Learn more about Azure Active Directory permissions in this chapter.
The last step of the configuration is to adjust the Azure Active Directory permissions.
To use the app’s full potential and read as well as edit user data, Azure AD Attributes Sync for Jira requires a set of
Azure AD permissions. However, if you plan on using only some of the app’s functionalities, the permissions can be adjusted at any moment by the Azure AD admin.
During the first Azure AD Attributes Sync for Jira configuration, you’ll have to accept all the permissions to establish the connection between Azure Active Directory and the app. However, after that you can update the permissions according to your preferences. You’ll find the instructions on how to do that along with the permissions’ description in the further part of this chapter.
Here is how to update the permissions in Azure AD:
The app will ask you to configure the list of permissions according to your preferences. You’ll find them listed below along with
short descriptions explaining what each permission is for and what will happen if you turn it off:
Permission type | Permission scope | |
---|---|---|
User.Read | Sign in and read user profile | necessary to add the app to the directory (essential for the app’s key features to work) |
Application.Read.All | Read all applications | necessary to display Azure AD custom user attributes in Jira fields |
Device.Read.All | Read all devices | necessary to synchronize information about devices assigned to the users |
Group.Read.All | Read all groups | necessary to synchronize information about licenses assigned to the users |
RoleManagement.Read.Directory | Read all directory RBAC settings | necessary to display groups and roles |
User.Read.All | Read all users’ full profiles | necessary to read user details (essential for the app’s key features to work) |
User.ReadWrite.All | Read and write all users’ full profiles | necessary for the Azure AD Sync - Update user’s attributes in Azure AD post function to work (you won’t be able to edit user information without this permission), but other app features will work properly |
Permissions for the newest app version don’t automatically show on the permissions list in the app. They’ll appear when the admin uses the Grant admin consent button.
If you can’t find the answer you need in our documentation, raise a support request.