Azure permissions
Overview
To use Team Edition with Azure, you need to configure certain permissions in Microsoft Entra ID. These permissions are required for specific actions, like logging in, browsing resources, or provisioning users.
Info
Learn more about permissions in the official Entra documentation.
Required permissions
| Action | Permission | Description |
|---|---|---|
| Login | No additional permissions required | Allows users to authenticate in Team Edition. |
| Cloud Explorer | Azure Service Management (user_impersonation) |
Grants access to retrieve a list of available user resources using the https://management.azure.com//.default scope. |
| Database authentication - Azure SQL, MySQL | Azure SQL Database (user_impersonation) |
Enables database authentication (Azure SQL, MySQL) using the https://database.windows.net//.default scope. |
| Database authentication - PostgreSQL, MySQL | Azure OSSRDBMS Database (user_impersonation) |
Enables database authentication (PostgreSQL, MySQL) using the https://ossrdbms-aad.database.windows.net/.default scope. |
| User provisioning | User.ReadBasic.All or User.Read.All |
Allows importing users from Azure AD. |
| User provisioning - license role mapping by groups | Group.Read.All |
Grants access to retrieve a list of groups and automatically assign roles to users during provisioning. |
| Auto-assigned user teams | No additional permissions required, but groups claim must be included in the access or ID token. |
Automatically assigns users to teams based on their Azure AD group memberships. |