Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/02/2023 09:49 PM
Hi,
We are creating a new connection for AZURE AD ADMIN of type AZUREAD. But this connection was going into failed state.
We had not given any permissions of graph.windows.com APIs since these are going to be deprecated in June.
But if we don't give permissions to these API then the connection goes into the failed state.
We even tried giving these permissions to these APIs and the connection was seen as successful.
Please let us know the reason for this, we are not using these API's anywhere in the connection then why do we need the permissions to these API for the connection to be successful.
Thanks
05/03/2023 01:18 PM
@saidnya_naik we are reviewing this with the product team and will provide response shortly.
05/04/2023 02:15 AM
The AzureAD Connector uses the Microsoft Graph API instead of the Azure AD Graph API(deprecated).
06/22/2023 11:28 PM
Hi,
The connection was going into the failed state if we didn't give the Azure Active Directory Graph API/Permissions.
Even after selecting just the Microsoft APIs, the connection went into the failed state. After which we tried giving the Azure Active Directory Graph API/Permissions only then the connection was seen as successful.
06/25/2023 10:55 PM
06/28/2023 02:08 AM
Our Saviynt version is 5.5 SP3.10, which means this removal of azure ad graph api from your connector code won't be impacting us.
06/30/2023 08:21 AM
I believe this change was backported to 5.5SP3.10 as well.
You should be able to see the below connection params if the fix is available-
AUTHENTICATION_ENDPOINT, MICROSOFT_GRAPH_ENDPOINT, AZURE_MANAGEMENT_ENDPOINT
Populate these connection params with the below values-
AUTHENTICATION_ENDPOINT- https://login.microsoftonline.com/
MICROSOFT_GRAPH_ENDPOINT- https://graph.microsoft.com/
AZURE_MANAGEMENT_ENDPOINT- https://management.azure.com/
Add the Microsoft Graph API permissions to the Application instead of the AAD Graph APIs as mentioned in the doc- https://docs.saviyntcloud.com/bundle/AzureConf-v2022x/page/Content/Registering-an-Application-in-Azu...
The connection should be successful.
Please let me know if there is any query.