No internet connection
  1. Home
  2. General

ThinkAutomation Graph Groups - Permissions and Usage

Concerns have been raised by one of our ThinkAutomation v4 customers around the permissions required by ThinkAutomation when configuring Modern Authentication.

As this also applies and relates to ThinkAutomation Studio, I thought it best to create a post here to gather the necessary information together around this, in case any other system administrators share similar concerns, or simply want more insight.

The complete list of Microsoft Graph permissions that are required is below, although there are only three (has a ‘yes’ at the end for ‘Admin Consent Required’) that require an admin to consent for the organisation:

The main concerns raised by this customer's system administrator are the following:

The administrator is apprehensive about allowing an application full permission to read and write to all groups:

And in addition, the fact that the application requires access to be maintained, even when the application isn't "active" or otherwise in use:

As it is unlikely that either of these requirements can be changed, I have created this post in order that we may get further information from our developers on the reasons for the above, in order that any apprehension or concerns may be allayed.

You're more than welcome to comment on this post with any further questions or queries regarding Modern Authentication or the ThinkAutomation Graph Groups application.

  • 1 replies
  1. L
    Liam @liam
      2022-01-14 14:15:36.884Z

      these permissions are found in
      Azure -> Azure Active Directory => App Registrations => ThinkAutomation app (its the one with the logo) => API Permissions