
|
User.ReadWrite |
|
|
Get a User |
|
|
|
|
List Users |
|
Not supported. |
|
|
Delete a User | User.ReadWrite.All | Not supported. | User.ReadWrite.All | |
List License Details
|
|
User.Read | Not supported. | |
Assign and Remove User License |
|
Not supported. |
|
|
List Manager |
|
Not supported. | Not supported. | |
Get Member Objects User
|
|
Not supported. |
|
|
Get Member Objects Group |
|
Not supported. |
|
|
Create Invitation |
|
Not supported. |
|
|
Assign Manager
|
|
Not supported. |
|
|
Remove Manager
|
|
Not supported. |
|
|
List Direct Reports |
|
Not supported. |
|
|
Get Management Chain by ID |
|
Not supported. | Not supported. | |
Groups | Create Group |
|
Not supported. |
|
List Groups |
|
Not supported. |
|
|
Get Group |
|
Not supported. |
|
|
List Group Members
|
|
Not supported. |
|
|
Update Group
|
|
Not supported. |
|
|
Delete Group | Group.ReadWrite.All | Not supported. | Group.ReadWrite.All | |
Add Members | GroupMember.ReadWrite.All | Not supported. | GroupMember.ReadWrite.All | |
Remove Member
|
|
Not supported.
|
|
|
Organization | Get organization |
|
Not supported. |
|
Application |
List Applications
|
|
|
|
Table 2-3 Permissions Required for Trigger Resources
Resource | Delegated (Work or School Account) Permissions | Delegated (Personal Microsoft Account) Permissions | Application Permissions |
---|---|---|---|
User | User.Read.All | User.Read.All | User.Read.All |
Group | Group.Read.All | Not supported | Group.Read.All |