Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Microsoft Entra ID (formerly Azure AD) - Microsoft Graph API permission
General
All permission need to grant admin consent and should be added as Application Permission. The Delegated Permission will not work. It needs to be Application Permission for User Sync to work. This is related to the client credential flow that we’re using:
When authenticating as an application (as opposed to with a user), you can’t use delegated permissions - scopes that are granted by a user. You must use application permissions, also known as roles, that are granted by an admin for the application or via pre-authorization by the web API.
Is there a working alternative to Directory.Read.All (MS Graph API Permission)?
Yes, the minimum requirement to make User Sync work is Group.Read.All and User.Read.All. Please keep in mind, the suggested setup in the setup guides ensures that all features and future additions to User Sync will work without customers having to change their Entra ID configuration.
Can I use GroupMember.Read.All instead of Group.Read.All?
Instead of Group.Read.All we have customers, who are using GroupMember.Read.All. Based on the Microsoft documentation, there is the following difference between both (Application Permission)
Group.Read.All | GroupMember.Read.All |
|---|---|
| Allows the app to read group properties and memberships, and read conversations for all groups, without a signed-in user. | Allows the app to read memberships and basic group properties for all groups without a signed-in user. |
Can I use User.ReadBasic.All instead of User.Read.All?
While the permission User.ReadBasic.All (as opposed to User.Read.All) will also work, it only permits access to limited profile information, such as the user's display name and email address. Unfortunately, it does not include details like phone numbers, department, or manager, which means the customer would be unable to utilize this information.
How can I sync Groups with the attribute HiddenGroupMembership enabled?
Please add the application permission (Member.Read.Hidden) to your (User Sync) app registration in Entra ID (and grant admin consent). The permission will help to sync those groups and also to fetch the members.
Knowing Limitations
Profile Picture will only work if the permission is set to
Directory.Read.AllandUser.Read.All.