This guide applies to Mac computers and Windows devices
Microsoft Entra ID Permissions
Microsoft Entra ID Permissions in Iru Endpoint allows you to configure the necessary permissions and access rights for Microsoft Entra ID integration, enabling seamless user directory synchronization and authentication.How It Works
Integration Overview
The Microsoft Entra ID Integration in Iru Endpoint allows customers to sync all Microsoft Entra ID user and group objects into the user directory within Iru Endpoint, allowing administrators to assign devices to Microsoft Entra ID users within Iru Endpoint. These delegated permissions are leveraged through the Microsoft Graph API to synchronize user directory information.Permissions Overview
The following permissions are automatically requested and required to successfully sync Microsoft Entra ID users and groups into Iru Endpoint. A Microsoft Entra ID Administrator needs to have sufficient permissions to delegate the following permissions to Iru Endpoint.| Permission | Display Text | Justification |
|---|---|---|
Group.Read.All | Read all groups | Allows Iru Endpoint to list groups, and to read their properties and all group memberships on behalf of the signed-in user. |
User.Read.All | Read all users’ full profiles | Synchronize all AD Users |
User.Read | Sign in and read user profile | Store integrating AD administrator’s information |
offline_access | Maintain access to data you have given it access to | Allows long-term syncing |
openid | Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information. | Leveraged for legacy OpenID login for Microsoft Entra ID users into Iru Endpoint. (This is now handled by a new independent Microsoft Entra ID application record) |