This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New API Endpoints for Azure and Azure Client Credentials

dwampach1
By Level 8 Flexeran
Level 8 Flexeran

The SaaS Management Microsoft Azure and Azure Client Credentials integrations have migrated from Microsoft Azure AD APIs to Microsoft Graph APIs. The Azure AD Graph API is now deprecated. Starting June 30, 2022, support ends for Azure AD Graph. Apps using Azure AD Graph after June 30, 2022 will no longer receive responses from the Azure AD Graph endpoint. We ask that you migrate to the Microsoft Graph APIs and refer to the following details.

Action Required for New SaaS Management Integrations with Azure and Azure Client Credentials

You must grant permissions for Microsoft Graph API instead of Azure AD Graph API. Refer to the new API endpoints below.

New Azure and Azure Client Credentials API Endpoints

Below are the new Microsoft Graph API endpoints.

HR Roster

https://graph.microsoft.com/v1.0/users 

Application Discovery

https://graph.microsoft.com/v1.0/servicePrincipals 

SSO Application Access

https://graph.microsoft.com/v1.0/auditLogs/signIns 

SSO Application Roster

https://graph.microsoft.com/v1.0/users/ <UserID>/appRoleAssignments

Actions Required for Existing SaaS Management Integrations with Azure and Azure Client Credentials

Due to SaaS Management’s migration from Microsoft Azure AD APIs to Microsoft Graph APIs, existing Azure and Azure Client Credentials integrations will fail due to a 401 Unauthorized Error. 

Actions for Existing Azure Integrations

  • Once the Azure integration tasks start failing, you must reauthorize the integration.
  • For granting access to Microsoft Graph APIs, an Offline_access permission is also necessary for the refresh token generation.

Complete the following action to prevent this error for Existing Azure Client Credentials Integrations

Update the existing permissions to the required Microsoft Graph API permissions:

  • AuditLog.Read.All
  • Directory.Read.All

IMPORTANT: The Azure integration with SaaS Management will fail if consent is not given to both the AuditLog.Read.All and the Directory.Read.All permissions. For details, refer to the Microsoft List signIns documentation section.

Only Publisher Verified Applications Now Display in SaaS Management

Previously, the SaaS Management Application Discovery integration task captured unverified and verified application publishers. Now the Application Discovery task only captures verified application publishers who have verified their identity using their Microsoft Partner Network (MPN) account and have associated this MPN account with their app registration. For details, see the Microsoft documentation Mark your app as publisher verified.

As a result:

  • Only publishers verified by the Microsoft Partner Network would be fetched.
  • For applications with unverified publishers, the following will display in the managed SaaS application's Integrated Applications tab:
    • SSO Integration column by default will be set to false.
    • Publisher column will display "unverified".

More information on new features and enhancements can be found in What's New in Flexera One.

‎May 03, 2022 03:00 AM
0 Kudos