On 2018-11-27 16:38, Steven Williams wrote:
> On 11/27/18 10:38 AM, Steven Williams wrote:
>> On 11/19/18 11:42 AM, alekz wrote:
>>> On 2018-11-19 17:22, Steven Williams wrote:
>>>> On 11/19/18 10:47 AM, alekz wrote:
>>>>> Hello
>>>>>
>>>>> What kind of permissions do I need to grant for the Azure AD User
>>>>> and Permissions collectors?
>>>>>
>>>>> Currently I've granted this:
>>>>>
>>>>>
>>>>> Azure Active Directory Graph
>>>>> **Directory.Read.All
>>>>> **User.Read
>>>>>
>>>>> Microsoft Graph
>>>>> **Directory.Read.All
>>>>>
>>>>>
>>>>> When testing the collection I get this error:
>>>>>
>>>>> [SEVERE] 2018-11-19 16:35:34
>>>>> com.netiq.iac.persistence.dcs.dce.thread.TestDataC ollectionServiceThread
>>>>> call - [IG-DTP] Encountered unexpected error: Failed in collecting
>>>>> data from DaaS -Error Response: Command failure: Type:
>>>>> find+chunked: [Command failure: Type: find+chunked: [Error
>>>>> collecting using search class: User]]
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> If you find this post helpful and are logged into the web interface,
>>>>> show your appreciation and click on the star below.
>>>> Greetings,
>>>>
>>>> 1) What is the exact version of ID Gov that you are using?
>>>> 2) What is the exact version of the Template(s) you are using?
>>>>
>>> 1)
>>> **Identity Governance client version 3.0.1 was built on Fri March 9
>>> 2018 4:59 PM from revision 25950
>>> Identity Governance server version 3.0.1 was built on Fri March 9
>>> 2018 6:43 PM from revision 25952
>>>
>>> 2) Version 3.0.0
>>>

>> Greetings,
>>
>> We use the Azure Active Directory Graph API so the tenant must first
>> enable that API for their site. Once enabled, the API requires the
>> following 2 permissions.
>>
>> - Directory.Read.All
>> - User.Read
>>
>>
>> It is also necessary to generate an OAuth v2 client (and secret) for
>> API access.
>>
>>
>>

> Greetings,
> ** I have asked the Doc team to update our public doc accordingly.
>

Thanks Steven, got it working now :-)

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.