How to grant permissions as an admin to a group for an app in Azure Active Directory?

1
votes

I am looking for a way, as an admin, to grant permissions to an internal app on my Azure Active Directory only for a specific set of user (a group), without having to prompt any consent.

I want this app to have access to Mail.Read scopes on Graph API for a specific group of users only.

I manage to give access for the whole organization. (Clicking on the "grant permissions" button in the Azure Portal > Azure Active Directory > App Registration > MyApp > Settings > Permissions). How to limit these rights to a specific group of users without having to prompt any individual consent ?

1
azure-active-directorymicrosoft-graph-api

1 Answers

0
votes

How to limit these rights to a specific group of users without having to prompt any individual consent ?

You could get it use RBAC in the portal.

Navigate to your app(not in the App registrations) in the portal -> Access control (IAM) -> Add, please follow the steps in this article.

For more details about RBAC, you could refer to this link : What is role-based access control (RBAC)?

I want this app to have access to Mail.Read scopes on Graph API

Go to your app in the App registrations, you could refer to the screenshot to choose the Read mail in all mailboxes option. The option means access to Mail.Read, refer to this post.

enter image description here