Setting Azure AD Microsoft Graph Email API/Permission in Terraform
Question
I am provisioning some Azure infrastructure using Terraform. Included in the setup requirement is some configuration of an Azure AD registered app and this requires the following Microsoft Graph permissions to be granted (see image below):
- GroupMember.Read.All
- email (OpenId)
Within my Terraform configuration, I have the below code snippet included in my resource "azuread_application" block, within the required_resource_access sub-block. For the resource_access ids, I have used the values provided on this Microsoft page - https://learn.microsoft.com/en-us/graph/permissions-reference .
My Terraform configuration is currently able to successfully add the GroupMember.Read.All permission, but somehow it fails to add the required Email permission as depicted in the screenshot below, displaying the GUID reference instead of the actual name "email".
What I'd also like to be able to do in my Terraform configuration is the ability to Grant admin consent for both API/Permissions (depicted in the rightmost column).
Any tips on how I can achieve all of the above?
1 answers
solution1
3 ACCPTED 2022-05-06 11:56:33
For permission type , Scope corresponds to the Delegated permission type, where Role is the Application type.
The email OpenID scope is a Delegated permission type, so you need to change the permission type from Role to Scope .
resource_access {
id = "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0"
type = "Scope"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.