Minimum Permissions for Entra ID RPC

For the complete setup for Entra ID RPC, see Configuring an Azure AD or Entra ID Password Changer.

Secret Server requires proper permissions to perform remote password changing (RPC). The privileged Delinea Secret Server RPC service principal used for RPC of an Entra ID user account secret, must be assigned to the User Administrator role.

  1. Log into the Entra ID or Azure AD Portal (https://portal.azure.com).

  2. Go to Microsoft Entra ID > Roles and Administrators.

  3. Select the User Administrator role.

  4. Click Add Assignments.

  5. Search for the desired service principal. This is the account to give permissions to, in this case, the registered application.

  6. Click Add.

Please note, that these permissions will only work for non-administrator accounts. For administrator accounts, users need to have at least Privileged Authentication Administrator permissions. For more information about the Entra ID secret template, see Entra ID Secret Template for RPC.