13,721 questions
Group membership is returned as part of the token, so you might simply check that. If you do need a separate call, use the /me/memberOf endpoint, or the /me/transitivememberof one.
Access Membership Graph API, but need admin consent
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 20%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPL%3C/text%3E%3C/svg%3E)
Ping Li
1
Reputation point Microsoft Employee
I have a web app, wants to check if the logged-in user belongs to a group so that I can control the permission of the group and users for my web app.
Checked Graph API has https://learn.microsoft.com/en-us/graph/api/group-getmembergroups?view=graph-rest-1.0&tabs=http. I think it meets my requirement.
However the api needs permission: GroupMember.Read.All, Group.Read.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All. 
When I configured the permission in AAD, it tells all these permission needs Admin Consent, but I can't grant.
So how can we get admin consent granted. If this API is not proper way to check membership, is there any other way to implement such senario?
Many thanks,
Ping
Microsoft Security Microsoft Graph
1 answer
Sort by: Most helpful
-
Vasil Michev 119.5K Reputation points MVP Volunteer Moderator2021-05-21T10:30:45.657+00:00