We are trying to use SonarCloud with AzureDevOps; as part of the onboarding, it registers the app with our Azure AD. Our Azure AD tenant does not allow a user to self-register apps. It needs to be approved by the Azure AD admin.
Our admins want to confirm what data we need to grant access from Azure AD under the following items before approving the app.
- Maintain access to data you have given it access to
Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.
This is a permission requested to access your data in XXXXXX.
- Sign in and read user profile
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
This is a permission requested to access your data in XXXXXX
I am unable to find that information in the documentation. Can someone help ?
Welcome to the community!
This one should be enough. Let me know if you have any other questions!
Thanks for taking the time to respond. Unfortunately, your answer is not clear to me. Are you saying that SonarCloud only needs access to read the profile information for the user who tries to log in?
I do not think we have an option to select one over the other. Azure AD registration prompts us to approve both. I have attached a screenshot for your reference.
Sorry for the confusion. It seems I was mistaken. Both of them are required. Although only one is actually permission, the other one defines when you can access the permissions given.
“Mantain access to data you have given it access to” does not give any additional permissions, just allows the Sonarcloud app to read the profile information even when not using the app. This is required for the SSO (single sign on) to work and to refresh the token, so we do not have to prompt the users every time the token is expired.
Thank you, that answers the question.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.