You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/openshift/howto-aad-app-configuration.md
+6-9Lines changed: 6 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -88,15 +88,12 @@ For details on creating a new Azure AD application, see [Register an app with th
88
88
89
89
## Add API permissions
90
90
91
-
1. In the **Manage** section click **API permissions**.
92
-
2. Click **Add permission** and select **Azure Active Directory Graph** then **Delegated permissions**.
93
-
3. Expand **User** on the list below and enable the **User.Read** permission. If **User.Read** is enabled by default, ensure that it is the **Azure Active Directory Graph** permission **User.Read**, *not* the **Microsoft Graph** permission **User.Read**.
94
-
4. Scroll up and select **Application permissions**.
95
-
5. Expand **Directory** on the list below and enable **Directory.ReadAll**
96
-
6. Click **Add permissions** to accept the changes.
97
-
7. The API permissions panel should now show both *User.Read* and *Directory.ReadAll*. Please note the warning in **Admin consent required** column next to *Directory.ReadAll*.
98
-
8. If you are the *Azure Subscription Administrator*, click **Grant admin consent for *Subscription Name*** below. If you are not the *Azure Subscription Administrator*, request the consent from your administrator.
99
-
91
+
1. In the **Manage** section click **API permissions**, and then click **+Add a permission**.
92
+
3. In the **Request API Permissions** pane, select the **Microsoft APIs** tab, and then select the **Microsoft Graph** tile. Select **Application permissions**.
93
+
4. Search for **User** and enable the **User.Read** permission. Search for **Directory** and enable **Directory.Read.All**.
94
+
5. Click **Add permissions** to accept the changes.
95
+
6. The API permissions panel should now show both *User.Read* and *Directory.Read.All*. Please note the warning in **Admin consent required** column next to *Directory.Read.All*.
96
+
7. If you are the *Azure Subscription Administrator*, click **Grant admin consent for *Subscription Name***. If you are not the *Azure Subscription Administrator*, request the consent from your administrator.
100
97
101
98
> [!IMPORTANT]
102
99
> Synchronization of the cluster administrators group will work only after consent has been granted. You will see a green circle with a checkmark and a message "Granted for *Subscription Name*" in the *Admin consent required* column.
0 commit comments