Microsoft Entra ID spoke - revoke User signin session action permission
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
We are hoping to add the step in our compromised account remediation workflow to revoke user's active signin sessions, however one of the permissions that the documentation says is required for this action (Directory.ReadWrite.All) is not something our Domain/Entra admins are comfortable with turning over to an always active service account. Has anyone else may have used the Entra spoke and the revoke session action and played around with reducing the graph permissions and had any success, and if so could you share what you used.
Thanks,
Jeff
- Labels:
-
Flow Designer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
We are currently fetching the data using the Entra Spoke, and it is working as expected.
If possible, try generating the token without the Write role and test the integration again.
We encountered a similar situation with another integration where the third-party vendor was unwilling to grant certain permissions because they considered them too broad and were concerned that ServiceNow could potentially manage or modify their environment.
When we raised the issue with ServiceNow support, they clearly stated that if the permissions documented in the official implementation guide were not provided, they would be unable to offer support for the integration.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
