Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Mobile Operator

Set the Azure Active Directory for role enumeration

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Set the Azure Active Directory for role enumeration

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 26, 2025
  • 2 minute read

The Microsoft Graph API should be used to enumerate the groups in the Azure Active Directory tenant. It may also be used to get directory information. However, this requires an access token with correct permissions.

To request API permissions:

  1. From the API permissions page, select Add a permission.

    Permission1

  2. Select APIs my organization uses.

    Topic 3 step 2

  3. Select Microsoft Graph. You can search for “Microsoft Graph” if the option is not shown in the list. The Microsoft Graph page appears.

    Request API permissions 2

  4. Select Application permissions. This enables the application to run as a background service or daemon without a signed-in user.

    Topic 3 step 4

  5. Under Select permissions, enter “Group” in the search box.

  6. Click to select the required group or groups and select Add permissions.

    • GroupMember.Read.All access to Microsoft.Graph, and admin consent must be granted for this permission, and it can then require a client API token using client_credentials,

    • Organization.Read.All access to Microsoft.Graph

    • User.Read.All access to Microsoft Graph

      Note: The groups must be the Application type, not the Delegated type.

  7. Grant admin consent.

    Embedded Image (65% Scaling) (LIVE)

TitleResults for “How to create a CRG?”Also Available in