Add API Permissions

API permissions in Azure are essential for defining the scope of interaction between applications and Azure's services and resources. These permissions, encompassing a range of rules and privileges, play a vital role in ensuring security and regulating access within the Azure ecosystem. For administrators or application owners, EmpowerID's Resource Admin offers a streamlined way to manage these permissions. Instead of navigating the Azure portal, you can directly add API permissions to your organization’s Azure applications within Resource Admin. Simply select the required permissions, and EmpowerID will handle the update of the application, ensuring a seamless and efficient process. The following procedure will guide you step-by-step through this process.

Procedure

  1. Navigate to the Resource Admin application portal for your environment.

  2. Select Applications from the dropdown menu and search for the application with the API permissions you want to update.

  3. Click the Details button on the application record.

    image-20240116-161601.png

     

  4. Select API Permissions from the application menu and then click Add API Permission.

    image-20240116-161825.png


    This initiates the ‘Update API Permissions’ wizard and directs you to the ‘Configured Permissions’ section of the workflow.

     

  5. Click Next to proceed.

    The workflow progresses to the Add Delegated API Permissions selector. Here, you select Microsoft and/or custom application APIs from the tree to add delegated permissions to the application.

     

  6. In the tree, search for and select the API with the delegated permissions you want to add to the application. For example, if you want to add permissions from the Microsoft Graph API, search for and select Microsoft Graph.

    If you do not want to add any delegated permissions to the application, click Next and skip to Step 9 below.

     

  7. Search for and select the specific related delegated permission you want to add to the application.

     

  8. Repeat, adding any other permissions needed, and when ready, click Next to progress to the Add Application Permissions step.

  9. In the tree, search for and select the API with the application permissions you want to add to your application. If you do not want to add application permissions to the application, click Next and skip to step 12 below.

  10. Search for and select the related application permission to add to your application.

  11. Repeat, adding any other permissions needed, and when ready, click Next to progress to the next step.

  12. Review the summary information of your proposed changes, and when ready, click Submit.

 

Results

The API permissions are added to the application. You can verify the changes in Azure by doing the following:

  1. In Azure, navigate to Microsoft Entra ID > App registrations.

  2. Select All applications and search for the target application.

  3. Click the Display Name link for the application.

  4. Under Manage, click API Permissions. You should see the configured permissions reflect the changes made in EmpowerID.

    The below screenshot highlights the API permissions added to the application in this article.