Azure Active Directory Management (Read/Write to Azure Active Directory)

Microsoft Azure Active Directory is now Microsoft Entra ID

When you integrate Nintex Automation with SharePoint Online, you must consent permissions to the K2 for Office 365 app. In addition to SharePoint Online permissions, this app also requests read-only permissions to your Azure Active Directory (Azure Active Directory). This permission, along with the SharePoint requested permissions, allows solutions to read data from Azure Active Directory and read and write data to SharePoint Online. If you need to build solutions that write data to Azure Active Directory, you must consent the write permission using the Azure Active Directory Management for K2 app. Use this topic to reconfigure your existing Azure Active Directory service instance and consent to the Azure Active Directory Management for K2 app requested read and write permissions.

The screenshots and instructions for third-party software are accurate at the time of writing. Third-party vendors may have changed or updated aspects of their systems (such as user interfaces, functionality, and security). As a result, this content may be outdated.
  1. Confirm the AADMGMT OAuth resource exists
  2. Rebind the Azure Active Directory service instance to use the AADMGMT OAuth resource
  3. Consent to the Azure Active Directory Management for K2 app in your Azure Active Directory tenant

Background

When the Azure Active Directory service instance is configured against the K2 for Office 365 app, all SmartObject methods are exposed even though the underlying OAuth tokens and app do not expose Azure Active Directory editing permissions by default. This means that it is possible to build a solution that attempts to use these edit methods, but those calls fail. Below is an example of the error received if you use an Azure Active Directory-based SmartObject method that attempts to write data. In this example, the Update method of the User SmartObject is called. Notice in the error the message "Insufficient privileges to complete the operation."