Provides a delegated permission scope for other Azure Active Directory activities. Activities executed using a delegated scope are always executed on behalf of an authenticated user.
- DisplayName - The display name of the activity.
- ClientId - Establishes the client (application) ID. This field supports only strings and
- TenantId - Establishes the directory (tenant) ID. This field supports only strings and
- Password - Specifies the password for the provided username. This field supports only
- Username - Specifies the username for the Azure Active Directory tenant you want to connect to.
- Private - If selected, the values of variables and arguments are no longer logged at Verbose level.
Azure Active Directory can be accessed through Microsoft Graph which has two types of permissions, Delegated permissions and Application permissions.
- Delegated permissions are used by apps that are requiring the user to be signed in and to consent to all permissions needed in order to initiate a call to Microsoft Graph. Higher-privileged permissions require administrator consent.
Activities using Azure AD Delegated Scope are always executed on behalf of an authenticated user, while activities using Azure AD Application Scope are executed on behalf of an application.
The least privileged permissions are the ones intersecting the delegated permissions granted by the app and the ones passed by the user to the delegated scope. Here are more information about this subject.
Updated 4 months ago