Developer portal: AAD Login - SPN permissions
See original GitHub issueI am using the APIM developer portal with AAD login. To get this to work the service requires a service principal with Directory.Read.All API permissions. It looks like the soon-to-be deprecated Azure Active Directory Graph
is needed for this to work. I tried to use the Microsoft Graph
permissions by itself, but I was not able to add AAD groups unless I added the Azure Active Directory Graph
permissions.
I was not able to find the correct permissions in the MSDocs. Can anyone confirm that these permissions are needed? If they are needed, what happens after the AAD Graph API becomes deprecated (June 2022)?
Issue Analytics
- State:
- Created a year ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Create an Azure AD app and service principal in the portal
If you run into a problem, check the required permissions to make sure your account can create the identity. Sign in to your...
Read more >Hi Sangeetha Guhan, an SPN's permissions against Azure AD ...
an SPN's permissions against Azure AD are managed through its “API permissions”. These are found within the SPN's properties in Azure AD —....
Read more >View All API Permissions Microsoft Graph - NielsKok.Tech
This blog is about how to view all API Permissions available for Microsoft Graph via Powershell. View All API Permissions Microsoft Graph.
Read more >How to setup Azure AD App permission for downstream ...
The client apps should have permission to the supporting app's API to call the web API through it. Thus, you would need to...
Read more >Configuring a User or Service Principal to manage Azure ...
Go to the API Permissions blade for the Application and click the "Add a ... Depending on the configuration of your AAD tenant,...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@johnlokerse, this should be enough for creating accounts in APIM, using Graph API permissions:
@mikebudzynski, we need only particular claims to be present in the token, regardless if it’s MS Graph or AAD Graph.
@azaslonov