Versions Compared

Version Old Version 18 New Version Current
Changes made by

Eva Ruzheva

Pio

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Microsoft Graph API Connection Configuration

...

  1. Copy the "Value" of the newly created client secret.

Note

Important: Ensure you copy the Value, not the Secret ID. The Value is required for authentication and will be hidden once you leave the page.

...

9- Select “Microsoft Graph” and add Directory.Read.All for the “Application” type.

Image Added

Info

Pro Tip:

...

To grant the minimum permissions,

...

you

...

may use

...

:

  • User.Read.All

...

  • GroupMember.Read.All

...

You may encounter permission errors if your environment has nested groups, where a parent group has sufficient access but a child group does not. In that case, you may use:

  • User.Read.All

  • Group.Read.All

If you need to collect the licenses, you need permission to read the directory.

  • Directory.Read.All

The table below explains the different levels of permissions and their capabilities.

Permissions and their capabilities

  • User.Read.All

  • GroupMember.Read.All

  • User.Read.All

...

  • Group.Read.All

Image Removed

...

  • Directory.Read.All

Collects Users and Groups

(tick)

(tick)

(tick)

Collects nested groups (parent-child relationship)

(error)

(tick)

(tick)

Collects the Licenses

(error)

(error)

(tick)

  1. Ask your Azure Admin to provide consent for the required permission. The settings should be as follows:

  • Permission: Directory.Read.All

  • Type: Application

  • Admin

...

  • Consent Requested: Yes

  • Status: Granted for <your

...

  • organization>

An See the example screenshot is provided below:

Note

Just wanted to highlight that this This step is important and crucial, as we frequently receive tickets from our customers regarding customer tickets related to permission errors. Most The most common mistake done by Azure Admins is defining the type as “Delegated” which is the default, instead of “Application”.

...

make is selecting "Delegated" (the default) instead of "Application" as the permission type.

  1. Fill in the required fields under Azure Connection Settings in the

...

  1. Source tab of Azure AD Importer for JSM Assets.

...

  1. Then, click "Save & Check

...

  1. Connection" to

...

  1. confirm the configuration is successful.

...

Note

We previously had customers writing the Secret ID instead of the Secret Value. Please make sure you use the Application Secret Value. Otherwise, you may get an Error as below:

Screenshot 2024-10-07 at 16.35.18.pngImage Removed

...

  1. (Optional) You can apply filters for Users and Groups to reduce the number of imported records and focus on relevant data. For more details, visit: Filter

...

  1. Next configure the Destination settings.