Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Developer portal: AAD Login - SPN permissions

See original GitHub issue

I am using the APIM developer portal with AAD login. To get this to work the service requires a service principal with Directory.Read.All API permissions. It looks like the soon-to-be deprecated Azure Active Directory Graph is needed for this to work. I tried to use the Microsoft Graph permissions by itself, but I was not able to add AAD groups unless I added the Azure Active Directory Graph permissions.

I was not able to find the correct permissions in the MSDocs. Can anyone confirm that these permissions are needed? If they are needed, what happens after the AAD Graph API becomes deprecated (June 2022)?


Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5 (1 by maintainers)

github_iconTop GitHub Comments

azaslonovcommented, Apr 8, 2022

@johnlokerse, this should be enough for creating accounts in APIM, using Graph API permissions:

image Hope that helps.

@mikebudzynski, we need only particular claims to be present in the token, regardless if it’s MS Graph or AAD Graph.

mikebudzynskicommented, Apr 8, 2022


  1. Do we support Microsoft Graph?
  2. Are these required permissions correct?
Read more comments on GitHub >

github_iconTop Results From Across the Web

Create an Azure AD app and service principal in the portal
If you run into a problem, check the required permissions to make sure your account can create the identity. Sign in to your...
Read more >
Hi Sangeetha Guhan, an SPN's permissions against Azure AD ...
an SPN's permissions against Azure AD are managed through its “API permissions”. These are found within the SPN's properties in Azure AD —....
Read more >
View All API Permissions Microsoft Graph - NielsKok.Tech
This blog is about how to view all API Permissions available for Microsoft Graph via Powershell. View All API Permissions Microsoft Graph.
Read more >
How to setup Azure AD App permission for downstream ...
The client apps should have permission to the supporting app's API to call the web API through it. Thus, you would need to...
Read more >
Configuring a User or Service Principal to manage Azure ...
Go to the API Permissions blade for the Application and click the "Add a ... Depending on the configuration of your AAD tenant,...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found