Hero Banner

Control Panel Vendors (CPVs)

Onboarded as a CPV, ask questions and learn how to keep your platform secure

Take the survey
Reply
Maps
Level 1 Contributor
‎02-12-2019 02:19 AM
Level 1 Contributor
‎02-12-2019 02:19 AM

graph.microsoft.com CPV Application Consent / Grants

Hi,

Continuing the discussion from the Yammer group, refering to this topic:

https://www.yammer.com/cloudpartnercommunity/threads/1234330467

What are the grants that a CPV should set to call the graph.microsoft.com API?

Thank you

Labels:
6 REPLIES 6
idwilliams
Moderator
‎02-15-2019 10:58 PM
Moderator
‎02-15-2019 10:58 PM

Hi @Maps

I have not the opportunity to test this just yet, but the enterprise application identifier for Microsoft Graph is 00000003-0000-0000-c000-000000000000. So, in theory you should be able to use this value when creating your application consent. Currently both the .NET and Java SDK samples are configuring the permissions for Azure AD Graph, which enables you to perform Azure AD operations using Microsoft. However, if you are looking to perform operations using other features of Microsoft Graph this will not work. 

If you are in position to test this with your integration box, it would be great to know if you encounter any issues. 

Maps
Level 1 Contributor
‎02-18-2019 03:30 AM
Level 1 Contributor
In response to idwilliams
‎02-18-2019 03:30 AM

Hi @idwilliams ,

Thanks for the reply.

My concern is more if the grants/scopes should be set in the Azure AD Graph format:

enterpriseApplicationId: 00000002-0000-0000-c000-000000000000, scope:Domain.ReadWrite.All,User.ReadWrite.All,Directory.Read.All

Or in the ARM format:

enterpriseApplicationId: 797f4846-ba00-4fd7-ba43-dac1f8f63013, scope:user_impersonation

I am more inclined to try it in the Azure AD Graph format, and personally never had before seen the "user_impersonation" scope.

If you can clarify this, it will sure help.

I will also test this, as soon as I can.

Thank you

0 Kudos
idwilliams
Moderator
‎02-18-2019 02:49 PM
Moderator
In response to Maps
‎02-18-2019 02:49 PM

Hi @Maps

Currently the scopes are limited to what you see in the samples today. In the coming days our engineering teams will be allowing additional scopes. You can find a complete list of scopes required for each operation that Microsoft Graph supports in the documentation. At the top of each article you will find a permissions section, which includes the required permissions (from least to most privileged). You can find a sample of this at https://docs.microsoft.com/en-us/graph/api/user-list. 

With respect to the user_impersonation scope, that actually maps to the Access Azure Service Management as organization users (preview) permission. This the only permission available for the Windows Azure Service Management API. Please note that only delegated permissions are supported with the new CPV model. So, you want to ensure you are using the appropriate scopes. 

0 Kudos
nhacaisovn
‎02-18-2019 06:38 PM
Visitor 1
In response to idwilliams
‎02-18-2019 06:38 PM

like

0 Kudos
yfarmaz
Level 1 Contributor
‎02-15-2019 01:53 PM
Level 1 Contributor
‎02-15-2019 01:53 PM

Hey @Maps   I just joined and wanted to see if Microsoft responded to your message.  Since this app is new and MS is directing us to this for future, I wanted to gage the responsiveness.

For sure interested in graph api and currently using partner center api.  Have you completed your CPV?  We are developing app and see the CPV route making sense.  We are an indirect CSP provider as well.  Not sure if we should get a new tenant or keep our existing for Partner Center.

0 Kudos
Maps
Level 1 Contributor
‎02-18-2019 03:35 AM
Level 1 Contributor
In response to yfarmaz
‎02-18-2019 03:35 AM

Hi @yfarmaz ,

@idwilliams, replied to my message (see below).

Yes, we have completed our CPV, and for the Azure AD Graph and the ARM Api's, the consents work with no issues.

Would like the API to have at least one more method, to get the existent application consents, and I have already shared this feedback with Microsoft on Yammer.

Thank you

0 Kudos
Follow Us
    Share