This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Coming Soon on May 3, 2022: New API Endpoints for Azure and Azure Client Credentials

dwampach1
Level 7 Flexeran
Level 7 Flexeran
2 8 2,470
‎Apr 20, 2022 08:07 AM

On May 3, 2022, the SaaS Management Microsoft Azure and Azure Client Credentials integrations will migrate from Microsoft Azure AD API to Microsoft Graph API. The Azure AD Graph API is now deprecated. Starting June 30, 2022, support ends for Azure AD Graph. Apps using Azure AD Graph after June 30, 2022 will no longer receive responses from the Azure AD Graph endpoint. The following details will help you prepare for the Microsoft Graph API migration. 

Action Required for New SaaS Management Integrations with Azure and Azure Client Credentials 

You must grant permissions for Microsoft Graph API instead of Azure AD Graph API. Refer to the future API endpoints below. 

Azure and Azure Client Credentials API Endpoints 

Below are the future Microsoft Graph API endpoints. 

HR Roster 

https://graph.microsoft.com/vl.0/users  

Application Discovery 

https://graph.microsoft.com/vl.0/servicePrincipals  

SSO Application Access 

https://graph.microsoft.com/vl.0/auditLogs/signIns  

SSO Application Roster 

https://graph.microsoft.com/vl.0/users/<UseriD>/appRoleAssignments  

Actions Required for Existing SaaS Management Integrations with Azure and Azure Client Credentials 

Due to SaaS Management's migration from Microsoft Azure AD APIs to Microsoft Graph APIs, existing Azure and Azure Client Credentials integrations will fail due to a 401 Unauthorized Error. 

 Actions for Existing Azure Integrations 

  • Once the Azure integration tasks start failing, you must reauthorize the integration.
  • For the Microsoft Graph APIs, an Offline_access permission is also necessary for the refresh token generation. 

Complete the following action to prevent this error for Existing Azure Client Credentials Integrations 

Update the existing permissions to the required Microsoft Graph API permissions: 

  • Auditlog.Read.All 
  • Directory.Read.All

IMPORTANT: The Azure integration with SaaS Management will fail if consent is not given to both the AuditLog.Read.All and the Directory.Read.All permissions. For details, refer to the Microsoft List signIns documentation section.

More information on new features and enhancements can be found in What's New in Flexera One.

8 Comments
bharath_malli
Level 3
‎Apr 22, 2022 12:01 PM

@dwampach1 : We are using Azure Client credentials;   

Do we actually need "Auditlog.Read.All" ?

or in other words, if we only provide "Directory.Read.All", what is the impact to SaaS manager 

 

Thanks in Advance 

Bharath Mallipeddy

SAP SE

0 Kudos
JohnSorensenDK
Moderator Moderator
Moderator
‎Apr 25, 2022 04:40 AM

Hi Bharath,

The integration will fail if you don't give it the "Auditlog.Read.All" permission, please refer to Microsoft's documentation: https://docs.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http 

Thanks,

John Sorensen

0 Kudos
chirag_sharma2
Level 7
‎Apr 26, 2022 11:29 AM

Hi, 

We are only using IT Asset Management but our SSO is Connected with Azure, is it going to impact us as well?

0 Kudos
JohnSorensenDK
Moderator Moderator
Moderator
‎Apr 27, 2022 05:53 AM

@chirag_sharma2 

Please could you elaborate a bit further on the context here, i.e. are you referring to

  • the use of Azure AD as an SSO data source for Flexera SaaS mgt?
  • the use of Azure AD as an identity provider for Flexera One (SSO) authentication?
  • or are you referring to using Azure AD internally as a single sign-on solution to login to your Intranet?

Thanks,

John Sorensen

0 Kudos
spencer_clark
Level 4
‎Apr 27, 2022 10:18 AM

Currently, my company has not purchased any Saas products (though looking at it).

We do use SSO to login to our ITAM product and we use Azure.

I'm guessing that means we need to adjust our endpoint as well?  Asking because I'm not sure.

 

Spencer

0 Kudos
chirag_sharma2
Level 7
‎Apr 28, 2022 02:51 AM

Hi @JohnSorensenDK 

The use of Azure AD as an identity provider for Flexera One (SSO) authentication?

I am with @spencer_clark 

We are also not using SaaS manager of Flexera

But, we do use Azure SSO as an identifier to login to our ITAM product via FLexera one. 

So please confirm if we need to make any changes in our identifer configurations? 

0 Kudos
JohnSorensenDK
Moderator Moderator
Moderator
‎Apr 28, 2022 03:48 AM

I don't think that Microsoft is going to change/deprovision any of the end-points related to use of Azure AD as identity provider for SSO:Capture.PNG

Thanks,

John Sorensen

spencer_clark
Level 4
‎May 10, 2022 02:59 PM

Thanks

 

0 Kudos