MS Graph API Permissions

MS Graph API Permissions (Required to sync Identities from Entra ID for UAR)

1. Log in to Entra Admin Center

1. Go to Microsoft Entra Admin Center.
2. Sign in with a Global Administrator or Application Admininstrator account.

---

2. Create a New App Registration

1. In the left menu, go to Entra ID → App registrations.
2. Click + New registration.
3. Enter:
   • Name: e.g. UAR-Sync
   • Supported account types: Select Accounts in this organizational directory only (recommended).
   • Redirect URI: Leave empty unless specifically required.
4. Click Register.

---

3. Add Microsoft Graph API Permissions

1. In the app you just created, select API permissions → + Add a permission.
2. Choose Microsoft Graph → Application permissions.
3. Search and add:
   • User.Read.All
   • Application.Read.All
   • GroupMember.Read.All
   • AuditLog.Read.All
4. Click Add permissions.

---

4. Grant Admin Consent

1. Still under API permissions, click Grant admin consent for .
2. Confirm the action.
3. The status should update to Granted.

---

5. Create a Client Secret

1. Go to Certificates & secrets.
2. Under Client secrets, click + New client secret.
3. Fill in:
   • Description: e.g. UAR-Secret
   • Expires: Select 24 months (2 years) (recommended)
4. Click Add.
5. Copy the Value immediately — this is your client secret (you will not be able to view it again).
   • Store it securely (e.g., in a password manager or Azure Key Vault).

---

6. Collect IDs for Authentication

You will need:

• Tenant ID: Found under Overview → Directory (tenant) ID
• Client ID: Found under Overview → Application (client) ID
• Client Secret: The value you just generated

---

7. Save the sync credentials in UAR

1. Logon to https://companyname-uar.tikabu.io. as a member of the UARAdmin role.
2. Under Identity Sync, enter and save the MS Graph API credentials.

---