This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Reminder: New API Endpoints for Azure and Azure Client Credentials

dwampach1
By Level 8 Flexeran
Level 8 Flexeran

On May 3, 2022, the SaaS Management Microsoft Azure and Azure Client Credentials integrations migrated from Microsoft Azure AD API to Microsoft Graph API. The Azure AD Graph API is now deprecated. Starting June 30, 2022, support ends for Azure AD Graph. Apps using Azure AD Graph after June 30, 2022 will no longer receive responses from the Azure AD Graph endpoint. The following details will help you prepare for the Microsoft Graph API migration. 

Action Required for New SaaS Management Integrations with Azure and Azure Client Credentials 

You must grant permissions for Microsoft Graph API instead of Azure AD Graph API. Refer to the future API endpoints below. 

Azure and Azure Client Credentials API Endpoints 

Below are the future Microsoft Graph API endpoints. 

HR Roster 

https://graph.microsoft.com/vl.0/users  

Application Discovery 

https://graph.microsoft.com/vl.0/servicePrincipals  

SSO Application Access 

https://graph.microsoft.com/vl.0/auditLogs/signIns  

SSO Application Roster 

https://graph.microsoft.com/vl.0/users/<UseriD>/appRoleAssignments  

Actions Required for Existing SaaS Management Integrations with Azure and Azure Client Credentials 

Due to SaaS Management's migration from Microsoft Azure AD APIs to Microsoft Graph APIs, existing Azure and Azure Client Credentials integrations will fail due to a 401 Unauthorized Error. 

 Actions for Existing Azure Integrations 

  • Once the Azure integration tasks start failing, you must reauthorize the integration.
  • For the Microsoft Graph APIs, an Offline_access permission is also necessary for the refresh token generation. 

Complete the following action to prevent this error for Existing Azure Client Credentials Integrations 

Update the existing permissions to the required Microsoft Graph API permissions: 

  • Auditlog.Read.All 
  • Directory.Read.All

IMPORTANT: The Azure integration with SaaS Management will fail if consent is not given to both the AuditLog.Read.All and the Directory.Read.All permissions. For details, refer to the Microsoft List signIns documentation section.

More information on new features and enhancements can be found in What's New in Flexera One.

‎Jun 01, 2022 03:00 AM