Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

As an Azure application owner, you have the essential responsibility of maintaining the delegated and application permissions of your application. Through Resource Admin, you can initiate updates to these permissions, tailoring them to meet evolving requirements and security standards. Once an update is requested, EmpowerID efficiently processes and implements these changes by updating the API permissions in Azure. This article will lead you through the process of adjusting your application's permissions, ensuring they align accurately with your application's operational and security needs.

Delete current API permissions

  1. Navigate to the Resource Admin application portal for your environment.

  2. Select Applications from the dropdown menu and search for the application with the API permissions you want to update.

  3. Click the Friendly Name link for the application.

     

  4. Select API Permissions on the application menu. You should see all current delegated and application permissions granted to the app.

  5. Click Delete for the permission you want to remove from the application.

  6. Confirm your decision.

  7. Repeat for any other permissions you want to delete.

Update API permissions

  1. Navigate to the Resource Admin application portal for your environment.

  2. Select Applications from the dropdown menu and search for the application with the API permissions you want to update.

  3. Click the Friendly Name link for the application.

     

  4. Expand Actions and then click Update Azure Application API Permissions.

     
    This initiates the Update Azure App API Permissions workflow with the selected application as the target.

  5. Review the configured API permissions and toggle the button from Selected to Remove for each permission you want to remove from the application and then click Next to progress to the next step of the workflow.

    If you do not want to remove any configured permissions simply click Next.


    The workflow progresses to the Add Delegated API Permissions selector. Here you select Microsoft and/or custom application APIs from the tree to add delegated permissions to the application.

  6. In the tree, search for and select the API with the delegated permissions you want to add to the application. For example, if you want to add permissions from the Microsoft Graph API, search for and select Microsoft Graph.

    If you do not want to add any delegated permissions to the application, click Next and skip to Step 9 below.

  7. Close the tree and then search for and select the specific related delegated permission you want to add to the application.

  8. Repeat, adding any other permissions needed and when ready click Next to progress to the next step.

  9. In the tree, search for and select the API with the application permissions you want to add to the application. If you do not want to add application permissions to the application, click Next and skip to step 12 below.

  10. Close the tree and then search for and select the specific related application permission you want to add to the application.

  11. Repeat, adding any other permissions needed and when ready click Next to progress to the next step.

  12. Review the summary information of your proposed changes and when ready click Submit.

Verify changes in Azure

  1. In Azure, navigate to Azure AD > App registrations.

  2. Select All applications and search for the target application.

  3. Click the Display Name link for the application.

     

  4. Under Manage, click API Permissions. You should see the configured permissions reflect the changes made in EmpowerID.

...