- Flexera Community
- Flexera One
- Flexera One Blog
- Coming Soon on May 3, 2022: New API Endpoints for Azure and Azure Client Credentials
Coming Soon on May 3, 2022: New API Endpoints for Azure and Azure Client Credentials
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Printer Friendly Page
- Report Inappropriate Content
On May 3, 2022, the SaaS Management Microsoft Azure and Azure Client Credentials integrations will migrate from Microsoft Azure AD API to Microsoft Graph API. The Azure AD Graph API is now deprecated. Starting June 30, 2022, support ends for Azure AD Graph. Apps using Azure AD Graph after June 30, 2022 will no longer receive responses from the Azure AD Graph endpoint. The following details will help you prepare for the Microsoft Graph API migration.
Action Required for New SaaS Management Integrations with Azure and Azure Client Credentials
You must grant permissions for Microsoft Graph API instead of Azure AD Graph API. Refer to the future API endpoints below.
Azure and Azure Client Credentials API Endpoints
Below are the future Microsoft Graph API endpoints.
SSO Application Access
SSO Application Roster
Actions Required for Existing SaaS Management Integrations with Azure and Azure Client Credentials
Due to SaaS Management's migration from Microsoft Azure AD APIs to Microsoft Graph APIs, existing Azure and Azure Client Credentials integrations will fail due to a 401 Unauthorized Error.
Actions for Existing Azure Integrations
- Once the Azure integration tasks start failing, you must reauthorize the integration.
- For the Microsoft Graph APIs, an Offline_access permission is also necessary for the refresh token generation.
Complete the following action to prevent this error for Existing Azure Client Credentials Integrations
Update the existing permissions to the required Microsoft Graph API permissions:
IMPORTANT: The Azure integration with SaaS Management will fail if consent is not given to both the AuditLog.Read.All and the Directory.Read.All permissions. For details, refer to the Microsoft List signIns documentation section.
More information on new features and enhancements can be found in What's New in Flexera One.
@dwampach1 : We are using Azure Client credentials;
Do we actually need "Auditlog.Read.All" ?
or in other words, if we only provide "Directory.Read.All", what is the impact to SaaS manager
Thanks in Advance
The integration will fail if you don't give it the "Auditlog.Read.All" permission, please refer to Microsoft's documentation: https://docs.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http
We are only using IT Asset Management but our SSO is Connected with Azure, is it going to impact us as well?
Please could you elaborate a bit further on the context here, i.e. are you referring to
- the use of Azure AD as an SSO data source for Flexera SaaS mgt?
- the use of Azure AD as an identity provider for Flexera One (SSO) authentication?
- or are you referring to using Azure AD internally as a single sign-on solution to login to your Intranet?
Currently, my company has not purchased any Saas products (though looking at it).
We do use SSO to login to our ITAM product and we use Azure.
I'm guessing that means we need to adjust our endpoint as well? Asking because I'm not sure.
The use of Azure AD as an identity provider for Flexera One (SSO) authentication?
I am with @spencer_clark
We are also not using SaaS manager of Flexera
But, we do use Azure SSO as an identifier to login to our ITAM product via FLexera one.
So please confirm if we need to make any changes in our identifer configurations?
I don't think that Microsoft is going to change/deprovision any of the end-points related to use of Azure AD as identity provider for SSO:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.