All Collections
Integrations and Plugins
Active Directory
Grant consent to setup Sine AD Sync plugin
Grant consent to setup Sine AD Sync plugin

This article describes the process of granting consent required when setting up Sine Active Directory Sync plugin.

Liz Harper avatar
Written by Liz Harper
Updated over a week ago

On this page:

Grant consent

Consent is the process of a user granting authorisation to an application to access protected resources. In our case, Sine requires access to read the various user profiles created in Microsoft Azure Active Directory (AAD).

This section of the article will help you understand more about the consent requested during the setup process and its related workflows.

See Also: Setup Sine Active Directory plugin

How is consent granted?

Consent to access Microsoft AAD is requested during the setup of the Sine Active Directory plugin. The administrator (during setup) is presented with a consent prompt. An example of the consent prompt is as follows.

What permissions are requested by Sine?

Sine requires the following permissions:

  • Maintain access to data you have given it access to – This is required to synchronise Sine Host groups with Microsoft AAD data without requiring your intervention

  • Read group members – This is required to read a list of your Microsoft AAD groups and their members

  • Read all user’s full profiles – This is required to read the information from each user to synchronise their Microsoft AAD account with their Sine Host Profile.

Who can provide consent?

Sine requires a user with Microsoft Azure Active Directory (AAD) Administrator privileges to provide consent , during Sine Active Directory setup. Consider the following scenarios:

Sine Team Administrator is a Microsoft AAD administrator

When configuring the Sine Active Directory Sync plugin, you may see the following consent prompt.

Named sections of the consent prompt are as follows:

A - Sine requires permission to request access to the specific data. Details of each data item can be viewed by selecting the drop down arrow.

B - The AAD administrator consents Sine to access necessary data (described in “A”) on behalf of all AAD users (including you) in your organisation.

Note: If this option is enabled, any future re-configurations of the (existing) Sine Active Directory plugin or configuration of a new Sine Active Directory plugin by any other user for the same organisation will not require further consent.

However, if not selected, any other user attempting to (re)configure the plugin for the same organisation will need to follow the same permission flow.

Consider carefully before selecting.

C - This means you as the AAD administrator grant Sine to access data (described in A).

Sine Team administrator is a non-admin Microsoft AAD user

When configuring the Sine Active Directory Sync plugin, you will see the following consent prompt.

If this occurs, the Microsoft AAD administrator will need to be provided with a link, to grant access to Microsoft AAD related data.

https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=03f046b3-91c1-4c18-91b4-66f1c2e48a22&scope=GroupMember.Read.All User.Read.All

During the process, the AAD admin will see the following consent prompt.

Named sections of the consent prompt are as follows:

A: Sine requires permission to request access to the specific data. Details of each data item can be viewed by selecting the drop down arrow.

B: This means you as the AAD administrator grant Sine to access data (described in A).

Note: Providing permission using the link grants permissions for the entire organisation

Did this answer your question?