Hello @NavasMiguel-4566,
Thank you for posting your query on Microsoft Q&A.
Based on your description, I understand that you’re trying to add external users to your directory so you can grant them access to Azure Synapse databases.
From your current setup, I see that only Directory.Read.All
, User.Read
, and User.ReadBasic.All
permissions have been granted for the application API. However, I’d like to highlight that permissions from the Azure AD Graph API are no longer applicable in Entra ID, as Azure AD Graph has been fully deprecated.
End of Support for Azure AD Graph
Microsoft now recommends removing Azure AD Graph permissions and exclusively using Microsoft Graph permissions. To create external users in your directory, your application should have the Directory.ReadWrite.All
permission in Microsoft Graph. This permission allows the application to both read and write data in the directory.
If your process involves creating external users through a user context, assign the Delegated Directory.ReadWrite.All
permission. If creating users through an application, add the Application permission for Directory.ReadWrite.All
in Microsoft Graph. Here’s how to do it:
- Sign in to the Azure Portal.
- Go to Microsoft Entra ID > App Registrations.
- Select your application, then navigate to API Permissions.
- Click on Add a Permission, select Microsoft Graph.
- Choose either Delegated or Application permissions, search for
Directory.ReadWrite.All
, and add it. - After adding, click Grant admin consent.
Once you’ve completed these steps, please perform a test to verify if the changes allow for the expected behavior. If the issue persists, please provide additional details on the exact steps you’re following. This will help in diagnosing any potential misconfigurations or permissions issues and in offering more targeted guidance.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Thanks,
Raja Pothuraju.