Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Connection getting failed for Azure AD Admin

saidnya_naik
New Contributor
New Contributor

Hi,

We are creating a new connection for AZURE AD ADMIN of type AZUREAD. But this connection was going into failed state.

We had not given any permissions of graph.windows.com APIs since these are going to be deprecated in June.

But if we don't give permissions to these API then the connection goes into the failed state.

We even tried giving these permissions to these APIs and the connection was seen as successful.

Please let us know the reason for this, we are not using these API's anywhere in the connection then why do we need the permissions to these API for the connection to be successful.


Thanks

6 REPLIES 6

Rishi
Saviynt Employee
Saviynt Employee

@saidnya_naik we are reviewing this with the product team and will provide response shortly.

prashantChauhan
Saviynt Employee
Saviynt Employee

The AzureAD Connector uses the Microsoft Graph API instead of the  Azure AD Graph API(deprecated).

Only Microsoft Graph API permissions mentioned in the below doc should be enough for a successful connection.

 

saidnya_naik
New Contributor
New Contributor

Hi,

The connection was going into the failed state if we didn't give the Azure Active Directory Graph API/Permissions.

Even after selecting just the Microsoft APIs, the connection went into the failed state. After which we tried giving the Azure Active Directory Graph API/Permissions only then the connection was seen as successful.

prashantChauhan
Saviynt Employee
Saviynt Employee
We have removed the use of the Azure AD Graph APIs from our connector code and now we use the Graph APIs as suggested by Microsoft.
 
We have introduced this change from the V2021.0 release.
 
I believe you are in an older version and that is why the connection is failing without using the Azure AD Graph API permissions.

Our Saviynt version is 5.5 SP3.10, which means this removal of azure ad graph api from your connector code won't be impacting us.

prashantChauhan
Saviynt Employee
Saviynt Employee

I believe this change was backported to 5.5SP3.10 as well.

You should be able to see the below connection params if the fix is available-

AUTHENTICATION_ENDPOINT, MICROSOFT_GRAPH_ENDPOINT, AZURE_MANAGEMENT_ENDPOINT

 

Populate these connection params with the below values-

AUTHENTICATION_ENDPOINT- https://login.microsoftonline.com/

MICROSOFT_GRAPH_ENDPOINT- https://graph.microsoft.com/

AZURE_MANAGEMENT_ENDPOINT- https://management.azure.com/

Add the Microsoft Graph API permissions to the Application instead of the AAD Graph APIs as mentioned in the doc- https://docs.saviyntcloud.com/bundle/AzureConf-v2022x/page/Content/Registering-an-Application-in-Azu...

The connection should be successful.

Please let me know if there is any query.