Required Permissions for Entra Integration for ITP
This page outlines the permissions required for the Delinea ITP/PCCE - Read Only application when integrated with Microsoft Entra ID (formerly Azure AD). These permissions are necessary to retrieve identity, group, and security-related data, providing visibility into identity and access security across your tenant.
Roles Assigned
The Delinea ITP/PCCE - Read Only application operates with roles and permissions granted via admin consent. These permissions allow the application to query identity, group, and security data from Microsoft Entra ID to ensure proper visibility and access security.
Scope of Permissions
All permissions assigned to this application are tenant-wide (Directory-wide scope), which means they involve querying identity and security-related data across the entire Microsoft Entra ID (Azure AD) instance.
Permissions Granted
Below is a breakdown of the permissions assigned to the Delinea ITP/PCCE - Read Only application:
| API Name | Permission | Description |
|---|---|---|
| Microsoft Graph | TeamMember.Read.All | Read the members of all teams. |
| Microsoft Graph | UserAuthenticationMethod.Read.All | Read all users' authentication methods. |
| Microsoft Graph | Group.Read.All | Read all groups. |
| Microsoft Graph | MailboxSettings.Read | Read all user mailbox settings |
| Microsoft Graph | Sites.Read.All | Read items in all site collections. |
| Microsoft Graph | Directory.Read.All | Read directory data. |
| Microsoft Graph | PrivilegedAccess.Read.AzureResources | Read privileged access to Azure resources. |
| Microsoft Graph | User.Read.All | Read all users' full profiles. |
| Microsoft Graph | Domain.Read.All | Read domains. |
| Microsoft Graph | ChannelMember.Read.All | Read the members of all channels. |
| Microsoft Graph | GroupMember.Read.All | Read all group memberships. |
| Microsoft Graph | IdentityProvider.Read.All | Read identity providers. |
| Microsoft Graph | IdentityRiskyUser.Read.All | Read all identity risky user information. |
| Microsoft Graph | AuditLog.Read.All | Read audit logs. |
| Microsoft Graph | Reports.Read.All | Read all usage reports. |
| Microsoft Graph | User.Read | Sign in and read user profile. |
