Jump to content

Account Permissions for Microsoft iBridge integration


Recommended Posts

I'm looking to set up the Keysafe for Microsoft account authentication. The wiki page states the account will need "Microsoft Admin level permissions" but doesn't specify what these are.

My colleague who would grant these permissions to the account is concerned about this from a security standpoint, so has asked for more information. Please is someone able to provide a specific list of permissions required?

Link to comment
Share on other sites

@CraigP

It really depends on the function you intend to use the Microsoft Account permissions for.  Each system that Microsoft provides is different, has different needs in terms of access, so it depends on what iBridge/ITOM automations you plan to use, what functions they will perform.   We are not ourselves Microsoft experts, we may know, but we may not also know the specifics. Often when developing integrations we will not concentrate on the granular specifics of each Microsoft service, we will follow their developer guidelines which will often just say, things like Admin rights.  Your Microsoft admins should have a good understanding of the specific rights/permissions needed to perform the specific task(s) that you need to. 

As I said we are not Microsoft experts and have no direct paths ourselves to Microsoft for support, Microsoft's services evolve and change frequently, so internally we *might* know specifics but its not something we can always answer. If you have more specifics you might get a better answer than this. 

Gerry

Link to comment
Share on other sites

@CraigP

ok pretty standard account management tasks.  So whatever your admins would give to an admin person to perform the same tasks is essentially what you would need to assign to the user creds to allow the integrations to use use. What those rights are specifically I would have no idea, our IT folks might because they do this sort of thing for our IT systems, but as I said, I think these settings ore more often than not, very setup-specific which is why your admins should be involved. I would always advise that you use a separate Microsoft account for integrations so you have full and immediate control over the account and find grained control over its access rights.  Its not always easy to know which rights are which on complex systems so do your best to make it possible to easily tweak as you go

Gerry

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...