I have a use case for attesting to Azure DirectoryRole assignments. This is the only use case we have for connecting to Azure from OneIM. The customer is hesitant to grant us the permissions of Global Admin as discussed in the OneIM documentation as we should only require read access. We have configured as such as a web application with read only permissions for all of Azure. We have also tried using the native client option. Most data seems to sync into OneIM fine, however, we are not getting all of the DirectoryRole assignments shown in the Azure portal. In OneIM we have a complete sync of users and directory roles themselves, AADUser & AADDirectoryRole are complete, but the AADUserInDirectoryRole table is showing only a small fraction of what it should be. Can someone explain the Azure access & permissions needed for a read only connection to Azure that would allow all syncing of all data, or is the method described in the OneIM Azure Admin guide the only available option? If it's the latter, can you explain the reason so that I can present the evidence to the customer?
- Products
- View all products
- Free trials
- Privileged Access Management
- Overview
- PAM Essentials
- Safeguard
- Safeguard On Demand
- Safeguard for Privileged Analytics
- Safeguard for Privileged Passwords
- Safeguard for Privileged Sessions
- Safeguard Remote Access
-
Endpoint Privilege Management
- Privilege Manager for Windows
- Privilege Manager for Unix
- Safeguard Authentication Services
- Safeguard for Sudo
- Access Management
- Identity Governance and Administration
- Active Directory Management
- Log Management
- Solutions
- Resources
- Trials
- Support
- Partners
- Communities