This article describes the API permissions that must be setup in Azure for the following connectors: 'Microsoft-AzureAD-Connector', 'Microsoft-AzureAD-GetGroups' and 'Microsoft-AzureAD-GetUsers'.
The above mentioned connectors all use the 'Windows Azure Active Directory' API, permissions for this can be viewed and requested under the App registration for the Spider Connector in Azure.
*Update January 2023 - this method is no longer supported when a new API connection is created after January 2023
In order for Spider connectors to receive the required data the 'Windows Azure Active Directory' API requires the following Application permission be granted in the Azure Portal: Directory.Read.All
Please note: Admin consent is required for this API permission to function.
