Is Read Directory permission absolutely required for Azure AD connection?


I’d like to know if the admin level privilege in Azure (Read Directory Data) is absolutely required to operate with an Azure AD connection.

I have a potential customer who is running into a consent dialog and it would be much easier if we don’t need to request that permission.

Thank you

:wave: @ee1 for the Azure AD connection the Read Directory I believe is needed when reading group information, extended attributes, data not belonging to the user signing. When enabled, the directory data would require administrator consent unless the user logging in is an administrator or the Azure AD administrator gives consent for every user in the directory.

1 Like