You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/openshift/howto-aad-app-configuration.md
+14-6Lines changed: 14 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -88,12 +88,20 @@ For details on creating a new Azure AD application, see [Register an app with th
88
88
89
89
## Add API permissions
90
90
91
-
1. In the **Manage** section click **API permissions**, and then click **+Add a permission**.
92
-
3. In the **Request API Permissions** pane, select the **Microsoft APIs** tab, and then select the **Microsoft Graph** tile. Select **Application permissions**.
93
-
4. Search for **User** and enable the **User.Read** permission. Search for **Directory** and enable **Directory.Read.All**.
94
-
5. Click **Add permissions** to accept the changes.
95
-
6. The API permissions panel should now show both *User.Read* and *Directory.Read.All*. Please note the warning in **Admin consent required** column next to *Directory.Read.All*.
96
-
7. If you are the *Azure Subscription Administrator*, click **Grant admin consent for *Subscription Name***. If you are not the *Azure Subscription Administrator*, request the consent from your administrator.
91
+
[//]: #(Do not change to Microsoft Graph. It does not work with Microsoft Graph.)
92
+
1. In the **Manage** section click **API permissions**
93
+
2. Click **Add permission** and select **Azure Active Directory Graph** then **Delegated permissions**.
94
+
> [!NOTE]
95
+
> Make sure you selected the "Azure Active Directory Graph" and not the "Microsoft Graph" tile.
96
+
97
+
3. Expand **User** on the list below and enable the **User.Read** permission. If **User.Read** is enabled by default, ensure that it is the **Azure Active Directory Graph** permission **User.Read**.
98
+
4. Scroll up and select **Application permissions**.
99
+
5. Expand **Directory** on the list below and enable **Directory.ReadAll**.
100
+
6. Click **Add permissions** to accept the changes.
101
+
7. The API permissions panel should now show both *User.Read* and *Directory.ReadAll*. Please note the warning in **Admin consent required** column next to *Directory.ReadAll*.
102
+
8. If you are the *Azure Subscription Administrator*, click **Grant admin consent for *Subscription Name*** below. If you are not the *Azure Subscription Administrator*, request the consent from your administrator.
103
+
104
+
97
105
98
106
> [!IMPORTANT]
99
107
> Synchronization of the cluster administrators group will work only after consent has been granted. You will see a green circle with a checkmark and a message "Granted for *Subscription Name*" in the *Admin consent required* column.
0 commit comments