CraigP Posted March 2, 2023 Share Posted March 2, 2023 I'm looking to set up the Keysafe for Microsoft account authentication. The wiki page states the account will need "Microsoft Admin level permissions" but doesn't specify what these are. My colleague who would grant these permissions to the account is concerned about this from a security standpoint, so has asked for more information. Please is someone able to provide a specific list of permissions required? Link to comment Share on other sites More sharing options...
Gerry Posted March 2, 2023 Share Posted March 2, 2023 @CraigP It really depends on the function you intend to use the Microsoft Account permissions for. Each system that Microsoft provides is different, has different needs in terms of access, so it depends on what iBridge/ITOM automations you plan to use, what functions they will perform. We are not ourselves Microsoft experts, we may know, but we may not also know the specifics. Often when developing integrations we will not concentrate on the granular specifics of each Microsoft service, we will follow their developer guidelines which will often just say, things like Admin rights. Your Microsoft admins should have a good understanding of the specific rights/permissions needed to perform the specific task(s) that you need to. As I said we are not Microsoft experts and have no direct paths ourselves to Microsoft for support, Microsoft's services evolve and change frequently, so internally we *might* know specifics but its not something we can always answer. If you have more specifics you might get a better answer than this. Gerry Link to comment Share on other sites More sharing options...
CraigP Posted March 2, 2023 Author Share Posted March 2, 2023 Thanks Gerry, that is understandable. I would like to initially be able to use the Azure functionality such as adding and removing users from groups. Link to comment Share on other sites More sharing options...
Gerry Posted March 2, 2023 Share Posted March 2, 2023 @CraigP ok pretty standard account management tasks. So whatever your admins would give to an admin person to perform the same tasks is essentially what you would need to assign to the user creds to allow the integrations to use use. What those rights are specifically I would have no idea, our IT folks might because they do this sort of thing for our IT systems, but as I said, I think these settings ore more often than not, very setup-specific which is why your admins should be involved. I would always advise that you use a separate Microsoft account for integrations so you have full and immediate control over the account and find grained control over its access rights. Its not always easy to know which rights are which on complex systems so do your best to make it possible to easily tweak as you go Gerry Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now