Integrating with Azure AD

Prerequisites

• To give admin consent, you have to be a Global Administrator or Privileged Administrator in your Azure tenant.

Permissions

Identity Stack requires minimal permissions with read-only access to your Azure Active Directory, following the principle of least privilege. The specific permissions required are as follows:

• Directory.Read.All: This permission allows Identity Stack to read directory information, such as user and group details, from your Azure Active Directory.

• UserAuthenticationMethod.Read.All: This permission enables Identity Stack to retrieve authentication methods associated with user accounts in your Azure Active Directory.

• Policy.Read.All: This permission grants Identity Stack access to read policy settings and configurations within your Azure Active Directory.

By granting these permissions, Identity Stack can effectively retrieve the necessary information from your Azure Active Directory while adhering to the principle of least privilege, ensuring a secure integration with limited access rights.

Step-by-step guide

1. Navigate to the Identity Stack Administration Portal and sign in with your Azure credentials.

2. Click on Integrationer on the left-side menu and afterwards Giv Tilladelse.

3. After you have clicked on Giv tilladelse you will be redirected to Microsoft, where you will have to confirm your action.

4. After the permissions have been successfully granted, they will be listed with green checkmarks as depicted. Please note that Microsoft is eventually consistent, which means it can take up to 2 minutes before they are applied.