Microsoft Office 365 Integrations - Privileges and Roles
Hello good afternoon Netskope community.
A doubt, to make SCIM integration with AzureAD for Users/Groups privisioning, with an Azure-AD user having the Application Administrator Role, he can manage enterprise applications for example SCIM and SSO usage for UI administration.
Now I can't find the exact role, privilege and/or permissions or permissions that are required for an account to integrate with Onedrive, with Outlook, with Sharepoint, via API to be able to use API protection It speaks of "Global Administrator", please can you confirm me exactly the granular role that allows an account to perform this type of integration between Netskope and Office 365, I already tried with the same Role Application Administrator and does not allow me.
"In particular, the global admin is the only user that can delegate access for application-level permission (as opposed to user level permissions). You can find additional Microsoft documentation on how all these work here. Furthermore, global admin credential is required for Graph and Office 365 Management APIs. Post-grant, Netskope is independent of the granting account for policy processing."
However, you can downgrade this administrative user following the grant depending on what you have enabled. Information on this can be found at:
@MetgatzNK apologies for the delay. Your understanding is correct. You do not need a Global Administrator for the SCIM integration as it leverages an OAUTH integration via a Netskope endpoint and a token. A Global Administrator is required when granting access to Office365 for API-based protection.
Sam Shiflett Netskope Solution Architect - North America